Remove certs module from mbedtls.
Certs will be used only by tests and programs.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
diff --git a/ChangeLog.d/remove_certs.txt b/ChangeLog.d/remove_certs.txt
new file mode 100644
index 0000000..94772e6
--- /dev/null
+++ b/ChangeLog.d/remove_certs.txt
@@ -0,0 +1,5 @@
+API changes
+ * Remove certs module from the API.
+ Transfer keys and certificates embedded in the library to the test component.
+ This contributes to minimizing library API and discourages users
+ from using unsafe keys in production.
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index 638c1e2..7d61492 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -65,7 +65,6 @@
/* For test certificates */
#define MBEDTLS_BASE64_C
-#define MBEDTLS_CERTS_C
#define MBEDTLS_PEM_PARSE_C
/* For testing with compat.sh */
diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h
index 5635e98..677b1f2 100644
--- a/configs/config-psa-crypto.h
+++ b/configs/config-psa-crypto.h
@@ -2093,18 +2093,6 @@
#define MBEDTLS_CCM_C
/**
- * \def MBEDTLS_CERTS_C
- *
- * Enable the test certificates.
- *
- * Module: library/certs.c
- * Caller:
- *
- * This module is used for testing (ssl_client/server).
- */
-#define MBEDTLS_CERTS_C
-
-/**
* \def MBEDTLS_CHACHA20_C
*
* Enable the ChaCha20 stream cipher.
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 6eb03a9..7cb566c 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -73,7 +73,6 @@
/* For test certificates */
#define MBEDTLS_BASE64_C
-#define MBEDTLS_CERTS_C
#define MBEDTLS_PEM_PARSE_C
/* Save RAM at the expense of ROM */
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 6bf16da..5fc9fbe 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -820,10 +820,6 @@
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_CERTS_C) && !defined(MBEDTLS_X509_USE_C)
-#error "MBEDTLS_CERTS_C defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 46941e2..32ec845 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2538,18 +2538,6 @@
#define MBEDTLS_CCM_C
/**
- * \def MBEDTLS_CERTS_C
- *
- * Enable the test certificates.
- *
- * Module: library/certs.c
- * Caller:
- *
- * This module is used for testing (ssl_client/server).
- */
-#define MBEDTLS_CERTS_C
-
-/**
* \def MBEDTLS_CHACHA20_C
*
* Enable the ChaCha20 stream cipher.
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 08525e2..e5e83d6 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -291,17 +291,6 @@
*/
int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief Checkup routine
- *
- * \return 0 if successful, or 1 if the test failed
- */
-int mbedtls_x509_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
/*
* Internal module functions. You probably do not want to use these unless you
* know you do.
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 4fef36c..1a5c62a 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -81,7 +81,6 @@
list(APPEND src_crypto ${thirdparty_src})
set(src_x509
- certs.c
pkcs11.c
x509.c
x509_create.c
diff --git a/library/Makefile b/library/Makefile
index 3aab662..fdf3b28 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -140,7 +140,6 @@
OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
OBJS_X509= \
- certs.o \
pkcs11.o \
x509.o \
x509_create.o \
diff --git a/library/version_features.c b/library/version_features.c
index 724234c..b1578d0 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -642,9 +642,6 @@
#if defined(MBEDTLS_CCM_C)
"MBEDTLS_CCM_C",
#endif /* MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CERTS_C)
- "MBEDTLS_CERTS_C",
-#endif /* MBEDTLS_CERTS_C */
#if defined(MBEDTLS_CHACHA20_C)
"MBEDTLS_CHACHA20_C",
#endif /* MBEDTLS_CHACHA20_C */
diff --git a/library/x509.c b/library/x509.c
index 2a7be32..f0a9101 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -995,73 +995,4 @@
return( 0 );
}
#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/certs.h"
-
-/*
- * Checkup routine
- */
-int mbedtls_x509_self_test( int verbose )
-{
- int ret = 0;
-#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
- uint32_t flags;
- mbedtls_x509_crt cacert;
- mbedtls_x509_crt clicert;
-
- if( verbose != 0 )
- mbedtls_printf( " X.509 certificate load: " );
-
- mbedtls_x509_crt_init( &cacert );
- mbedtls_x509_crt_init( &clicert );
-
- ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
- mbedtls_test_cli_crt_len );
- if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- goto cleanup;
- }
-
- ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
- mbedtls_test_ca_crt_len );
- if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- goto cleanup;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n X.509 signature verify: ");
-
- ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
- if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- goto cleanup;
- }
-
- if( verbose != 0 )
- mbedtls_printf( "passed\n\n");
-
-cleanup:
- mbedtls_x509_crt_free( &cacert );
- mbedtls_x509_crt_free( &clicert );
-#else
- ((void) verbose);
-#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */
- return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
#endif /* MBEDTLS_X509_USE_C */
diff --git a/programs/Makefile b/programs/Makefile
index cb31cf4..284cc63 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -11,7 +11,7 @@
MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c))
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../tests/include -I../include -D_FILE_OFFSET_BITS=64
-LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64
+LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -I../tests/include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-L../library \
-lmbedtls$(SHARED_SUFFIX) \
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
index fd55e31..acdf77f 100644
--- a/programs/fuzz/CMakeLists.txt
+++ b/programs/fuzz/CMakeLists.txt
@@ -44,6 +44,7 @@
endif()
add_executable(${exe} ${exe_sources})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
if (NOT FUZZINGENGINE_LIB)
target_link_libraries(${exe} ${libs})
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 270ae8a..618eda2 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -1,7 +1,7 @@
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
+#include "test/certs.h"
#include "common.h"
#include <string.h>
#include <stdlib.h>
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index ff258bc..29c8672 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -6,9 +6,8 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
#include "mbedtls/timing.h"
-
+#include "test/certs.h"
#if defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_ENTROPY_C) && \
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 4cde1fe..b6dc52e 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -3,10 +3,10 @@
#include <stdint.h>
#include "common.h"
#include "mbedtls/ssl.h"
+#include "test/certs.h"
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
#include "mbedtls/timing.h"
#include "mbedtls/ssl_cookie.h"
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 014f386..16b800c 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -1,8 +1,8 @@
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
#include "mbedtls/ssl_ticket.h"
+#include "test/certs.h"
#include "common.h"
#include <string.h>
#include <stdlib.h>
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index dfc16a5..e8fc930 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -45,6 +45,7 @@
if(THREADS_FOUND)
add_executable(ssl_pthread_server ssl_pthread_server.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT})
list(APPEND executables ssl_pthread_server)
endif(THREADS_FOUND)
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 03a06ff..03b985f 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -39,14 +39,14 @@
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C)
+ !defined(MBEDTLS_PEM_PARSE_C)
int main( void )
{
mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
+ "MBEDTLS_PEM_PARSE_C not defined.\n" );
mbedtls_exit( 0 );
}
#else
@@ -59,8 +59,8 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
-#include "mbedtls/certs.h"
#include "mbedtls/timing.h"
+#include "test/certs.h"
/* Uncomment out the following line to default to IPv4 and disable IPv6 */
//#define FORCE_IPV4
@@ -358,5 +358,4 @@
}
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
- MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_CERTS_C &&
- MBEDTLS_PEM_PARSE_C */
+ MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C */
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 22e3fc5..6967998 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -49,8 +49,7 @@
!defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
- !defined(MBEDTLS_TIMING_C)
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_TIMING_C)
int main( void )
{
@@ -58,8 +57,7 @@
"MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
- "MBEDTLS_TIMING_C not defined.\n" );
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_TIMING_C not defined.\n" );
mbedtls_exit( 0 );
}
#else
@@ -74,7 +72,6 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_cookie.h"
@@ -82,6 +79,7 @@
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
+#include "test/certs.h"
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/ssl_cache.h"
@@ -434,4 +432,4 @@
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
- && MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */
+ && MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 61a849c..2c16887 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -37,11 +37,11 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
- !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
@@ -59,7 +59,7 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
-#include "mbedtls/certs.h"
+#include "test/certs.h"
#include <string.h>
@@ -314,5 +314,4 @@
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
- MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C &&
- MBEDTLS_X509_CRT_PARSE_C */
+ MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C */
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 0f0e93e..8004601 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1581,7 +1581,6 @@
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
-#if defined(MBEDTLS_CERTS_C)
{
#if defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
@@ -1603,12 +1602,6 @@
break;
}
}
-#else
- {
- ret = 1;
- mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
- }
-#endif /* MBEDTLS_CERTS_C */
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
@@ -1634,16 +1627,9 @@
ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
else
#endif
-#if defined(MBEDTLS_CERTS_C)
ret = mbedtls_x509_crt_parse( &clicert,
(const unsigned char *) mbedtls_test_cli_crt,
mbedtls_test_cli_crt_len );
-#else
- {
- ret = 1;
- mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
- }
-#endif
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
@@ -1659,16 +1645,9 @@
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd );
else
#endif
-#if defined(MBEDTLS_CERTS_C)
ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 );
-#else
- {
- ret = 1;
- mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
- }
-#endif
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 3a07179..d181c01 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -36,18 +36,18 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
- !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
- !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_TIMING_C) || \
- !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_PEM_PARSE_C)
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+ !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_PEM_PARSE_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
@@ -65,7 +65,7 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
+#include "test/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/net_sockets.h"
@@ -417,7 +417,7 @@
mbedtls_exit( exit_code );
}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_PARSE_C &&
! _WIN32 */
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index fb965f6..0392a46 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -65,7 +65,7 @@
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
+#include "test/certs.h"
#include "mbedtls/x509.h"
#include <stdlib.h>
@@ -509,12 +509,12 @@
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
-#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
+#if defined(MBEDTLS_PEM_PARSE_C)
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
#else
{
- mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.");
+ mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");
goto exit;
}
#endif
@@ -539,15 +539,8 @@
ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
else
#endif
-#if defined(MBEDTLS_CERTS_C)
ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
mbedtls_test_cli_crt_len );
-#else
- {
- mbedtls_printf("MBEDTLS_CERTS_C not defined.");
- goto exit;
- }
-#endif
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
@@ -559,12 +552,12 @@
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
-#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
+#if defined(MBEDTLS_PEM_PARSE_C)
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 );
#else
{
- mbedtls_printf("MBEDTLS_CERTS_C or MBEDTLS_PEM_PARSE_C not defined.");
+ mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");
goto exit;
}
#endif
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index c8ab215..dbedd53 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -37,16 +37,15 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
- !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
- !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
- !defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD) || \
- !defined(MBEDTLS_PEM_PARSE_C)
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_THREADING_C) || \
+ !defined(MBEDTLS_THREADING_PTHREAD) || !defined(MBEDTLS_PEM_PARSE_C)
int main( void )
{
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
@@ -65,11 +64,11 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/error.h"
+#include "test/certs.h"
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/ssl_cache.h"
@@ -525,7 +524,7 @@
mbedtls_exit( ret );
}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_THREADING_C &&
MBEDTLS_THREADING_PTHREAD && MBEDTLS_PEM_PARSE_C */
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 0124338..11147b0 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -37,15 +37,14 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
- !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
- !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
- !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
- !defined(MBEDTLS_PEM_PARSE_C)
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
+ !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO)
int main( void )
{
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
@@ -63,12 +62,12 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
+#include "test/certs.h"
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/ssl_cache.h"
@@ -397,7 +396,7 @@
mbedtls_exit( ret );
}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C
&& MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 9527698..383994a 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2340,7 +2340,6 @@
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
-#if defined(MBEDTLS_CERTS_C)
{
#if defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
@@ -2362,12 +2361,6 @@
break;
}
}
-#else
- {
- ret = 1;
- mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
- }
-#endif /* MBEDTLS_CERTS_C */
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
@@ -2443,10 +2436,6 @@
strcmp( opt.crt_file2, "none" ) != 0 &&
strcmp( opt.key_file2, "none" ) != 0 )
{
-#if !defined(MBEDTLS_CERTS_C)
- mbedtls_printf( "Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n" );
- goto exit;
-#else
#if defined(MBEDTLS_RSA_C)
if( ( ret = mbedtls_x509_crt_parse( &srvcert,
(const unsigned char *) mbedtls_test_srv_crt_rsa,
@@ -2485,7 +2474,6 @@
}
key_cert_init2 = 2;
#endif /* MBEDTLS_ECDSA_C */
-#endif /* MBEDTLS_CERTS_C */
}
mbedtls_printf( " ok\n" );
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index 031c872..2c76d31 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -65,12 +65,12 @@
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "mbedtls/timing.h"
#include "mbedtls/base64.h"
+#include "test/certs.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 2b1e61e..715977b 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -33,6 +33,7 @@
endif()
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
${extra_sources})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
# This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3
list(FIND executables_libs ${exe} exe_index)
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
index 0ddfb06..6b33634 100644
--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -36,7 +36,6 @@
#include "mbedtls/bn_mul.h"
#include "mbedtls/camellia.h"
#include "mbedtls/ccm.h"
-#include "mbedtls/certs.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/chachapoly.h"
#include "mbedtls/check_config.h"
@@ -98,6 +97,7 @@
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/xtea.h"
+#include "test/certs.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index bc8389f..64f032e 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -47,7 +47,6 @@
#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
#include "mbedtls/ccm.h"
-#include "mbedtls/certs.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/chachapoly.h"
#include "mbedtls/cipher.h"
@@ -102,6 +101,7 @@
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/xtea.h"
+#include "test/certs.h"
#include <string.h>
@@ -1769,14 +1769,6 @@
}
#endif /* MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CERTS_C)
- if( strcmp( "MBEDTLS_CERTS_C", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_CERTS_C );
- return( 0 );
- }
-#endif /* MBEDTLS_CERTS_C */
-
#if defined(MBEDTLS_CHACHA20_C)
if( strcmp( "MBEDTLS_CHACHA20_C", config ) == 0 )
{
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 41d7040..a83348a 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -315,9 +315,6 @@
#if defined(MBEDTLS_RSA_C)
{"rsa", mbedtls_rsa_self_test},
#endif
-#if defined(MBEDTLS_X509_USE_C)
- {"x509", mbedtls_x509_self_test},
-#endif
#if defined(MBEDTLS_XTEA_C)
{"xtea", mbedtls_xtea_self_test},
#endif
diff --git a/scripts/config.py b/scripts/config.py
index 584769e..1cb19f0 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -277,7 +277,6 @@
name.startswith('MBEDTLS_KEY_EXCHANGE_'):
return False
if name in [
- 'MBEDTLS_CERTS_C', # part of libmbedx509
'MBEDTLS_DEBUG_C', # part of libmbedtls
'MBEDTLS_NET_C', # part of libmbedtls
'MBEDTLS_PKCS11_C', # part of libmbedx509
diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index 9702090..a00ece8 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -47,7 +47,6 @@
#include "mbedtls/blowfish.h"
#include "mbedtls/camellia.h"
#include "mbedtls/ccm.h"
-#include "mbedtls/certs.h"
#include "mbedtls/chacha20.h"
#include "mbedtls/chachapoly.h"
#include "mbedtls/cipher.h"
@@ -102,6 +101,7 @@
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/xtea.h"
+#include "test/certs.h"
#include <string.h>
diff --git a/scripts/memory.sh b/scripts/memory.sh
index 9c3882d..c05be74 100755
--- a/scripts/memory.sh
+++ b/scripts/memory.sh
@@ -129,7 +129,7 @@
"psk=000102030405060708090A0B0C0D0E0F"
do_config "suite-b" \
- "MBEDTLS_BASE64_C MBEDTLS_PEM_PARSE_C MBEDTLS_CERTS_C" \
+ "MBEDTLS_BASE64_C MBEDTLS_PEM_PARSE_C" \
""
# cleanup
diff --git a/include/mbedtls/certs.h b/tests/include/test/certs.h
similarity index 100%
rename from include/mbedtls/certs.h
rename to tests/include/test/certs.h
diff --git a/library/certs.c b/tests/src/certs.c
similarity index 99%
rename from library/certs.c
rename to tests/src/certs.c
index a5695e3..831395c 100644
--- a/library/certs.c
+++ b/tests/src/certs.c
@@ -19,9 +19,7 @@
#include "common.h"
-#include "mbedtls/certs.h"
-
-#if defined(MBEDTLS_CERTS_C)
+#include <test/certs.h>
/*
* Test CA Certificates
@@ -1742,5 +1740,3 @@
"";
const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
#endif /* MBEDTLS_PEM_PARSE_C */
-
-#endif /* MBEDTLS_CERTS_C */
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index f377ffa..2cc21cf 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3,10 +3,10 @@
#include <mbedtls/ssl_internal.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>
-#include <mbedtls/certs.h>
#include <mbedtls/timing.h>
#include <mbedtls/debug.h>
#include <ssl_tls13_keys.h>
+#include "test/certs.h"
#include <ssl_invasive.h>
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 3b84609..5229906 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1015,10 +1015,6 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
x509_verify_callback:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n"
-X509 Parse Selftest
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_selftest:
-
X509 CRT ASN1 (Empty Certificate)
x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 2bba4e2..1dd6cf3 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1249,10 +1249,3 @@
;;
}
/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
-void x509_selftest( )
-{
- TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 );
-}
-/* END_CASE */
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index bb3baf1..05a4830 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -153,7 +153,6 @@
<ClInclude Include="..\..\include\mbedtls\bn_mul.h" />
<ClInclude Include="..\..\include\mbedtls\camellia.h" />
<ClInclude Include="..\..\include\mbedtls\ccm.h" />
- <ClInclude Include="..\..\include\mbedtls\certs.h" />
<ClInclude Include="..\..\include\mbedtls\chacha20.h" />
<ClInclude Include="..\..\include\mbedtls\chachapoly.h" />
<ClInclude Include="..\..\include\mbedtls\check_config.h" />
@@ -230,6 +229,7 @@
<ClInclude Include="..\..\include\psa\crypto_struct.h" />
<ClInclude Include="..\..\include\psa\crypto_types.h" />
<ClInclude Include="..\..\include\psa\crypto_values.h" />
+ <ClInclude Include="..\..\tests\include\test\certs.h" />
<ClInclude Include="..\..\tests\include\test\constant_flow.h" />
<ClInclude Include="..\..\tests\include\test\helpers.h" />
<ClInclude Include="..\..\tests\include\test\macros.h" />
@@ -271,7 +271,6 @@
<ClCompile Include="..\..\library\blowfish.c" />
<ClCompile Include="..\..\library\camellia.c" />
<ClCompile Include="..\..\library\ccm.c" />
- <ClCompile Include="..\..\library\certs.c" />
<ClCompile Include="..\..\library\chacha20.c" />
<ClCompile Include="..\..\library\chachapoly.c" />
<ClCompile Include="..\..\library\cipher.c" />
@@ -345,6 +344,7 @@
<ClCompile Include="..\..\library\x509write_crt.c" />
<ClCompile Include="..\..\library\x509write_csr.c" />
<ClCompile Include="..\..\library\xtea.c" />
+ <ClCompile Include="..\..\tests\src\certs.c" />
<ClCompile Include="..\..\tests\src\helpers.c" />
<ClCompile Include="..\..\tests\src\psa_crypto_helpers.c" />
<ClCompile Include="..\..\tests\src\random.c" />