Add len constants to certs.c
diff --git a/ChangeLog b/ChangeLog
index 82c9a88..b0354d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,8 @@
* Support for DTLS 1.0 and 1.2 (RFC 6347).
API Changes
+ * Test certificates in cert.s are no longer guaranteed to be nul-terminated
+ strings; use the new *_len variables instead of strlen().
* md_init_ctx() is deprecated in favour of md_setup(), that adds a third
argument (allowing memory savings if HMAC is not used)
* Removed individual mdX_hmac and shaX_hmac functions (use generic
diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h
index 7b00a8b..e2e9f77 100644
--- a/include/mbedtls/certs.h
+++ b/include/mbedtls/certs.h
@@ -24,47 +24,72 @@
#ifndef POLARSSL_CERTS_H
#define POLARSSL_CERTS_H
+#include <stddef.h>
+
#ifdef __cplusplus
extern "C" {
#endif
/* Concatenation of all available CA certificates */
-extern const char test_ca_list[];
+extern const char test_ca_list[];
+extern const size_t test_ca_list_len;
/*
* Convenience for users who just want a certificate:
* RSA by default, or ECDSA if RSA is not available
*/
-extern const char *test_ca_crt;
-extern const char *test_ca_key;
-extern const char *test_ca_pwd;
-extern const char *test_srv_crt;
-extern const char *test_srv_key;
-extern const char *test_cli_crt;
-extern const char *test_cli_key;
+extern const char * test_ca_crt;
+extern const size_t test_ca_crt_len;
+extern const char * test_ca_key;
+extern const size_t test_ca_key_len;
+extern const char * test_ca_pwd;
+extern const size_t test_ca_pwd_len;
+extern const char * test_srv_crt;
+extern const size_t test_srv_crt_len;
+extern const char * test_srv_key;
+extern const size_t test_srv_key_len;
+extern const char * test_cli_crt;
+extern const size_t test_cli_crt_len;
+extern const char * test_cli_key;
+extern const size_t test_cli_key_len;
#if defined(POLARSSL_ECDSA_C)
-extern const char test_ca_crt_ec[];
-extern const char test_ca_key_ec[];
-extern const char test_ca_pwd_ec[];
-extern const char test_srv_crt_ec[];
-extern const char test_srv_key_ec[];
-extern const char test_cli_crt_ec[];
-extern const char test_cli_key_ec[];
+extern const char test_ca_crt_ec[];
+extern const size_t test_ca_crt_ec_len;
+extern const char test_ca_key_ec[];
+extern const size_t test_ca_key_ec_len;
+extern const char test_ca_pwd_ec[];
+extern const size_t test_ca_pwd_ec_len;
+extern const char test_srv_crt_ec[];
+extern const size_t test_srv_crt_ec_len;
+extern const char test_srv_key_ec[];
+extern const size_t test_srv_key_ec_len;
+extern const char test_cli_crt_ec[];
+extern const size_t test_cli_crt_ec_len;
+extern const char test_cli_key_ec[];
+extern const size_t test_cli_key_ec_len;
#endif
#if defined(POLARSSL_RSA_C)
-extern const char test_ca_crt_rsa[];
-extern const char test_ca_key_rsa[];
-extern const char test_ca_pwd_rsa[];
-extern const char test_srv_crt_rsa[];
-extern const char test_srv_key_rsa[];
-extern const char test_cli_crt_rsa[];
-extern const char test_cli_key_rsa[];
+extern const char test_ca_crt_rsa[];
+extern const size_t test_ca_crt_rsa_len;
+extern const char test_ca_key_rsa[];
+extern const size_t test_ca_key_rsa_len;
+extern const char test_ca_pwd_rsa[];
+extern const size_t test_ca_pwd_rsa_len;
+extern const char test_srv_crt_rsa[];
+extern const size_t test_srv_crt_rsa_len;
+extern const char test_srv_key_rsa[];
+extern const size_t test_srv_key_rsa_len;
+extern const char test_cli_crt_rsa[];
+extern const size_t test_cli_crt_rsa_len;
+extern const char test_cli_key_rsa[];
+extern const size_t test_cli_key_rsa_len;
#endif
#if defined(POLARSSL_DHM_C)
-extern const char test_dhm_params[];
+extern const char test_dhm_params[];
+extern const size_t test_dhm_params_len;
#endif
#ifdef __cplusplus
diff --git a/library/certs.c b/library/certs.c
index bf12f77..f0435e1 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -26,6 +26,8 @@
#include POLARSSL_CONFIG_FILE
#endif
+#include "mbedtls/certs.h"
+
#if defined(POLARSSL_CERTS_C)
#if defined(POLARSSL_ECDSA_C)
@@ -105,6 +107,14 @@
"AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n"
"wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n"
"-----END EC PRIVATE KEY-----\r\n";
+
+const size_t test_ca_crt_ec_len = sizeof( test_ca_crt_ec );
+const size_t test_ca_key_ec_len = sizeof( test_ca_key_ec );
+const size_t test_ca_pwd_ec_len = sizeof( test_ca_pwd_ec ) - 1;
+const size_t test_srv_crt_ec_len = sizeof( test_srv_crt_ec );
+const size_t test_srv_key_ec_len = sizeof( test_srv_key_ec );
+const size_t test_cli_crt_ec_len = sizeof( test_cli_crt_ec );
+const size_t test_cli_key_ec_len = sizeof( test_cli_key_ec );
#else
#define TEST_CA_CRT_EC
#endif /* POLARSSL_ECDSA_C */
@@ -219,7 +229,6 @@
"TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
-
const char test_cli_crt_rsa[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
@@ -270,6 +279,14 @@
"bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
"8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
+
+const size_t test_ca_crt_rsa_len = sizeof( test_ca_crt_rsa );
+const size_t test_ca_key_rsa_len = sizeof( test_ca_key_rsa );
+const size_t test_ca_pwd_rsa_len = sizeof( test_ca_pwd_rsa ) - 1;
+const size_t test_srv_crt_rsa_len = sizeof( test_srv_crt_rsa );
+const size_t test_srv_key_rsa_len = sizeof( test_srv_key_rsa );
+const size_t test_cli_crt_rsa_len = sizeof( test_cli_crt_rsa );
+const size_t test_cli_key_rsa_len = sizeof( test_cli_key_rsa );
#else
#define TEST_CA_CRT_RSA
#endif /* POLARSSL_RSA_C */
@@ -281,27 +298,43 @@
"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
"-----END DH PARAMETERS-----\r\n";
+const size_t test_dhm_params_len = sizeof( test_dhm_params );
#endif
/* Concatenation of all available CA certificates */
const char test_ca_list[] = TEST_CA_CRT_RSA TEST_CA_CRT_EC;
+const size_t test_ca_list_len = sizeof( test_ca_list );
#if defined(POLARSSL_RSA_C)
-const char *test_ca_crt = test_ca_crt_rsa;
-const char *test_ca_key = test_ca_key_rsa;
-const char *test_ca_pwd = test_ca_pwd_rsa;
+const char *test_ca_crt = test_ca_crt_rsa;
+const char *test_ca_key = test_ca_key_rsa;
+const char *test_ca_pwd = test_ca_pwd_rsa;
const char *test_srv_crt = test_srv_crt_rsa;
const char *test_srv_key = test_srv_key_rsa;
const char *test_cli_crt = test_cli_crt_rsa;
const char *test_cli_key = test_cli_key_rsa;
+const size_t test_ca_crt_len = test_ca_crt_rsa_len;
+const size_t test_ca_key_len = test_ca_key_rsa_len;
+const size_t test_ca_pwd_len = test_ca_pwd_rsa_len;
+const size_t test_srv_crt_len = test_srv_crt_rsa_len;
+const size_t test_srv_key_len = test_srv_key_rsa_len;
+const size_t test_cli_crt_len = test_cli_crt_rsa_len;
+const size_t test_cli_key_len = test_cli_key_rsa_len;
#else /* ! POLARSSL_RSA_C, so POLARSSL_ECDSA_C */
-const char *test_ca_crt = test_ca_crt_ec;
-const char *test_ca_key = test_ca_key_ec;
-const char *test_ca_pwd = test_ca_pwd_ec;
+const char *test_ca_crt = test_ca_crt_ec;
+const char *test_ca_key = test_ca_key_ec;
+const char *test_ca_pwd = test_ca_pwd_ec;
const char *test_srv_crt = test_srv_crt_ec;
const char *test_srv_key = test_srv_key_ec;
const char *test_cli_crt = test_cli_crt_ec;
const char *test_cli_key = test_cli_key_ec;
+const size_t test_ca_crt_len = test_ca_crt_ec_len;
+const size_t test_ca_key_len = test_ca_key_ec_len;
+const size_t test_ca_pwd_len = test_ca_pwd_ec_len;
+const size_t test_srv_crt_len = test_srv_crt_ec_len;
+const size_t test_srv_key_len = test_srv_key_ec_len;
+const size_t test_cli_crt_len = test_cli_crt_ec_len;
+const size_t test_cli_key_len = test_cli_key_ec_len;
#endif /* POLARSSL_RSA_C */
#endif /* POLARSSL_CERTS_C */
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 4a19618..44d2175 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -130,7 +130,7 @@
#if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
- strlen( test_ca_list ) );
+ test_ca_list_len );
#else
ret = 1;
polarssl_printf("POLARSSL_CERTS_C not defined.");
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 46c2a33..31216c6 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -128,7 +128,7 @@
* server and CA certificates, as well as pk_parse_keyfile().
*/
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
- strlen( test_srv_crt ) );
+ test_srv_crt_len );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
@@ -136,7 +136,7 @@
}
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
- strlen( test_ca_list ) );
+ test_ca_list_len );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
@@ -144,7 +144,7 @@
}
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
- strlen( test_srv_key ), NULL, 0 );
+ test_srv_key_len, NULL, 0 );
if( ret != 0 )
{
printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index c7eb3bd..184f2bd 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -121,7 +121,7 @@
#if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
- strlen( test_ca_list ) );
+ test_ca_list_len );
#else
ret = 1;
polarssl_printf("POLARSSL_CERTS_C not defined.");
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index f0e6781..5088cc6 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -947,7 +947,7 @@
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
- strlen( test_ca_list ) );
+ test_ca_list_len );
#else
{
ret = 1;
@@ -980,7 +980,7 @@
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
- strlen( test_cli_crt ) );
+ test_cli_crt_len );
#else
{
ret = 1;
@@ -1003,7 +1003,7 @@
#endif
#if defined(POLARSSL_CERTS_C)
ret = pk_parse_key( &pkey, (const unsigned char *) test_cli_key,
- strlen( test_cli_key ), NULL, 0 );
+ test_cli_key_len, NULL, 0 );
#else
{
ret = 1;
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 217851f..87379e5 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -154,7 +154,7 @@
* server and CA certificates, as well as pk_parse_keyfile().
*/
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
- strlen( test_srv_crt ) );
+ test_srv_crt_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
@@ -162,7 +162,7 @@
}
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
- strlen( test_ca_list ) );
+ test_ca_list_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
@@ -170,7 +170,7 @@
}
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
- strlen( test_srv_key ), NULL, 0 );
+ test_srv_key_len, NULL, 0 );
if( ret != 0 )
{
polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index a68af75..eaaaa2c 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -508,7 +508,7 @@
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
- strlen( test_ca_list ) );
+ test_ca_list_len );
#else
{
ret = 1;
@@ -538,7 +538,7 @@
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
- strlen( test_cli_crt ) );
+ test_cli_crt_len );
#else
{
ret = -1;
@@ -558,7 +558,7 @@
#endif
#if defined(POLARSSL_CERTS_C)
ret = pk_parse_key( &pkey, (const unsigned char *) test_cli_key,
- strlen( test_cli_key ), NULL, 0 );
+ test_cli_key_len, NULL, 0 );
#else
{
ret = -1;
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 56b3056..6a0ce35 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -417,7 +417,7 @@
* server and CA certificates, as well as pk_parse_keyfile().
*/
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
- strlen( test_srv_crt ) );
+ test_srv_crt_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
@@ -425,7 +425,7 @@
}
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
- strlen( test_ca_list ) );
+ test_ca_list_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
@@ -434,7 +434,7 @@
pk_init( &pkey );
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
- strlen( test_srv_key ), NULL, 0 );
+ test_srv_key_len, NULL, 0 );
if( ret != 0 )
{
polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 6932221..64f6c4e 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -132,7 +132,7 @@
* server and CA certificates, as well as pk_parse_keyfile().
*/
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
- strlen( test_srv_crt ) );
+ test_srv_crt_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
@@ -140,7 +140,7 @@
}
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
- strlen( test_ca_list ) );
+ test_ca_list_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
@@ -148,7 +148,7 @@
}
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
- strlen( test_srv_key ), NULL, 0 );
+ test_srv_key_len, NULL, 0 );
if( ret != 0 )
{
polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index d513ca7..0afe42b 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1328,7 +1328,7 @@
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
- strlen( test_ca_list ) );
+ test_ca_list_len );
#else
{
ret = 1;
@@ -1416,14 +1416,14 @@
#if defined(POLARSSL_RSA_C)
if( ( ret = x509_crt_parse( &srvcert,
(const unsigned char *) test_srv_crt_rsa,
- strlen( test_srv_crt_rsa ) ) ) != 0 )
+ test_srv_crt_rsa_len ) ) != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = pk_parse_key( &pkey,
(const unsigned char *) test_srv_key_rsa,
- strlen( test_srv_key_rsa ), NULL, 0 ) ) != 0 )
+ test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
{
polarssl_printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
goto exit;
@@ -1433,14 +1433,14 @@
#if defined(POLARSSL_ECDSA_C)
if( ( ret = x509_crt_parse( &srvcert2,
(const unsigned char *) test_srv_crt_ec,
- strlen( test_srv_crt_ec ) ) ) != 0 )
+ test_srv_crt_ec_len ) ) != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = pk_parse_key( &pkey2,
(const unsigned char *) test_srv_key_ec,
- strlen( test_srv_key_ec ), NULL, 0 ) ) != 0 )
+ test_srv_key_ec_len, NULL, 0 ) ) != 0 )
{
polarssl_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
goto exit;