Merge pull request #6545 from davidhorstmann-arm/2.28-fix-unusual-macros-0-followup
Refactor/tidy after fixing unusual macros
diff --git a/ChangeLog.d/fix_x509_info_hwmodulename.txt b/ChangeLog.d/fix_x509_info_hwmodulename.txt
new file mode 100644
index 0000000..8b227ce
--- /dev/null
+++ b/ChangeLog.d/fix_x509_info_hwmodulename.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
+ bytes when parsing certificates containing a binary RFC 4108
+ HardwareModuleName as a Subject Alternative Name extension. Hardware
+ serial numbers are now rendered in hex format. Fixes #6262.
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index f209490..60c1ce2 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -761,11 +761,11 @@
*
* \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the
- * quotient is not needed.
+ * quotient is not needed. This must not alias A or B.
* \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the
- * remainder is not needed.
- * \param A The dividend. This must point to an initialized MPi.
+ * remainder is not needed. This must not alias A or B.
+ * \param A The dividend. This must point to an initialized MPI.
* \param B The divisor. This must point to an initialized MPI.
*
* \return \c 0 if successful.
@@ -782,10 +782,10 @@
*
* \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the
- * quotient is not needed.
+ * quotient is not needed. This must not alias A.
* \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the
- * remainder is not needed.
+ * remainder is not needed. This must not alias A.
* \param A The dividend. This must point to an initialized MPi.
* \param b The divisor.
*
@@ -840,6 +840,7 @@
* \brief Perform a sliding-window exponentiation: X = A^E mod N
*
* \param X The destination MPI. This must point to an initialized MPI.
+ * This must not alias E or N.
* \param A The base of the exponentiation.
* This must point to an initialized MPI.
* \param E The exponent MPI. This must point to an initialized MPI.
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 815af7b..2af58a4 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1884,8 +1884,7 @@
if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
- "or mbedtls_ssl_set_bio()" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -2100,8 +2099,7 @@
if( ssl->f_send == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
- "or mbedtls_ssl_set_bio()" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
diff --git a/library/x509_crt.c b/library/x509_crt.c
index c7ee5c1..def1414 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1780,6 +1780,7 @@
const char *prefix )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t i;
size_t n = *size;
char *p = *buf;
const mbedtls_x509_sequence *cur = subject_alt_name;
@@ -1832,18 +1833,11 @@
ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
- if( other_name->value.hardware_module_name.val.len >= n )
+ for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
{
- *p = '\0';
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
+ ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
+ MBEDTLS_X509_SAFE_SNPRINTF;
}
-
- memcpy( p, other_name->value.hardware_module_name.val.p,
- other_name->value.hardware_module_name.val.len );
- p += other_name->value.hardware_module_name.val.len;
-
- n -= other_name->value.hardware_module_name.val.len;
-
}/* MBEDTLS_OID_ON_HW_MODULE_NAME */
}
break;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 30ecf68..5efd147 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -375,6 +375,8 @@
" a second non-empty message before attempting\n" \
" to read a response from the server\n" \
" debug_level=%%d default: 0 (disabled)\n" \
+ " build_version=%%d default: none (disabled)\n" \
+ " option: 1 (print build version only and stop)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
" event=%%d default: 0 (loop)\n" \
@@ -901,6 +903,16 @@
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
+ else if( strcmp( p, "build_version" ) == 0 )
+ {
+ if( strcmp( q, "1" ) == 0 )
+ {
+ mbedtls_printf( "build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL,
+ MBEDTLS_VERSION_NUMBER );
+ goto exit;
+ }
+ }
else if( strcmp( p, "context_crt_cb" ) == 0 )
{
opt.context_crt_cb = atoi( q );
@@ -1531,6 +1543,9 @@
}
#endif /* MBEDTLS_SSL_ALPN */
+ mbedtls_printf( "build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
+
/*
* 0. Initialize the RNG and the session data
*/
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 283216b..1f0ac55 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -466,6 +466,8 @@
" server_addr=%%s default: (all interfaces)\n" \
" server_port=%%d default: 4433\n" \
" debug_level=%%d default: 0 (disabled)\n" \
+ " build_version=%%d default: none (disabled)\n" \
+ " option: 1 (print build version only and stop)\n" \
" buffer_size=%%d default: 200 \n" \
" (minimum: 1, max: 16385)\n" \
" response_size=%%d default: about 152 (basic response)\n" \
@@ -1588,6 +1590,16 @@
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
+ else if( strcmp( p, "build_version" ) == 0 )
+ {
+ if( strcmp( q, "1" ) == 0 )
+ {
+ mbedtls_printf( "build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL,
+ MBEDTLS_VERSION_NUMBER );
+ goto exit;
+ }
+ }
else if( strcmp( p, "nbio" ) == 0 )
{
opt.nbio = atoi( q );
@@ -2335,6 +2347,9 @@
}
#endif /* MBEDTLS_SSL_ALPN */
+ mbedtls_printf( "build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
+
/*
* 0. Initialize the RNG and the session data
*/
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index e58e2da..e02cf0a 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -20,6 +20,8 @@
#ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
#define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
+#include "mbedtls/version.h"
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 49db4ca..94995ba 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -276,6 +276,9 @@
server5-othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
+server5-nonprintable_othername.crt: server5.key
+ $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
+
server5-unsupported_othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
diff --git a/tests/data_files/server5-nonprintable_othername.crt b/tests/data_files/server5-nonprintable_othername.crt
new file mode 100644
index 0000000..9470bbe
--- /dev/null
+++ b/tests/data_files/server5-nonprintable_othername.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBwTCCAWagAwIBAgIBTTAKBggqhkjOPQQDAjBPMQswCQYDVQQGEwJVSzERMA8G
+A1UECgwITWJlZCBUTFMxLTArBgNVBAMMJE1iZWQgVExTIG5vbi1wcmludGFibGUg
+b3RoZXJuYW1lIFNBTjAeFw0yMjA5MDYxNTU2NDdaFw0zMjA5MDMxNTU2NDdaME8x
+CzAJBgNVBAYTAlVLMREwDwYDVQQKDAhNYmVkIFRMUzEtMCsGA1UEAwwkTWJlZCBU
+TFMgbm9uLXByaW50YWJsZSBvdGhlcm5hbWUgU0FOMFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/
+6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MzMDEwLwYDVR0RBCgwJqAkBggrBgEF
+BQcIBKAYMBYGBysGAQQBEQMECzEyM4CBAIGAMzIxMAoGCCqGSM49BAMCA0kAMEYC
+IQDATir07PTj5gtf+HAyI+nd27AH9+bdaWdOI2t2bAwUWgIhAO7kvdcsa++yfJdT
+3vnWdvcHRIAdXA0kh+mcBMaXk9B0
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index 64347de..3bb2379 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -15,6 +15,9 @@
[othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
+[nonprintable_othername_san]
+subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
+
[unsupoported_othername_san]
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
@@ -34,6 +37,10 @@
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456
+[nonprintable_hw_module_name]
+hwtype = OID:1.3.6.1.4.1.17.3
+hwserial = FORMAT:HEX, OCT:3132338081008180333231
+
[v3_any_policy_ca]
basicConstraints = CA:true
certificatePolicies = 2.5.29.32.0
diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh
index 7c9f432..a640b56 100755
--- a/tests/scripts/generate-afl-tests.sh
+++ b/tests/scripts/generate-afl-tests.sh
@@ -6,7 +6,7 @@
#
# Usage: generate-afl-tests.sh <test data file path>
# <test data file path> - should be the path to one of the test suite files
-# such as 'test_suite_mpi.data'
+# such as 'test_suite_rsa.data'
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py
index 091630d..5cb7997 100755
--- a/tests/scripts/generate_bignum_tests.py
+++ b/tests/scripts/generate_bignum_tests.py
@@ -85,8 +85,8 @@
class BignumTarget(test_data_generation.BaseTarget, metaclass=ABCMeta):
#pylint: disable=abstract-method
- """Target for bignum (mpi) test case generation."""
- target_basename = 'test_suite_mpi.generated'
+ """Target for bignum (legacy) test case generation."""
+ target_basename = 'test_suite_bignum.generated'
class BignumOperation(BignumTarget, metaclass=ABCMeta):
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index f5750aa..938f24c 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -126,33 +126,39 @@
This script replaces following fields in the template and generates
the test source file:
-$test_common_helpers <-- All common code from helpers.function
- is substituted here.
-$functions_code <-- Test functions are substituted here
- from the input test_suit_xyz.function
- file. C preprocessor checks are generated
- for the build dependencies specified
- in the input file. This script also
- generates wrappers for the test
- functions with code to expand the
- string parameters read from the data
- file.
-$expression_code <-- This script enumerates the
- expressions in the .data file and
- generates code to handle enumerated
- expression Ids and return the values.
-$dep_check_code <-- This script enumerates all
- build dependencies and generate
- code to handle enumerated build
- dependency Id and return status: if
- the dependency is defined or not.
-$dispatch_code <-- This script enumerates the functions
- specified in the input test data file
- and generates the initializer for the
- function table in the template
- file.
-$platform_code <-- Platform specific setup and test
- dispatch code.
+__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
+ All common code from helpers.function
+ is substituted here.
+__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
+ Test functions are substituted here
+ from the input test_suit_xyz.function
+ file. C preprocessor checks are generated
+ for the build dependencies specified
+ in the input file. This script also
+ generates wrappers for the test
+ functions with code to expand the
+ string parameters read from the data
+ file.
+__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
+ This script enumerates the
+ expressions in the .data file and
+ generates code to handle enumerated
+ expression Ids and return the values.
+__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
+ This script enumerates all
+ build dependencies and generate
+ code to handle enumerated build
+ dependency Id and return status: if
+ the dependency is defined or not.
+__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
+ This script enumerates the functions
+ specified in the input test data file
+ and generates the initializer for the
+ function table in the template
+ file.
+__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
+ Platform specific setup and test
+ dispatch code.
"""
@@ -974,11 +980,27 @@
:param snippets: Generated and code snippets
:return:
"""
+
+ # Create a placeholder pattern with the correct named capture groups
+ # to override the default provided with Template.
+ # Match nothing (no way of escaping placeholders).
+ escaped = "(?P<escaped>(?!))"
+ # Match the "__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER_NAME" pattern.
+ named = "__MBEDTLS_TEST_TEMPLATE__(?P<named>[A-Z][_A-Z0-9]*)"
+ # Match nothing (no braced placeholder syntax).
+ braced = "(?P<braced>(?!))"
+ # If not already matched, a "__MBEDTLS_TEST_TEMPLATE__" prefix is invalid.
+ invalid = "(?P<invalid>__MBEDTLS_TEST_TEMPLATE__)"
+ placeholder_pattern = re.compile("|".join([escaped, named, braced, invalid]))
+
with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
for line_no, line in enumerate(template_f.readlines(), 1):
# Update line number. +1 as #line directive sets next line number
snippets['line_no'] = line_no + 1
- code = string.Template(line).substitute(**snippets)
+ template = string.Template(line)
+ template.pattern = placeholder_pattern
+ snippets = {k.upper():v for (k, v) in snippets.items()}
+ code = template.substitute(**snippets)
c_f.write(code)
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 22eadd1..8a5bb93 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -50,11 +50,13 @@
'verbose|v:1' => \$verbose,
) or die;
-# All test suites = executable files, excluding source files, debug
-# and profiling information, etc. We can't just grep {! /\./} because
-# some of our test cases' base names contain a dot.
-my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*';
-@suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites;
+# All test suites = executable files derived from a .data file.
+my @suites = ();
+for my $data_file (glob 'suites/test_suite_*.data') {
+ (my $base = $data_file) =~ s#^suites/(.*)\.data$#$1#;
+ push @suites, $base if -x $base;
+ push @suites, "$base.exe" if -e "$base.exe";
+}
die "$0: no test suite found\n" unless @suites;
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index ac00f45..65c7083 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -3,17 +3,17 @@
* *** THIS FILE HAS BEEN MACHINE GENERATED ***
*
* This file has been machine generated using the script:
- * $generator_script
+ * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
- * Test file : $test_file
+ * Test file : __MBEDTLS_TEST_TEMPLATE__TEST_FILE
*
* The following files were used to create this file.
*
- * Main code file : $test_main_file
- * Platform code file : $test_platform_file
- * Helper file : $test_common_helper_file
- * Test suite file : $test_case_file
- * Test suite data : $test_case_data_file
+ * Main code file : __MBEDTLS_TEST_TEMPLATE__TEST_MAIN_FILE
+ * Platform code file : __MBEDTLS_TEST_TEMPLATE__TEST_PLATFORM_FILE
+ * Helper file : __MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPER_FILE
+ * Test suite file : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_FILE
+ * Test suite data : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_DATA_FILE
*
*/
@@ -49,9 +49,9 @@
/*----------------------------------------------------------------------------*/
/* Common helper code */
-$test_common_helpers
+__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
-#line $line_no "suites/main_test.function"
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
@@ -60,9 +60,9 @@
#define TEST_SUITE_ACTIVE
-$functions_code
+__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
-#line $line_no "suites/main_test.function"
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
@@ -74,7 +74,7 @@
* For optimizing space for embedded targets each expression/macro
* is identified by a unique identifier instead of string literals.
* Identifiers and evaluation code is generated by script:
- * $generator_script
+ * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
* \param exp_id Expression identifier.
* \param out_value Pointer to int to hold the integer.
@@ -90,8 +90,8 @@
switch( exp_id )
{
-$expression_code
-#line $line_no "suites/main_test.function"
+__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default:
{
ret = KEY_VALUE_MAPPING_NOT_FOUND;
@@ -107,7 +107,7 @@
* For optimizing space for embedded targets each dependency
* is identified by a unique identifier instead of string literals.
* Identifiers and check code is generated by script:
- * $generator_script
+ * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
* \param dep_id Dependency identifier.
*
@@ -121,8 +121,8 @@
switch( dep_id )
{
-$dep_check_code
-#line $line_no "suites/main_test.function"
+__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default:
break;
}
@@ -149,13 +149,13 @@
/**
* \brief Table of test function wrappers. Used by dispatch_test().
* This table is populated by script:
- * $generator_script
+ * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
*/
TestWrapper_t test_funcs[] =
{
-$dispatch_code
-#line $line_no "suites/main_test.function"
+__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
};
/**
@@ -265,9 +265,9 @@
}
-$platform_code
+__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
-#line $line_no "suites/main_test.function"
+#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
/* Main Test code */
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_bignum.function
similarity index 100%
rename from tests/suites/test_suite_mpi.function
rename to tests/suites/test_suite_bignum.function
diff --git a/tests/suites/test_suite_mpi.generated.data b/tests/suites/test_suite_bignum.generated.data
similarity index 100%
rename from tests/suites/test_suite_mpi.generated.data
rename to tests/suites/test_suite_bignum.generated.data
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_bignum.misc.data
similarity index 100%
rename from tests/suites/test_suite_mpi.data
rename to tests/suites/test_suite_bignum.misc.data
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 6ae39ff..2f08e5b 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -96,7 +96,11 @@
X509 CRT information EC, SHA256 Digest, hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n"
+x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
+
+X509 CRT information EC, SHA256 Digest, binary hardware module name SAN
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
X509 CRT information EC, SHA256 Digest, Wisun Fan device
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
@@ -120,7 +124,7 @@
X509 CRT information, Multiple different Subject Alt Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n dNSName \: example.net\n dNSName \: *.example.org\n"
+x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Subject Alt Name + Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
@@ -184,7 +188,11 @@
X509 SAN parsing otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n"
+x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
+
+X509 SAN parsing binary otherName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n"
X509 SAN parsing dNSName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
@@ -192,7 +200,7 @@
X509 SAN parsing Multiple different types
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
+x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
X509 SAN parsing, no subject alt name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 5828c3b..ba5c860 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -243,36 +243,30 @@
switch( san->type )
{
- case( MBEDTLS_X509_SAN_OTHER_NAME ):
- ret = mbedtls_snprintf( p, n, "\notherName :");
- MBEDTLS_X509_SAFE_SNPRINTF;
+ case( MBEDTLS_X509_SAN_OTHER_NAME ):
+ ret = mbedtls_snprintf( p, n, "\notherName :");
+ MBEDTLS_X509_SAFE_SNPRINTF;
- if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
- &san->san.other_name.value.hardware_module_name.oid ) != 0 )
- {
- ret = mbedtls_snprintf( p, n, " hardware module name :" );
- MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, " hardware type : " );
- MBEDTLS_X509_SAFE_SNPRINTF;
+ if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
+ &san->san.other_name.value.hardware_module_name.oid ) != 0 )
+ {
+ ret = mbedtls_snprintf( p, n, " hardware module name :" );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_snprintf( p, n, " hardware type : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_oid_get_numeric_string( p, n,
- &san->san.other_name.value.hardware_module_name.oid );
- MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_oid_get_numeric_string( p, n,
+ &san->san.other_name.value.hardware_module_name.oid );
+ MBEDTLS_X509_SAFE_SNPRINTF;
- ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
- MBEDTLS_X509_SAFE_SNPRINTF;
+ ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
+ MBEDTLS_X509_SAFE_SNPRINTF;
- if( san->san.other_name.value.hardware_module_name.val.len >= n )
- {
- *p = '\0';
- return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
- }
-
- for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
- {
- *p++ = san->san.other_name.value.hardware_module_name.val.p[i];
- }
- n -= san->san.other_name.value.hardware_module_name.val.len;
+ for( i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
+ {
+ ret = mbedtls_snprintf( p, n, "%02X", san->san.other_name.value.hardware_module_name.val.p[i] );
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ }
}
break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
case( MBEDTLS_X509_SAN_DNS_NAME ):