Minor style and typo corrections

This commit is contained in:
Hanno Becker 2017-09-13 15:39:59 +01:00
parent 476986547b
commit 81535d0011
5 changed files with 107 additions and 90 deletions

View File

@ -51,7 +51,7 @@ static void mbedtls_zeroize( void *v, size_t n ) {
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{ {
memset( ctx, 0, sizeof(mbedtls_x509write_cert) ); memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
mbedtls_mpi_init( &ctx->serial ); mbedtls_mpi_init( &ctx->serial );
ctx->version = MBEDTLS_X509_CRT_VERSION_3; ctx->version = MBEDTLS_X509_CRT_VERSION_3;
@ -65,7 +65,7 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx )
mbedtls_asn1_free_named_data_list( &ctx->issuer ); mbedtls_asn1_free_named_data_list( &ctx->issuer );
mbedtls_asn1_free_named_data_list( &ctx->extensions ); mbedtls_asn1_free_named_data_list( &ctx->extensions );
mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_cert) ); mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
} }
void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ) void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version )
@ -193,14 +193,14 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
{ {
int ret; int ret;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
unsigned char *c = buf + sizeof(buf); unsigned char *c = buf + sizeof( buf );
size_t len = 0; size_t len = 0;
memset( buf, 0, sizeof(buf) ); memset( buf, 0, sizeof(buf) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
mbedtls_sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); mbedtls_sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 );
c = buf + sizeof(buf) - 20; c = buf + sizeof( buf ) - 20;
len = 20; len = 20;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
@ -212,7 +212,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
0, buf + sizeof(buf) - len, len ); 0, buf + sizeof( buf ) - len, len );
} }
#endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_SHA1_C */
@ -324,7 +324,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
pk_alg = MBEDTLS_PK_NONE; pk_alg = MBEDTLS_PK_NONE;
if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
&sig_oid, &sig_oid_len ) ) != 0 ) &sig_oid, &sig_oid_len ) ) != 0 )
{ {
return( ret ); return( ret );
} }

View File

@ -50,7 +50,7 @@ static void mbedtls_zeroize( void *v, size_t n ) {
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
{ {
memset( ctx, 0, sizeof(mbedtls_x509write_csr) ); memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
} }
void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
@ -58,7 +58,7 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
mbedtls_asn1_free_named_data_list( &ctx->subject ); mbedtls_asn1_free_named_data_list( &ctx->subject );
mbedtls_asn1_free_named_data_list( &ctx->extensions ); mbedtls_asn1_free_named_data_list( &ctx->extensions );
mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_csr) ); mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_csr ) );
} }
void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ) void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg )

View File

@ -60,9 +60,9 @@ int main( void )
#if defined(MBEDTLS_X509_CSR_PARSE_C) #if defined(MBEDTLS_X509_CSR_PARSE_C)
#define USAGE_CSR \ #define USAGE_CSR \
" request_file=%%s default: (empty)\n" \ " request_file=%%s default: (empty)\n" \
" If request_file is specified, subject_key,\n" \ " If request_file is specified, subject_key,\n" \
" subject_pwd and subject_name are ignored!\n" " subject_pwd and subject_name are ignored!\n"
#else #else
#define USAGE_CSR "" #define USAGE_CSR ""
#endif /* MBEDTLS_X509_CSR_PARSE_C */ #endif /* MBEDTLS_X509_CSR_PARSE_C */
@ -94,60 +94,60 @@ int main( void )
"\n usage: cert_write param=<>...\n" \ "\n usage: cert_write param=<>...\n" \
"\n acceptable parameters:\n" \ "\n acceptable parameters:\n" \
USAGE_CSR \ USAGE_CSR \
" subject_key=%%s default: subject.key\n" \ " subject_key=%%s default: subject.key\n" \
" subject_pwd=%%s default: (empty)\n" \ " subject_pwd=%%s default: (empty)\n" \
" subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
"\n" \ "\n" \
" issuer_crt=%%s default: (empty)\n" \ " issuer_crt=%%s default: (empty)\n" \
" If issuer_crt is specified, issuer_name is\n" \ " If issuer_crt is specified, issuer_name is\n" \
" ignored!\n" \ " ignored!\n" \
" issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \ " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \
"\n" \ "\n" \
" selfsign=%%d default: 0 (false)\n" \ " selfsign=%%d default: 0 (false)\n" \
" If selfsign is enabled, issuer_name and\n" \ " If selfsign is enabled, issuer_name and\n" \
" issuer_key are required (issuer_crt and\n" \ " issuer_key are required (issuer_crt and\n" \
" subject_* are ignored\n" \ " subject_* are ignored\n" \
" issuer_key=%%s default: ca.key\n" \ " issuer_key=%%s default: ca.key\n" \
" issuer_pwd=%%s default: (empty)\n" \ " issuer_pwd=%%s default: (empty)\n" \
" output_file=%%s default: cert.crt\n" \ " output_file=%%s default: cert.crt\n" \
" serial=%%s default: 1\n" \ " serial=%%s default: 1\n" \
" not_before=%%s default: 20010101000000\n"\ " not_before=%%s default: 20010101000000\n"\
" not_after=%%s default: 20301231235959\n"\ " not_after=%%s default: 20301231235959\n"\
" is_ca=%%d default: 0 (disabled)\n" \ " is_ca=%%d default: 0 (disabled)\n" \
" max_pathlen=%%d default: -1 (none)\n" \ " max_pathlen=%%d default: -1 (none)\n" \
" md=%%s default: SHA256\n" \ " md=%%s default: SHA256\n" \
" Supported values:\n" \ " Supported values:\n" \
" MD5, SHA1, SHA256, SHA512\n"\ " MD5, SHA1, SHA256, SHA512\n"\
" version=%%d default: 3\n" \ " version=%%d default: 3\n" \
" Possible values: 1, 2, 3\n"\ " Possible values: 1, 2, 3\n"\
" subject_identifier default: 1\n" \ " subject_identifier=%%s default: 1\n" \
" Possible values: 0, 1\n" \ " Possible values: 0, 1\n" \
" (Considered for v3 only)\n"\ " (Considered for v3 only)\n"\
" authority_identifier default: 1\n" \ " authority_identifier=%%s default: 1\n" \
" Possible values: 0, 1\n" \ " Possible values: 0, 1\n" \
" (Considered for v3 only)\n"\ " (Considered for v3 only)\n"\
" basic_constraints default: 1\n" \ " basic_constraints=%%d default: 1\n" \
" Possible values: 0, 1\n" \ " Possible values: 0, 1\n" \
" (Considered for v3 only)\n"\ " (Considered for v3 only)\n"\
" key_usage=%%s default: (empty)\n" \ " key_usage=%%s default: (empty)\n" \
" Comma-separated-list of values:\n" \ " Comma-separated-list of values:\n" \
" digital_signature\n" \ " digital_signature\n" \
" non_repudiation\n" \ " non_repudiation\n" \
" key_encipherment\n" \ " key_encipherment\n" \
" data_encipherment\n" \ " data_encipherment\n" \
" key_agreement\n" \ " key_agreement\n" \
" key_cert_sign\n" \ " key_cert_sign\n" \
" crl_sign\n" \ " crl_sign\n" \
" (Considered for v3 only)\n"\ " (Considered for v3 only)\n"\
" ns_cert_type=%%s default: (empty)\n" \ " ns_cert_type=%%s default: (empty)\n" \
" Comma-separated-list of values:\n" \ " Comma-separated-list of values:\n" \
" ssl_client\n" \ " ssl_client\n" \
" ssl_server\n" \ " ssl_server\n" \
" email\n" \ " email\n" \
" object_signing\n" \ " object_signing\n" \
" ssl_ca\n" \ " ssl_ca\n" \
" email_ca\n" \ " email_ca\n" \
" object_signing_ca\n" \ " object_signing_ca\n" \
"\n" "\n"
/* /*
@ -189,7 +189,8 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
size_t len = 0; size_t len = 0;
memset( output_buf, 0, 4096 ); memset( output_buf, 0, 4096 );
if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096, f_rng, p_rng ) ) < 0 ) if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096,
f_rng, p_rng ) ) < 0 )
return( ret ); return( ret );
len = strlen( (char *) output_buf ); len = strlen( (char *) output_buf );
@ -452,7 +453,8 @@ int main( int argc, char *argv[] )
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", ret, buf ); mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n",
ret, buf );
goto exit; goto exit;
} }
@ -466,7 +468,8 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_mpi_read_string( &serial, 10, opt.serial ) ) != 0 ) if( ( ret = mbedtls_mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_mpi_read_string returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_string "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -485,7 +488,8 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 ) if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -494,7 +498,8 @@ int main( int argc, char *argv[] )
if( ret < 0 ) if( ret < 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -517,7 +522,8 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_x509_csr_parse_file( &csr, opt.request_file ) ) != 0 ) if( ( ret = mbedtls_x509_csr_parse_file( &csr, opt.request_file ) ) != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -526,7 +532,8 @@ int main( int argc, char *argv[] )
if( ret < 0 ) if( ret < 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -550,7 +557,8 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -565,7 +573,8 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
"returned -x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -579,7 +588,8 @@ int main( int argc, char *argv[] )
mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->E, mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->E,
&mbedtls_pk_rsa( *issuer_key )->E ) != 0 ) &mbedtls_pk_rsa( *issuer_key )->E ) != 0 )
{ {
mbedtls_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" ); mbedtls_printf( " failed\n ! issuer_key does not match "
"issuer certificate\n\n" );
ret = -1; ret = -1;
goto exit; goto exit;
} }
@ -602,14 +612,16 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 ) if( ( ret = mbedtls_x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
if( ( ret = mbedtls_x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 ) if( ( ret = mbedtls_x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -623,7 +635,8 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -631,7 +644,8 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -702,7 +716,8 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -718,7 +733,8 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type "
"returned -0x%02x - %s\n\n", -ret, buf );
goto exit; goto exit;
} }
@ -735,7 +751,8 @@ int main( int argc, char *argv[] )
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! write_certifcate -0x%02x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! write_certificate -0x%02x - %s\n\n",
-ret, buf );
goto exit; goto exit;
} }

View File

@ -114,7 +114,7 @@ server1.v1.der: server1.v1.crt
all_final += server1.v1.crt server1.v1.der all_final += server1.v1.crt server1.v1.der
# OpenSSL-generated certificates for comparison # OpenSSL-generated certificates for comparison
# Also provide certificates to DER format to allow # Also provide certificates in DER format to allow
# direct binary comparison using e.g. dumpasn1 # direct binary comparison using e.g. dumpasn1
server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
echo "01" > $(test_ca_server1_serial) echo "01" > $(test_ca_server1_serial)

View File

@ -63,7 +63,7 @@ void x509_csr_check( char *key_file, char *cert_req_check_file,
if( cert_type != 0 ) if( cert_type != 0 )
TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
ret = mbedtls_x509write_csr_pem( &req, buf, sizeof(buf), ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
rnd_pseudo_rand, &rnd_info ); rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
@ -149,7 +149,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 );
TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before, TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before,
not_after ) == 0 ); not_after ) == 0 );
mbedtls_x509write_crt_set_md_alg( &crt, md_type ); mbedtls_x509write_crt_set_md_alg( &crt, md_type );
TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
@ -169,30 +169,30 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
} }
ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof(buf), ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ),
rnd_pseudo_rand, &rnd_info ); rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
pem_len = strlen( (char *) buf ); pem_len = strlen( (char *) buf );
f = fopen( cert_check_file, "r" ); f = fopen( cert_check_file, "r" );
TEST_ASSERT( f != NULL ); TEST_ASSERT( f != NULL );
olen = fread( check_buf, 1, sizeof(check_buf), f ); olen = fread( check_buf, 1, sizeof( check_buf ), f );
fclose( f ); fclose( f );
TEST_ASSERT( olen < sizeof(check_buf) ); TEST_ASSERT( olen < sizeof( check_buf ) );
TEST_ASSERT( olen >= pem_len - 1 ); TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ), der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ),
rnd_pseudo_rand, &rnd_info ); rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( der_len >= 0 ); TEST_ASSERT( der_len >= 0 );
if( der_len == 0 ) if( der_len == 0 )
goto exit; goto exit;
ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ), ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
rnd_pseudo_rand, &rnd_info ); rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
exit: exit: