Merge pull request #8195 from daverodgman/improve_sslmsg
Improve use of ct interface in mbedtls_ssl_decrypt_buf
diff --git a/3rdparty/everest/include/everest/vs2013/inttypes.h b/3rdparty/everest/include/everest/vs2013/inttypes.h
index d53f87f..77003be 100644
--- a/3rdparty/everest/include/everest/vs2013/inttypes.h
+++ b/3rdparty/everest/include/everest/vs2013/inttypes.h
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _INTTYPES_H_VS2010
diff --git a/3rdparty/everest/include/everest/vs2013/stdbool.h b/3rdparty/everest/include/everest/vs2013/stdbool.h
index 5b7039c..dcae6d8 100644
--- a/3rdparty/everest/include/everest/vs2013/stdbool.h
+++ b/3rdparty/everest/include/everest/vs2013/stdbool.h
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _STDBOOL_H_VS2010
diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h
index 7a973dc..ef314d2 100644
--- a/3rdparty/everest/include/everest/x25519.h
+++ b/3rdparty/everest/include/everest/x25519.h
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_X25519_H
diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c
index 957294f..a778160 100644
--- a/3rdparty/everest/library/Hacl_Curve25519_joined.c
+++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _BSD_SOURCE
/* Required to get htole64() from gcc/glibc's endian.h (older systems)
diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c
index 9faa9ab..83064dc 100644
--- a/3rdparty/everest/library/x25519.c
+++ b/3rdparty/everest/library/x25519.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#include "common.h"
diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h
index 18c677a..9522ced 100644
--- a/3rdparty/p256-m/p256-m_driver_entrypoints.h
+++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h
@@ -31,7 +31,7 @@
/** Generate SECP256R1 ECC Key Pair.
* Interface function which calls the p256-m key generation function and
- * places it in the key buffer provided by the caller (mbed TLS) in the
+ * places it in the key buffer provided by the caller (Mbed TLS) in the
* correct format. For a SECP256R1 curve this is the 32 bit private key.
*
* \param[in] attributes The attributes of the key to use for the
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4d7e0b0..1216c72 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,14 +34,14 @@
cmake_policy(SET CMP0012 NEW)
if(TEST_CPP)
- project("mbed TLS" LANGUAGES C CXX)
+ project("Mbed TLS" LANGUAGES C CXX)
else()
- project("mbed TLS" LANGUAGES C)
+ project("Mbed TLS" LANGUAGES C)
endif()
include(GNUInstallDirs)
-# Determine if mbed TLS is being built as a subproject using add_subdirectory()
+# Determine if Mbed TLS is being built as a subproject using add_subdirectory()
if(NOT DEFINED MBEDTLS_AS_SUBPROJECT)
set(MBEDTLS_AS_SUBPROJECT ON)
if(CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR)
@@ -52,7 +52,7 @@
# Set the project root directory.
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
-option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
+option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
@@ -71,9 +71,9 @@
# the test suites currently have compile errors with MSVC
if(CMAKE_COMPILER_IS_MSVC)
- option(ENABLE_TESTING "Build mbed TLS tests." OFF)
+ option(ENABLE_TESTING "Build Mbed TLS tests." OFF)
else()
- option(ENABLE_TESTING "Build mbed TLS tests." ON)
+ option(ENABLE_TESTING "Build Mbed TLS tests." ON)
endif()
# Warning string - created as a list for compatibility with CMake 2.8
diff --git a/ChangeLog.d/extend-distinguished-names.txt b/ChangeLog.d/extend-distinguished-names.txt
new file mode 100644
index 0000000..b148424
--- /dev/null
+++ b/ChangeLog.d/extend-distinguished-names.txt
@@ -0,0 +1,3 @@
+Features
+ * Accept arbitrary AttributeType and AttributeValue in certificate
+ Distinguished Names using RFC 4514 syntax.
diff --git a/DartConfiguration.tcl b/DartConfiguration.tcl
index dfa0f07..af0578a 100644
--- a/DartConfiguration.tcl
+++ b/DartConfiguration.tcl
@@ -1,4 +1,4 @@
Site: localhost
-BuildName: mbed TLS-test
+BuildName: Mbed TLS-test
CoverageCommand: /usr/bin/gcov
MemoryCheckCommand: /usr/bin/valgrind
diff --git a/configs/README.txt b/configs/README.txt
index 9e5a243..86496db 100644
--- a/configs/README.txt
+++ b/configs/README.txt
@@ -21,4 +21,4 @@
make
Note that the second method also works if you want to keep your custom
-configuration file outside the mbed TLS tree.
+configuration file outside the Mbed TLS tree.
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 31fab4e..1964e8e 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -33,7 +33,7 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
@@ -47,7 +47,7 @@
#define MBEDTLS_SELF_TEST
#define MBEDTLS_VERSION_FEATURES
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 89898b3..56a700f 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -37,13 +37,13 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 0652136..e05b557 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -35,7 +35,7 @@
/* System support */
#define MBEDTLS_HAVE_ASM
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
@@ -46,7 +46,7 @@
#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 7fd5dde..c8a47d9 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "mbed TLS v3.4.1"
+PROJECT_NAME = "Mbed TLS v3.4.1"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index e693bc1..e11e271 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -1,4 +1,4 @@
-option(INSTALL_MBEDTLS_HEADERS "Install mbed TLS headers." ON)
+option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON)
if(INSTALL_MBEDTLS_HEADERS)
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 002c8de..c7aae0f 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -96,15 +96,14 @@
/* Slightly smaller way to check if tag is a string tag
* compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG(tag) \
- ((tag) < 32u && ( \
+#define MBEDTLS_ASN1_IS_STRING_TAG(tag) \
+ ((unsigned int) (tag) < 32u && ( \
((1u << (tag)) & ((1u << MBEDTLS_ASN1_BMP_STRING) | \
(1u << MBEDTLS_ASN1_UTF8_STRING) | \
(1u << MBEDTLS_ASN1_T61_STRING) | \
(1u << MBEDTLS_ASN1_IA5_STRING) | \
(1u << MBEDTLS_ASN1_UNIVERSAL_STRING) | \
- (1u << MBEDTLS_ASN1_PRINTABLE_STRING) | \
- (1u << MBEDTLS_ASN1_BIT_STRING))) != 0))
+ (1u << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0))
/*
* Bit masks for each of the components of an ASN.1 tag as specified in
@@ -210,6 +209,7 @@
}
mbedtls_asn1_named_data;
+#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C)
/**
* \brief Get the length of an ASN.1 element.
* Updates the pointer to immediately behind the length.
@@ -256,7 +256,9 @@
int mbedtls_asn1_get_tag(unsigned char **p,
const unsigned char *end,
size_t *len, int tag);
+#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */
+#if defined(MBEDTLS_ASN1_PARSE_C)
/**
* \brief Retrieve a boolean ASN.1 tag and its value.
* Updates the pointer to immediately behind the full tag.
@@ -646,4 +648,6 @@
}
#endif
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
#endif /* asn1.h */
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index 3c5072c..6fe57c8 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -48,6 +48,7 @@
extern "C" {
#endif
+#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C)
/**
* \brief Write a length field in ASN.1 format.
*
@@ -76,7 +77,9 @@
*/
int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start,
unsigned char tag);
+#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */
+#if defined(MBEDTLS_ASN1_WRITE_C)
/**
* \brief Write raw buffer data.
*
@@ -393,4 +396,6 @@
}
#endif
+#endif /* MBEDTLS_ASN1_WRITE_C */
+
#endif /* MBEDTLS_ASN1_WRITE_H */
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 7fd4fcc..533e076 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -47,7 +47,32 @@
*/
#define MBEDTLS_VERSION_NUMBER 0x03040100
#define MBEDTLS_VERSION_STRING "3.4.1"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.4.1"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.4.1"
+
+/* Macros for build-time platform detection */
+
+#if !defined(MBEDTLS_ARCH_IS_ARM64) && \
+ (defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC))
+#define MBEDTLS_ARCH_IS_ARM64
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_ARM32) && \
+ (defined(__arm__) || defined(_M_ARM) || \
+ defined(_M_ARMT) || defined(__thumb__) || defined(__thumb2__))
+#define MBEDTLS_ARCH_IS_ARM32
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_X64) && \
+ (defined(__amd64__) || defined(__x86_64__) || \
+ ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC)))
+#define MBEDTLS_ARCH_IS_X64
+#endif
+
+#if !defined(MBEDTLS_ARCH_IS_X86) && \
+ (defined(__i386__) || defined(_X86_) || \
+ (defined(_M_IX86) && !defined(_M_I86)))
+#define MBEDTLS_ARCH_IS_X86
+#endif
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index ca267bd..5ea7b94 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -30,7 +30,7 @@
*/
#include <limits.h>
#if CHAR_BIT != 8
-#error "mbed TLS requires a platform with 8-bit chars"
+#error "Mbed TLS requires a platform with 8-bit chars"
#endif
#include <stdint.h>
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index a89d4d2..bf95b90 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -175,7 +175,7 @@
#if !defined(MBEDTLS_ECP_ALT)
/*
- * default mbed TLS elliptic curve arithmetic implementation
+ * default Mbed TLS elliptic curve arithmetic implementation
*
* (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
* alternative implementation for the whole module and it will replace this
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 11600bb..a7454f2 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -166,9 +166,9 @@
}
/**
- * \brief Translate a mbed TLS error code into a string representation,
- * Result is truncated if necessary and always includes a terminating
- * null byte.
+ * \brief Translate an Mbed TLS error code into a string representation.
+ * The result is truncated if necessary and always includes a
+ * terminating null byte.
*
* \param errnum error code
* \param buffer buffer to place representation in
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index d73c83e..2f5c672 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -168,7 +168,7 @@
*
* Enable the memory allocation layer.
*
- * By default mbed TLS uses the system-provided calloc() and free().
+ * By default Mbed TLS uses the system-provided calloc() and free().
* This allows different allocators (self-implemented or provided) to be
* provided to the platform abstraction layer.
*
@@ -241,10 +241,10 @@
/**
* \def MBEDTLS_PLATFORM_EXIT_ALT
*
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the
* function in the platform abstraction layer.
*
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will
* provide a function "mbedtls_platform_set_printf()" that allows you to set an
* alternative printf function pointer.
*
@@ -344,7 +344,7 @@
/** \} name SECTION: System support */
/**
- * \name SECTION: mbed TLS feature support
+ * \name SECTION: Mbed TLS feature support
*
* This section sets support for features that are or are not needed
* within the modules that are enabled.
@@ -367,7 +367,7 @@
/**
* \def MBEDTLS_AES_ALT
*
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternate core implementation of a symmetric crypto, an arithmetic or hash
* module (e.g. platform specific assembly optimized implementations). Keep
* in mind that the function prototypes should remain the same.
@@ -375,7 +375,7 @@
* This replaces the whole module. If you only want to replace one of the
* functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
* provide the "struct mbedtls_aes_context" definition and omit the base
* function declarations and implementations. "aes_alt.h" will be included from
* "aes.h" to include the new function definitions.
@@ -423,14 +423,14 @@
/**
* \def MBEDTLS_SHA256_PROCESS_ALT
*
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you
* alternate core implementation of symmetric crypto or hash function. Keep in
* mind that function prototypes should remain the same.
*
- * This replaces only one function. The header file from mbed TLS is still
+ * This replaces only one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will
* no longer provide the mbedtls_sha1_process() function, but it will still provide
* the other function (using your mbedtls_sha1_process() function) and the definition
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
@@ -480,11 +480,11 @@
*
* Expose a part of the internal interface of the Elliptic Curve Point module.
*
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternative core implementation of elliptic curve arithmetic. Keep in mind
* that function prototypes should remain the same.
*
- * This partially replaces one function. The header file from mbed TLS is still
+ * This partially replaces one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
* is still present and it is used for group structures not supported by the
* alternative.
@@ -508,11 +508,11 @@
* implement optimized set up and tear down instructions.
*
* Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac()
* function, but will use your mbedtls_internal_ecp_double_jac() if the group
* for the operation is supported by your implementation (i.e. your
* mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
- * group is not supported by your implementation, then the original mbed TLS
+ * group is not supported by your implementation, then the original Mbed TLS
* implementation of ecp_double_jac() is used instead, unless this fallback
* behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
* ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
@@ -543,7 +543,7 @@
/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
- * Uncomment this macro to let mbed TLS use your own implementation of a
+ * Uncomment this macro to let Mbed TLS use your own implementation of a
* hardware entropy collector.
*
* Your function must be called \c mbedtls_hardware_poll(), have the same
@@ -1491,7 +1491,7 @@
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, mbed TLS can still communicate
+ * If you choose not to send the alert messages, Mbed TLS can still communicate
* with other servers, only debugging of failures is harder.
*
* The advantage of not sending alert messages, is that no information is given
@@ -2181,12 +2181,12 @@
* Comment this macro to disallow using RSASSA-PSS in certificates.
*/
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-/** \} name SECTION: mbed TLS feature support */
+/** \} name SECTION: Mbed TLS feature support */
/**
- * \name SECTION: mbed TLS modules
+ * \name SECTION: Mbed TLS modules
*
- * This section enables or disables entire modules in mbed TLS
+ * This section enables or disables entire modules in Mbed TLS
* \{
*/
@@ -2882,7 +2882,7 @@
* Module: library/memory_buffer_alloc.c
*
* Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
*
* Enable this module to enable the buffer memory allocator.
*/
@@ -3484,7 +3484,7 @@
* \def MBEDTLS_THREADING_C
*
* Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * By default Mbed TLS assumes it is used in a non-threaded environment or that
* contexts are not shared between threads. If you do intend to use contexts
* between threads, you will need to enable this layer to prevent race
* conditions. See also our Knowledge Base article about threading:
@@ -3498,7 +3498,7 @@
* You will have to enable either MBEDTLS_THREADING_ALT or
* MBEDTLS_THREADING_PTHREAD.
*
- * Enable this layer to allow use of mutexes within mbed TLS
+ * Enable this layer to allow use of mutexes within Mbed TLS
*/
//#define MBEDTLS_THREADING_C
@@ -3644,7 +3644,7 @@
*/
#define MBEDTLS_X509_CSR_WRITE_C
-/** \} name SECTION: mbed TLS modules */
+/** \} name SECTION: Mbed TLS modules */
/**
* \name SECTION: General configuration options
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index c7973d9..21b3697 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -1,7 +1,7 @@
/**
* \file platform_time.h
*
- * \brief mbed TLS Platform time abstraction
+ * \brief Mbed TLS Platform time abstraction
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 2db5209..bf0c1a1 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -1,7 +1,7 @@
/**
* \file ssl_ciphersuites.h
*
- * \brief SSL Ciphersuites for mbed TLS
+ * \brief SSL Ciphersuites for Mbed TLS
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 1b9c7ce..6a336c3 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -55,9 +55,9 @@
* \brief Set your alternate threading implementation function
* pointers and initialize global mutexes. If used, this
* function must be called once in the main thread before any
- * other mbed TLS function is called, and
+ * other Mbed TLS function is called, and
* mbedtls_threading_free_alt() must be called once in the main
- * thread after all other mbed TLS functions.
+ * thread after all other Mbed TLS functions.
*
* \note mutex_init() and mutex_free() don't return a status code.
* If mutex_init() fails, it should leave its argument (the
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index bb1a4c3..073211a 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -52,9 +52,9 @@
void mbedtls_version_get_string(char *string);
/**
- * Get the full version string ("mbed TLS x.y.z").
+ * Get the full version string ("Mbed TLS x.y.z").
*
- * \param string The string that will receive the value. The mbed TLS version
+ * \param string The string that will receive the value. The Mbed TLS version
* string will use 18 bytes AT MOST including a terminating
* null byte.
* (So the buffer should be at least 18 bytes to receive this
@@ -64,12 +64,12 @@
/**
* \brief Check if support for a feature was compiled into this
- * mbed TLS binary. This allows you to see at runtime if the
+ * Mbed TLS binary. This allows you to see at runtime if the
* library was for instance compiled with or without
* Multi-threading support.
*
* \note only checks against defines in the sections "System
- * support", "mbed TLS modules" and "mbed TLS feature
+ * support", "Mbed TLS modules" and "Mbed TLS feature
* support" in mbedtls_config.h
*
* \param feature The string for the define to check (e.g. "MBEDTLS_AES_C")
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 078781c..3f9b250 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -1007,7 +1007,7 @@
* \brief Set the issuer name for a Certificate
* Issuer names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS CA"
*
* \param ctx CRT context to use
* \param issuer_name issuer name to set
@@ -1022,7 +1022,7 @@
* \brief Set the subject name for a Certificate
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
*
* \param ctx CRT context to use
* \param subject_name subject name to set
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 80adb19..513a83e 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -180,7 +180,7 @@
* \brief Set the subject name for a CSR
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
*
* \param ctx CSR context to use
* \param subject_name subject name to set
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 351edd0..83204f3 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,7 +1,7 @@
-option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
-option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
-option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
-option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
+option(USE_STATIC_MBEDTLS_LIBRARY "Build Mbed TLS static library." ON)
+option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF)
+option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
+option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
# Set the project root directory if it's not already defined, as may happen if
# the library folder is included directly by a parent project, without
diff --git a/library/aes.c b/library/aes.c
index 47a5e3e..0a7b26c 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -34,20 +34,19 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
-#if defined(__aarch64__)
+#if defined(MBEDTLS_ARCH_IS_ARM64)
#if !defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
#endif
#endif
-#if defined(__amd64__) || defined(__x86_64__) || \
- ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC))
+#if defined(MBEDTLS_ARCH_IS_X64)
#if !defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
#endif
#endif
-#if defined(__i386__) || defined(_M_IX86)
+#if defined(MBEDTLS_ARCH_IS_X86)
#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && !defined(MBEDTLS_AESNI_C)
#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
#endif
@@ -652,7 +651,7 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return mbedtls_aesce_setkey_enc((unsigned char *) RK, key, keybits);
}
@@ -764,7 +763,7 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_aesce_inverse_key(
(unsigned char *) RK,
@@ -1091,7 +1090,7 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return mbedtls_aesce_crypt_ecb(ctx, mode, input, output);
}
@@ -1910,7 +1909,7 @@
mbedtls_printf(" AES note: using VIA Padlock.\n");
} else
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_printf(" AES note: using AESCE.\n");
} else
diff --git a/library/aesce.c b/library/aesce.c
index 6f75a67..8b42b03 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -46,7 +46,7 @@
#include "aesce.h"
-#if defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_ARCH_IS_ARM64)
/* Compiler version checks. */
#if defined(__clang__)
@@ -510,6 +510,6 @@
#undef MBEDTLS_POP_TARGET_PRAGMA
#endif
-#endif /* MBEDTLS_HAVE_ARM64 */
+#endif /* MBEDTLS_ARCH_IS_ARM64 */
#endif /* MBEDTLS_AESCE_C */
diff --git a/library/aesce.h b/library/aesce.h
index 735c8cf..d24c423 100644
--- a/library/aesce.h
+++ b/library/aesce.h
@@ -30,13 +30,10 @@
#include "mbedtls/aes.h"
-#if !defined(MBEDTLS_HAVE_ARM64)
-#if defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC)
-#define MBEDTLS_HAVE_ARM64
-#endif
-#endif
-#if defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARM64)
+
+#define MBEDTLS_AESCE_HAVE_CODE
#ifdef __cplusplus
extern "C" {
@@ -131,6 +128,6 @@
}
#endif
-#endif /* MBEDTLS_HAVE_ARM64 */
+#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARM64 */
#endif /* MBEDTLS_AESCE_H */
diff --git a/library/aesni.h b/library/aesni.h
index 332a0f0..ba14290 100644
--- a/library/aesni.h
+++ b/library/aesni.h
@@ -32,23 +32,8 @@
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u
-/* Can we do AESNI with inline assembly?
- * (Only implemented with gas syntax, only for 64-bit.)
- */
-#if !defined(MBEDTLS_HAVE_X86_64) && \
- (defined(__amd64__) || defined(__x86_64__) || \
- defined(_M_X64) || defined(_M_AMD64)) && \
- !defined(_M_ARM64EC)
-#define MBEDTLS_HAVE_X86_64
-#endif
-
-#if !defined(MBEDTLS_HAVE_X86) && \
- (defined(__i386__) || defined(_M_IX86))
-#define MBEDTLS_HAVE_X86
-#endif
-
#if defined(MBEDTLS_AESNI_C) && \
- (defined(MBEDTLS_HAVE_X86_64) || defined(MBEDTLS_HAVE_X86))
+ (defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_X86))
/* Can we do AESNI with intrinsics?
* (Only implemented with certain compilers, only for certain targets.)
@@ -75,7 +60,10 @@
#if defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
#elif defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(MBEDTLS_HAVE_X86_64)
+ defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X64)
+/* Can we do AESNI with inline assembly?
+ * (Only implemented with gas syntax, only for 64-bit.)
+ */
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
#elif defined(__GNUC__)
# error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C"
diff --git a/library/asn1parse.c b/library/asn1parse.c
index d257ef4..edc4c69 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -19,7 +19,7 @@
#include "common.h"
-#if defined(MBEDTLS_ASN1_PARSE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C)
#include "mbedtls/asn1.h"
#include "mbedtls/platform_util.h"
@@ -114,7 +114,9 @@
return mbedtls_asn1_get_len(p, end, len);
}
+#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */
+#if defined(MBEDTLS_ASN1_PARSE_C)
int mbedtls_asn1_get_bool(unsigned char **p,
const unsigned char *end,
int *val)
diff --git a/library/asn1write.c b/library/asn1write.c
index c65d937..4123ac3 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -19,7 +19,7 @@
#include "common.h"
-#if defined(MBEDTLS_ASN1_WRITE_C)
+#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C)
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
@@ -102,7 +102,9 @@
return 1;
}
+#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */
+#if defined(MBEDTLS_ASN1_WRITE_C)
int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start,
const unsigned char *buf, size_t size)
{
diff --git a/library/cipher.c b/library/cipher.c
index de7f837..69ee6d7 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1,7 +1,7 @@
/**
* \file cipher.c
*
- * \brief Generic cipher wrapper for mbed TLS
+ * \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 6ab2f5f..8e06121 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -1,7 +1,7 @@
/**
* \file cipher_wrap.c
*
- * \brief Generic cipher wrapper for mbed TLS
+ * \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 19ad2c6..6355b5e 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -1131,7 +1131,7 @@
#if !defined(MBEDTLS_ECJPAKE_ALT)
/* 'reference handshake' tests can only be run against implementations
* for which we have 100% control over how the random ephemeral keys
- * are generated. This is only the case for the internal mbed TLS
+ * are generated. This is only the case for the internal Mbed TLS
* implementation, so these tests are skipped in case the internal
* implementation is swapped out for an alternative one. */
if (verbose != 0) {
diff --git a/library/entropy_poll.h b/library/entropy_poll.h
index 3cfd4a4..be4943c 100644
--- a/library/entropy_poll.h
+++ b/library/entropy_poll.h
@@ -50,7 +50,7 @@
/**
* \brief Entropy poll callback for a hardware source
*
- * \warning This is not provided by mbed TLS!
+ * \warning This is not provided by Mbed TLS!
* See \c MBEDTLS_ENTROPY_HARDWARE_ALT in mbedtls_config.h.
*
* \note This must accept NULL as its first argument.
diff --git a/library/gcm.c b/library/gcm.c
index 786290f..b06ca4a 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -97,7 +97,7 @@
}
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return 0;
}
@@ -208,7 +208,7 @@
}
#endif /* MBEDTLS_AESNI_HAVE_CODE */
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
unsigned char h[16];
@@ -885,7 +885,7 @@
} else
#endif
-#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
+#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_printf(" GCM note: using AESCE.\n");
} else
diff --git a/library/md.c b/library/md.c
index 0b2ea4d..6dfbba7 100644
--- a/library/md.c
+++ b/library/md.c
@@ -1,7 +1,7 @@
/**
* \file md.c
*
- * \brief Generic message digest wrapper for mbed TLS
+ * \brief Generic message digest wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
diff --git a/library/mps_common.h b/library/mps_common.h
index 33b518b..301d525 100644
--- a/library/mps_common.h
+++ b/library/mps_common.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_error.h b/library/mps_error.h
index 15570d2..5113959 100644
--- a/library/mps_error.h
+++ b/library/mps_error.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_reader.h b/library/mps_reader.h
index bff6705..bb912ec 100644
--- a/library/mps_reader.h
+++ b/library/mps_reader.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_trace.h b/library/mps_trace.h
index 6f0455f..f8e0a5d 100644
--- a/library/mps_trace.h
+++ b/library/mps_trace.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/padlock.c b/library/padlock.c
index f42c40f..563d40e 100644
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -31,7 +31,7 @@
#include <string.h>
-#if defined(MBEDTLS_HAVE_X86)
+#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
/*
* PadLock detection routine
@@ -162,6 +162,6 @@
return 0;
}
-#endif /* MBEDTLS_HAVE_X86 */
+#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */
#endif /* MBEDTLS_PADLOCK_C */
diff --git a/library/padlock.h b/library/padlock.h
index ae5c486..a00afe0 100644
--- a/library/padlock.h
+++ b/library/padlock.h
@@ -38,16 +38,17 @@
#endif
#endif
-/* Some versions of ASan result in errors about not enough registers */
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
+/*
+ * - `padlock` is implements with GNUC assembly for x86 target.
+ * - Some versions of ASan result in errors about not enough registers.
+ */
+#if defined(MBEDTLS_PADLOCK_C) && \
+ defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \
+ defined(MBEDTLS_HAVE_ASM) && \
!defined(MBEDTLS_HAVE_ASAN)
#define MBEDTLS_VIA_PADLOCK_HAVE_CODE
-#ifndef MBEDTLS_HAVE_X86
-#define MBEDTLS_HAVE_X86
-#endif
-
#include <stdint.h>
#define MBEDTLS_PADLOCK_RNG 0x000C
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 2b4afd7..575f302 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -225,12 +225,12 @@
const uint8_t *data,
size_t data_length);
-/** Convert an mbed TLS error code to a PSA error code
+/** Convert an Mbed TLS error code to a PSA error code
*
* \note This function is provided solely for the convenience of
* Mbed TLS and may be removed at any time without notice.
*
- * \param ret An mbed TLS-thrown error code
+ * \param ret An Mbed TLS-thrown error code
*
* \return The corresponding PSA error code
*/
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index a0cf530..d2c050b 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1,7 +1,7 @@
/**
* \file ssl_ciphersuites.c
*
- * \brief SSL ciphersuites for mbed TLS
+ * \brief SSL ciphersuites for Mbed TLS
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
diff --git a/library/ssl_client.c b/library/ssl_client.c
index dc2b650..7114ef0 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS ( https://tls.mbed.org )
+ * This file is part of Mbed TLS ( https://tls.mbed.org )
*/
#include "common.h"
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 77325c3..d018bee 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS ( https://tls.mbed.org )
+ * This file is part of Mbed TLS ( https://tls.mbed.org )
*/
#include "common.h"
diff --git a/library/x509.c b/library/x509.c
index ee7a2b2..990393c 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -43,6 +43,8 @@
#include "mbedtls/pem.h"
#endif
+#include "mbedtls/asn1write.h"
+
#include "mbedtls/platform.h"
#if defined(MBEDTLS_HAVE_TIME)
@@ -810,6 +812,11 @@
return 0;
}
+static char nibble_to_hex_digit(int i)
+{
+ return (i < 10) ? (i + '0') : (i - 10 + 'A');
+}
+
/*
* Store the name in printable form into buf; no more
* than size characters will be written
@@ -817,11 +824,16 @@
int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i, j, n;
+ size_t i, j, n, asn1_len_size, asn1_tag_size, asn1_tag_len_buf_start;
+ /* 6 is enough as our asn1 write functions only write one byte for the tag and at most five bytes for the length*/
+ unsigned char asn1_tag_len_buf[6];
+ unsigned char *asn1_len_p;
unsigned char c, merge = 0;
const mbedtls_x509_name *name;
const char *short_name = NULL;
+ char lowbits, highbits;
char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
+ int print_hexstring;
memset(s, 0, sizeof(s));
@@ -840,32 +852,91 @@
MBEDTLS_X509_SAFE_SNPRINTF;
}
- ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name);
+ print_hexstring = (name->val.tag != MBEDTLS_ASN1_UTF8_STRING) &&
+ (name->val.tag != MBEDTLS_ASN1_PRINTABLE_STRING) &&
+ (name->val.tag != MBEDTLS_ASN1_IA5_STRING);
- if (ret == 0) {
+ if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) {
ret = mbedtls_snprintf(p, n, "%s=", short_name);
} else {
- ret = mbedtls_snprintf(p, n, "\?\?=");
+ if ((ret = mbedtls_oid_get_numeric_string(p, n, &name->oid)) > 0) {
+ n -= ret;
+ p += ret;
+ ret = mbedtls_snprintf(p, n, "=");
+ print_hexstring = 1;
+ } else if (ret == MBEDTLS_ERR_OID_BUF_TOO_SMALL) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ } else {
+ ret = mbedtls_snprintf(p, n, "\?\?=");
+ }
}
MBEDTLS_X509_SAFE_SNPRINTF;
- for (i = 0, j = 0; i < name->val.len; i++, j++) {
- if (j >= sizeof(s) - 1) {
- return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
- }
+ if (print_hexstring) {
+ s[0] = '#';
- c = name->val.p[i];
- // Special characters requiring escaping, RFC 1779
- if (c && strchr(",=+<>#;\"\\", c)) {
+ asn1_len_p = asn1_tag_len_buf + sizeof(asn1_tag_len_buf);
+ if ((ret = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len)) < 0) {
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ }
+ asn1_len_size = ret;
+ if ((ret = mbedtls_asn1_write_tag(&asn1_len_p, asn1_tag_len_buf, name->val.tag)) < 0) {
+ return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ }
+ asn1_tag_size = ret;
+ asn1_tag_len_buf_start = sizeof(asn1_tag_len_buf) - asn1_len_size - asn1_tag_size;
+ for (i = 0, j = 1; i < asn1_len_size + asn1_tag_size; i++) {
if (j + 1 >= sizeof(s) - 1) {
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
- s[j++] = '\\';
+ c = asn1_tag_len_buf[asn1_tag_len_buf_start+i];
+ lowbits = (c & 0x0F);
+ highbits = c >> 4;
+ s[j++] = nibble_to_hex_digit(highbits);
+ s[j++] = nibble_to_hex_digit(lowbits);
}
- if (c < 32 || c >= 127) {
- s[j] = '?';
- } else {
- s[j] = c;
+ for (i = 0; i < name->val.len; i++) {
+ if (j + 1 >= sizeof(s) - 1) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
+ c = name->val.p[i];
+ lowbits = (c & 0x0F);
+ highbits = c >> 4;
+ s[j++] = nibble_to_hex_digit(highbits);
+ s[j++] = nibble_to_hex_digit(lowbits);
+ }
+ } else {
+ for (i = 0, j = 0; i < name->val.len; i++, j++) {
+ if (j >= sizeof(s) - 1) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
+
+ c = name->val.p[i];
+ // Special characters requiring escaping, RFC 4514 Section 2.4
+ if (c == '\0') {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ } else {
+ if (strchr(",=+<>;\"\\", c) ||
+ ((i == 0) && strchr("# ", c)) ||
+ ((i == name->val.len-1) && (c == ' '))) {
+ if (j + 1 >= sizeof(s) - 1) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
+ s[j++] = '\\';
+ }
+ }
+ if (c < 32 || c >= 127) {
+ if (j + 3 >= sizeof(s) - 1) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
+ s[j++] = '\\';
+ lowbits = (c & 0x0F);
+ highbits = c >> 4;
+ s[j++] = nibble_to_hex_digit(highbits);
+ s[j] = nibble_to_hex_digit(lowbits);
+ } else {
+ s[j] = c;
+ }
}
}
s[j] = '\0';
diff --git a/library/x509_create.c b/library/x509_create.c
index bd772d3..1c489a3 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -28,6 +28,10 @@
#include <string.h>
+#include "mbedtls/platform.h"
+
+#include "mbedtls/asn1.h"
+
/* Structure linking OIDs for X.509 DN AttributeTypes to their
* string representations and default string encodings used by Mbed TLS. */
typedef struct {
@@ -35,7 +39,8 @@
* "CN" or "emailAddress". */
size_t name_len; /* Length of 'name', without trailing 0 byte. */
const char *oid; /* String representation of OID of AttributeType,
- * as per RFC 5280, Appendix A.1. */
+ * as per RFC 5280, Appendix A.1. encoded as per
+ * X.690 */
int default_tag; /* The default character encoding used for the
* given attribute type, e.g.
* MBEDTLS_ASN1_UTF8_STRING for UTF-8. */
@@ -123,79 +128,200 @@
return cur;
}
+static int hex_to_int(char c)
+{
+ return ('0' <= c && c <= '9') ? (c - '0') :
+ ('a' <= c && c <= 'f') ? (c - 'a' + 10) :
+ ('A' <= c && c <= 'F') ? (c - 'A' + 10) : -1;
+}
+
+static int hexpair_to_int(const char *hexpair)
+{
+ int n1 = hex_to_int(*hexpair);
+ int n2 = hex_to_int(*(hexpair + 1));
+
+ if (n1 != -1 && n2 != -1) {
+ return (n1 << 4) | n2;
+ } else {
+ return -1;
+ }
+}
+
+static int parse_attribute_value_string(const char *s,
+ int len,
+ unsigned char *data,
+ size_t *data_len)
+{
+ const char *c;
+ const char *end = s + len;
+ unsigned char *d = data;
+ int n;
+
+ for (c = s; c < end; c++) {
+ if (*c == '\\') {
+ c++;
+
+ /* Check for valid escaped characters as per RFC 4514 Section 3 */
+ if (c + 1 < end && (n = hexpair_to_int(c)) != -1) {
+ if (n == 0) {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ *(d++) = n;
+ c++;
+ } else if (c < end && strchr(" ,=+<>#;\"\\", *c)) {
+ *(d++) = *c;
+ } else {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ } else {
+ *(d++) = *c;
+ }
+
+ if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ }
+ *data_len = d - data;
+ return 0;
+}
+
+static int parse_attribute_value_der_encoded(const char *s,
+ int len,
+ unsigned char *data,
+ size_t *data_len,
+ int *tag)
+{
+ const char *c = s;
+ const char *end = c + len;
+ unsigned char asn1_der_buf[MBEDTLS_X509_MAX_DN_NAME_SIZE];
+ unsigned char *asn1_der_end;
+ unsigned char *p;
+ unsigned char *d = data;
+ int n;
+
+ /* Converting from hexstring to raw binary so we can use asn1parse.c */
+ if ((len < 5) || (*c != '#')) {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ c++;
+ if ((*tag = hexpair_to_int(c)) == -1) {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ c += 2;
+ p = asn1_der_buf;
+ for (p = asn1_der_buf; c < end; c += 2) {
+ if ((c + 1 >= end) || (n = hexpair_to_int(c)) == -1) {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ if (MBEDTLS_ASN1_IS_STRING_TAG(*tag) && n == 0) {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ *(p++) = n;
+ }
+ asn1_der_end = p;
+
+ p = asn1_der_buf;
+ if (mbedtls_asn1_get_len(&p, asn1_der_end, data_len) != 0) {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+
+ while (p < asn1_der_end) {
+ *(d++) = *(p++);
+ }
+
+ return 0;
+}
+
int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name)
{
int ret = MBEDTLS_ERR_X509_INVALID_NAME;
+ int parse_ret = 0;
const char *s = name, *c = s;
const char *end = s + strlen(s);
- const char *oid = NULL;
+ mbedtls_asn1_buf oid = { .p = NULL, .len = 0, .tag = MBEDTLS_ASN1_NULL };
const x509_attr_descriptor_t *attr_descr = NULL;
- int in_tag = 1;
- char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
- char *d = data;
+ int in_attr_type = 1;
+ int tag;
+ int numericoid = 0;
+ unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
+ size_t data_len = 0;
/* Clear existing chain if present */
mbedtls_asn1_free_named_data_list(head);
while (c <= end) {
- if (in_tag && *c == '=') {
+ if (in_attr_type && *c == '=') {
if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) {
- ret = MBEDTLS_ERR_X509_UNKNOWN_OID;
- goto exit;
+ if ((mbedtls_oid_from_numeric_string(&oid, s, c - s)) != 0) {
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ } else {
+ numericoid = 1;
+ }
+ } else {
+ oid.len = strlen(attr_descr->oid);
+ oid.p = mbedtls_calloc(1, oid.len);
+ memcpy(oid.p, attr_descr->oid, oid.len);
+ numericoid = 0;
}
- oid = attr_descr->oid;
s = c + 1;
- in_tag = 0;
- d = data;
+ in_attr_type = 0;
}
- if (!in_tag && *c == '\\' && c != end) {
- c++;
-
- /* Check for valid escaped characters */
- if (c == end || *c != ',') {
- ret = MBEDTLS_ERR_X509_INVALID_NAME;
- goto exit;
+ if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) {
+ if (s == c) {
+ mbedtls_free(oid.p);
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ } else if (*s == '#') {
+ if ((parse_ret =
+ parse_attribute_value_der_encoded(s, (int) (c - s), data, &data_len,
+ &tag)) != 0) {
+ mbedtls_free(oid.p);
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ }
+ } else {
+ if (numericoid) {
+ mbedtls_free(oid.p);
+ return MBEDTLS_ERR_X509_INVALID_NAME;
+ } else {
+ if ((parse_ret =
+ parse_attribute_value_string(s, (int) (c - s), data,
+ &data_len)) != 0) {
+ mbedtls_free(oid.p);
+ return parse_ret;
+ }
+ tag = attr_descr->default_tag;
+ }
}
- } else if (!in_tag && (*c == ',' || c == end)) {
- mbedtls_asn1_named_data *cur =
- mbedtls_asn1_store_named_data(head, oid, strlen(oid),
- (unsigned char *) data,
- d - data);
+ mbedtls_asn1_named_data *cur =
+ mbedtls_asn1_store_named_data(head, (char *) oid.p, oid.len,
+ (unsigned char *) data,
+ data_len);
+ mbedtls_free(oid.p);
+ oid.p = NULL;
if (cur == NULL) {
return MBEDTLS_ERR_X509_ALLOC_FAILED;
}
// set tagType
- cur->val.tag = attr_descr->default_tag;
+ cur->val.tag = tag;
while (c < end && *(c + 1) == ' ') {
c++;
}
s = c + 1;
- in_tag = 1;
+ in_attr_type = 1;
/* Successfully parsed one name, update ret to success */
ret = 0;
}
-
- if (!in_tag && s != c + 1) {
- *(d++) = *c;
-
- if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) {
- ret = MBEDTLS_ERR_X509_INVALID_NAME;
- goto exit;
- }
- }
-
c++;
}
-
-exit:
-
+ if (oid.p != NULL) {
+ mbedtls_free(oid.p);
+ }
return ret;
}
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 4777ee0..6734a14 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -65,7 +65,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index fb6f371..1e648e8 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -775,9 +775,9 @@
mbedtls_printf(" > Write content to server:");
fflush(stdout);
- len = sprintf((char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
+ len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
"This is a simple test mail from the "
- "mbed TLS mail client example.\r\n"
+ "Mbed TLS mail client example.\r\n"
"\r\n"
"Enjoy!", opt.mail_from);
ret = write_ssl_data(&ssl, buf, len);
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 9416c3c..12d3057 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -66,7 +66,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index bb49155..ad82567 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -59,7 +59,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 58c2f1e..e3fabec 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -173,7 +173,7 @@
* packets (for fragmentation purposes) */
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
/*
diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt
index 518d2e9..019e6e7 100644
--- a/programs/test/cmake_package/CMakeLists.txt
+++ b/programs/test/cmake_package/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 2.8.12)
+cmake_minimum_required(VERSION 3.5.1)
#
# Simulate configuring and building Mbed TLS as the user might do it. We'll
diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt
index fb5ad51..6070a6c 100644
--- a/programs/test/cmake_package_install/CMakeLists.txt
+++ b/programs/test/cmake_package_install/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 2.8.12)
+cmake_minimum_required(VERSION 3.5.1)
#
# Simulate configuring and building Mbed TLS as the user might do it. We'll
diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt
index a9fcfde..3c3cba3 100644
--- a/programs/test/cmake_subproject/CMakeLists.txt
+++ b/programs/test/cmake_subproject/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 2.6)
+cmake_minimum_required(VERSION 3.5.1)
# Test the target renaming support by adding a prefix to the targets built
set(MBEDTLS_TARGET_PREFIX subproject_test_)
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index 7fc8c6c..19d90bc 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -131,7 +131,7 @@
sed -e "s/\(# *define *[A-Z]*_VERSION\)_PATCH .\{1,\}/\1_PATCH $PATCH/" | \
sed -e "s/\(# *define *[A-Z]*_VERSION\)_NUMBER .\{1,\}/\1_NUMBER $VERSION_NR/" | \
sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING .\{1,\}/\1_STRING \"$VERSION\"/" | \
- sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"mbed TLS $VERSION\"/" \
+ sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"Mbed TLS $VERSION\"/" \
> tmp
mv tmp include/mbedtls/build_info.h
@@ -142,7 +142,7 @@
[ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h"
for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h;
do
- sed -e "s/mbed TLS v[0-9\.]\{1,\}/mbed TLS v$VERSION/g" < $i > tmp
+ sed -e "s/\\([Mm]bed TLS v\\)[0-9][0-9.]*/\\1$VERSION/g" < $i > tmp
mv tmp $i
done
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index 6c0fc25..ae95db4 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -17,7 +17,7 @@
#
# Purpose
#
-# This script determines ROM size (or code size) for the standard mbed TLS
+# This script determines ROM size (or code size) for the standard Mbed TLS
# configurations, when built for a Cortex M3/M4 target.
#
# Configurations included:
@@ -108,7 +108,7 @@
fi
log ""
-log "mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
+log "Mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
log "$( arm-none-eabi-gcc --version | head -n1 )"
log "CFLAGS=$ARMGCC_FLAGS"
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index e0de6b7..49cca2e 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -39,8 +39,8 @@
my $feature_format_file = $data_dir.'/version_features.fmt';
-my @sections = ( "System support", "mbed TLS modules",
- "mbed TLS feature support" );
+my @sections = ( "System support", "Mbed TLS modules",
+ "Mbed TLS feature support" );
my $line_separator = $/;
undef $/;
diff --git a/scripts/lcov.sh b/scripts/lcov.sh
index 8d141ee..6bba02f 100755
--- a/scripts/lcov.sh
+++ b/scripts/lcov.sh
@@ -51,7 +51,7 @@
lcov --rc lcov_branch_coverage=1 --add-tracefile Coverage/tmp/files.info --add-tracefile Coverage/tmp/tests.info -o Coverage/tmp/all.info
lcov --rc lcov_branch_coverage=1 --remove Coverage/tmp/all.info -o Coverage/tmp/final.info '*.h'
gendesc tests/Descriptions.txt -o Coverage/tmp/descriptions
- genhtml --title "mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
+ genhtml --title "Mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
rm -f Coverage/tmp/*.info Coverage/tmp/descriptions
echo "Coverage report in: Coverage/index.html"
}
diff --git a/tests/compat.sh b/tests/compat.sh
index b070e71..252736b 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -262,7 +262,7 @@
{
if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
then
- # Ciphersuite for mbed TLS
+ # Ciphersuite for Mbed TLS
M_CIPHERS=$( filter "$M_CIPHERS" )
# Ciphersuite for OpenSSL
@@ -272,7 +272,7 @@
G_CIPHERS=$( filter "$G_CIPHERS" )
fi
- # For GnuTLS client -> mbed TLS server,
+ # For GnuTLS client -> Mbed TLS server,
# we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
if is_dtls "$MODE" && [ "X$VERIFY" = "XYES" ]; then
G_CIPHERS=""
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index b5f0844..21ca489 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1,7 +1,7 @@
## This file contains a record of how some of the test data was
## generated. The final build products are committed to the repository
## as well to make sure that the test data is identical. You do not
-## need to use this makefile unless you're extending mbed TLS's tests.
+## need to use this makefile unless you're extending Mbed TLS's tests.
## Many data files were generated prior to the existence of this
## makefile, so the method of their generation was not recorded.
@@ -1441,6 +1441,14 @@
parse_input/server1.req.commas.sha256: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256
+parse_input/server1.req.hashsymbol.sha256: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=\#PolarSSL,CN=PolarSSL Server 1" md=SHA256
+
+parse_input/server1.req.spaces.sha256: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O= PolarSSL ,CN=PolarSSL Server 1" md=SHA256
+
+parse_input/server1.req.asciichars.sha256: server1.key
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=极地SSL,CN=PolarSSL Server 1" md=SHA256
# server2*
server2_pwd_ec = PolarSSLTest
@@ -1590,7 +1598,13 @@
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
server1.commas.crt: server1.key parse_input/server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
-all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt
+server1.hashsymbol.crt: server1.key parse_input/server1.req.hashsymbol.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.hashsymbol.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+server1.spaces.crt: server1.key parse_input/server1.req.spaces.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.spaces.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+server1.asciichars.crt: server1.key parse_input/server1.req.asciichars.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.asciichars.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt server1.hashsymbol.crt server1.spaces.crt server1.asciichars.crt
parse_input/server1.key_usage.crt: parse_input/server1.req.sha256
server1.key_usage.crt: server1.req.sha256
diff --git a/tests/data_files/server1.asciichars.crt b/tests/data_files/server1.asciichars.crt
new file mode 100644
index 0000000..824e46e
--- /dev/null
+++ b/tests/data_files/server1.asciichars.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA9MQswCQYDVQQGEwJOTDESMBAG
+A1UECgwJ5p6B5ZywU1NMMRowGAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
+v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
+Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
+XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
+65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
+cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
+AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw
+HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD
+ggEBAHqJLYmgkQ6yqml3PZM6iwbmo+lZLyDEPFpl/thHZm5LI8TTYOeU+wMAZ6KI
+VumyjZxypmLF2MiiJ2f3zQooU7H1waAcTpsafTuD6RRYdthYYxs1L9gCm1ZT2Ga8
+fgn3wrugPLUrtSM/TkTj6F4XkSlluzZpEKsSYLSoyde+uQgdbtR+3Tc+3oU8xBMM
+N6uq4VQC49avIQkI+598E3vKrjGGt3l2a1Ts1qvXWjo9mpJW5GM4e1zfogKnc8XQ
+K1hYQ39wL42l9Hijwre85O0PSBfbNOv1BPSDm8das3VNzGsUIz8InkAKAKCKwxG6
+BCw3D/CE8s6DCnpb+eK1sVJwZ4E=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.hashsymbol.crt b/tests/data_files/server1.hashsymbol.crt
new file mode 100644
index 0000000..9db7300
--- /dev/null
+++ b/tests/data_files/server1.hashsymbol.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA9MQswCQYDVQQGEwJOTDESMBAG
+A1UECgwJI1BvbGFyU1NMMRowGAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
+v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
+Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
+XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
+65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
+cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
+AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw
+HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD
+ggEBAJcKcv/Xro61Sxm0GH42pYu7AvtD2b8nynvA8BW9gCHmiIHvHQWNO9NTMuno
+1+HdzQVF1JxHC/A/hvXsczxGEc3jVnVeg1fwi8mZ/Fy1XtAVCTA0yJu7JTaaYbg+
+IU2y7Nu36FSOztLpOfHGmwVDoJ1+wCzG/id64hXwJRrHvUfGK4EvIsV97swhk2Do
+zSAfDA9N+QNV4zeiF9mLMOpUhCUBq8r41EDqm9lM0wSd3HNen8jwO20F4F1b1dYm
+L+bMarvUgHq91f128m2fF3sWNnz4RGoagSI/aOU/AP6Ksq8SUruGHpqrVWLClA6n
+EyyTPlNTwYIRCydZt7zlsw1/4h4=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.spaces.crt b/tests/data_files/server1.spaces.crt
new file mode 100644
index 0000000..b77132a
--- /dev/null
+++ b/tests/data_files/server1.spaces.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA+MQswCQYDVQQGEwJOTDETMBEG
+A1UECgwKIFBvbGFyU1NMIDEaMBgGA1UEAwwRUG9sYXJTU0wgU2VydmVyIDEwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAh89QGrVVVOL/TbugmUuFWFe
+ib+46EWQ2+6IFlLT8UNQR5YSWWSHa/0r4Eb5c77dz5LhkVvtZqBviSl5RYDQg2rV
+QUN3Xzl8CQRHgrBXOXDto+wVGR6oMwhHwQVCqf1Mw7Tf3QYfTRBRQGdzEw9A+G2B
+JV8KsVPGMH4VOaz5Wu5/kp6mBVvnE5eFtSOS2dQkBtUJJYl1B92mGo8/CRm+rWUs
+ZOuVm9z+QV4XptpsW2nMAroULBYknErczdD3Umdz8S2gI/1+9DHKLXDKiQsE2y6m
+T3Buns69WIniU1meblqSZeKIPwyUGaPd5eidlRPtKdurcBLcWsprF6tSglSxAgMB
+AAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKm
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
+A4IBAQBsR3jOFh7uGF5MCvEK8DrSmmvcFJzMmTRp0hCMeb0wEULhrMKeRDIa2yvr
+FrHHCUNAk2HjsjJevpCM8f3ibDqecckfbxE2vT9IUCmPrtOWmhQR/Il5TR9FvYns
+4BF1KUPRqGUFAXoIN+xKcYdp+myIluGHumM4Bop7tAZ5gg68IV/UJh5RqShxiLgV
+rxHzrp6oM1kn199m2wc1Twy2YwcNmfJDSOLV6K4xWjwcc8Eq+rLhuWUs5GNdrSEY
+ZjWmF1AlbVVChU3Dl5XOAY8T6+wJst5RIwkf1Fl1TPCZX8FWzGM9HYiYW0cC7cno
+IdSS7mVGxNrNe+6/Cu+zfqeiLdN2
+-----END CERTIFICATE-----
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 32be0ee..43a91ee 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -43,7 +43,7 @@
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
index 3ed7069..dd95530 100755
--- a/tests/scripts/check-doxy-blocks.pl
+++ b/tests/scripts/check-doxy-blocks.pl
@@ -68,7 +68,7 @@
# Check that the script is being run from the project's root directory.
for my $dir (@directories) {
if (! -d $dir) {
- die "This script must be run from the mbed TLS root directory";
+ die "This script must be run from the Mbed TLS root directory";
} else {
check_dir($dir)
}
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 4d6f930..a1c37e9 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -35,7 +35,7 @@
fi
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh
index 2bc8dc9..cb87829 100755
--- a/tests/scripts/doxygen.sh
+++ b/tests/scripts/doxygen.sh
@@ -21,7 +21,7 @@
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh
index a640b56..a51fbc9 100755
--- a/tests/scripts/generate-afl-tests.sh
+++ b/tests/scripts/generate-afl-tests.sh
@@ -41,7 +41,7 @@
if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ];
then :;
else
- echo " [!] Must be run from mbed TLS tests directory" >&2
+ echo " [!] Must be run from Mbed TLS tests directory" >&2
exit 1
fi
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 619a5dd..5751624 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -166,7 +166,7 @@
* MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may
* change in the future. A factor 2 is a minimum safety margin.
*
- * For reference, with mbed TLS 2.4 and default settings, for P-256:
+ * For reference, with Mbed TLS 2.4 and default settings, for P-256:
* - Random point mult: ~3250M
* - Cold base point mult: ~3300M
* - Hot base point mult: ~1100M
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index 981f8ab..eeae512 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -20,7 +20,7 @@
mbedtls_snprintf(build_str, 100, "%d.%d.%d", MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
- mbedtls_snprintf(build_str_full, 100, "mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
+ mbedtls_snprintf(build_str_full, 100, "Mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
build_int = MBEDTLS_VERSION_MAJOR << 24 |
@@ -56,7 +56,7 @@
(get_int >> 24) & 0xFF,
(get_int >> 16) & 0xFF,
(get_int >> 8) & 0xFF);
- mbedtls_snprintf(build_str_full, 100, "mbed TLS %s", version_str);
+ mbedtls_snprintf(build_str_full, 100, "Mbed TLS %s", version_str);
TEST_ASSERT(strcmp(build_str, version_str) == 0);
TEST_ASSERT(strcmp(build_str_full, get_str_full) == 0);
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 7af9de9..e1db717 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -184,11 +184,11 @@
X509 CRT information Bitstring in subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n"
+x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=#030B0037313031303132323535\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n"
X509 CRT information Non-ASCII string in issuer name and subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nsubject name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
X509 CRT information Parsing IPv4 and IPv6 IP names
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
@@ -447,6 +447,18 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
mbedtls_x509_dn_gets:"data_files/server1.commas.crt":"subject":"C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1"
+X509 Get Distinguished Name #6
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
+mbedtls_x509_dn_gets:"data_files/server1.hashsymbol.crt":"subject":"C=NL, O=\\#PolarSSL, CN=PolarSSL Server 1"
+
+X509 Get Distinguished Name #7
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
+mbedtls_x509_dn_gets:"data_files/server1.spaces.crt":"subject":"C=NL, O=\\ PolarSSL\\ , CN=PolarSSL Server 1"
+
+X509 Get Distinguished Name #8
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
+mbedtls_x509_dn_gets:"data_files/server1.asciichars.crt":"subject":"C=NL, O=\\E6\\9E\\81\\E5\\9C\\B0SSL, CN=PolarSSL Server 1"
+
X509 Get Modified DN #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
mbedtls_x509_dn_gets_subject_replace:"data_files/server1.crt":"Modified":"C=NL, O=Modified, CN=PolarSSL Server 1":0
@@ -2373,7 +2385,7 @@
X509 CRT ASN1 (Name with composite RDN)
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, ??=US, ??=Delaware, O=Authorize.Net LLC, ??=Private Organization, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0
+x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, 1.3.6.1.4.1.311.60.2.1.3=#13025553, 1.3.6.1.4.1.311.60.2.1.2=#130844656C6177617265, O=Authorize.Net LLC, 2.5.4.15=#131450726976617465204F7267616E697A6174696F6E, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0
X509 CRT ASN1 (Name with PKCS9 email)
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index e6bce1d..114bd52 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -619,7 +619,7 @@
/*
* See comments on ecp_test_vect_restart() for op count precision.
*
- * For reference, with mbed TLS 2.6 and default settings:
+ * For reference, with Mbed TLS 2.6 and default settings:
* - ecdsa_verify() for P-256: ~ 6700
* - ecdsa_verify() for P-384: ~ 18800
* - x509_verify() for server5 -> test-ca2: ~ 18800
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 0848550..37679c1 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -170,7 +170,7 @@
mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0
X509 String to Names #2
-mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_UNKNOWN_OID
+mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
X509 String to Names #3 (Name precisely 255 bytes)
mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0
@@ -184,8 +184,56 @@
X509 String to Names #6 (Escape at end)
mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME
-X509 String to Names #6 (Invalid, no '=' or ',')
+X509 String to Names #7 (Invalid, no '=' or ',')
mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME
+X509 String to Names #8 (Escaped valid characters)
+mbedtls_x509_string_to_names:"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":0
+
+X509 String to Names #9 (Escaped ascii hexpairs uppercase encoded)
+mbedtls_x509_string_to_names:"C=NL, O=\\4F\\66\\66\\73\\70\\61\\72\\6B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0
+
+X509 String to Names #10 (Escaped ascii hexpairs lowercase encoded)
+mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6b, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0
+
+X509 String to Names #11 (Invalid hexpair escape at end of string)
+mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
+
+X509 String to Names #12 (Reject escaped null hexpair)
+mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
+
+X509 String to Names #13 (Invalid hexpairs)
+mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
+
+X509 String to Names #14 (Accept numercoid/hexstring)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0
+
+X509 String to Names #15 (Odd length DER hexstring)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
+
+X509 String to Names #16 (Length mismatch DER hexstring)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C0B4F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
+
+X509 String to Names #17 (Invalid OID)
+mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
+
+X509 String to Names #18 (short name and hexstring)
+mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0
+
+X509 String to Names #19 (Accept non-ascii hexpairs)
+mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCspark, OU=PolarSSL":0
+
+X509 String to Names #20 (Reject empty AttributeValue)
+mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
+
+X509 Round trip test (Escaped characters)
+mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0
+
+X509 Round trip test (hexstring output for non string input)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0
+
+X509 Round trip test (numercoid hexstring output for unknown OID)
+mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":0
+
Check max serial length
x509_set_serial_check: