Backport 2.16: Add DER encoded test CRTs to library/certs.c #2497
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hanno-becker
added
bug
mbed TLS team
needs-review
k-stachowiak
previously approved these changes
Mar 6, 2019
AndrzejKurek
suggested changes
Mar 6, 2019
hanno-becker
force-pushed
the
der_encoded_crts-2.16
branch
from
b565703
to
6408fdd
Compare
|
@k-stachowiak Could you please re-review? |
k-stachowiak
previously approved these changes
Mar 18, 2019
|
@AndrzejKurek Could you please re-review this, too? |
|
Shouldn't we resolve the changelog conflict to let CI pass (now with the new after-merge tests)? |
hanno-becker
force-pushed
the
der_encoded_crts-2.16
branch
from
6408fdd
to
cd4ea1b
Compare
|
@AndrzejKurek @k-stachowiak Could you please re-review the recent rebase? |
hanno-becker
force-pushed
the
der_encoded_crts-2.16
branch
from
cd4ea1b
to
6e03706
Compare
|
@AndrzejKurek @k-stachowiak Could you please re-review? |
added 6 commits
May 30, 2019 10:21
This allows to test PSK-based ciphersuites via ssl_client2 in builds which have MBEDTLS_X509_CRT_PARSE_C enabled but both MBEDTLS_FS_IO and MBEDTLS_CERTS_C disabled. A similar change is applied to the `crt_file` and `key_file` arguments.
This allows to test PSK-based ciphersuites via ssl_server2 in builds which have MBEDTLS_X509_CRT_PARSE_C enabled but both MBEDTLS_FS_IO and MBEDTLS_CERTS_C disabled.
added 11 commits
May 30, 2019 10:27
All of them are copied from (former) CRT and key files in `tests/data_files`.
For files which have been regenerated since they've been copied to `certs.c`,
update the copy.
Add declarations for DER encoded test CRTs to certs.h
Add DER encoded versions of CRTs to certs.c
fix comment in certs.c
Don't use (signed) char for DER encoded certificates
Consistently use `const char *` for test CRTs regardless of encoding
Remove non-sensical and unused PW variable for DER encoded key
Provide test CRTs in PEM and DER fmt, + pick suitable per config
This commit modifies `certs.h` and `certs.c` to start following the
following pattern for the provided test certificates and files:
- Raw test data is named `NAME_ATTR1_ATTR2_..._ATTRn`
For example, there are
`TEST_CA_CRT_{RSA|EC}_{PEM|DER}_{SHA1|SHA256}`.
- Derived test data with fewer attributes, iteratively defined as one
of the raw test data instances which suits the current configuration.
For example,
`TEST_CA_CRT_RSA_PEM`
is one of `TEST_CA_CRT_RSA_PEM_SHA1` or `TEST_CA_CRT_RSA_PEM_SHA256`,
depending on whether SHA-1 and/or SHA-256 are defined in the current
config.
Add missing public declaration of test key password
Fix signedness and naming mismatches
Further improve structure of certs.h and certs.c
Fix definition of mbedtls_test_cas test CRTs depending on config
Remove semicolon after macro string constant in certs.c
This should allow to run ssl-opt.sh successfully in the default configuration minus MBEDTLS_PEM_PARSE_C minus MBEDTLS_FS_IO.
This allows to auto-generate them from scripts.
hanno-becker
force-pushed
the
der_encoded_crts-2.16
branch
from
cd01e61
to
9582a47
Compare
|
@AndrzejKurek @k-stachowiak I updated the backport to reflect the current state of #2260 - could you please re-review? |
AndrzejKurek
approved these changes
Jun 3, 2019
k-stachowiak
approved these changes
Jun 13, 2019
Patater
added
approved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the backport of #2260 to Mbed TLS 2.16.