diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h index 7b9831752..f63ef3d0b 100644 --- a/include/mbedtls/compat-1.3.h +++ b/include/mbedtls/compat-1.3.h @@ -702,15 +702,15 @@ #define ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME #define ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING #define BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH -#define BADCERT_EXPIRED MBEDTLS_BADCERT_EXPIRED +#define BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED #define BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE -#define BADCERT_MISSING MBEDTLS_BADCERT_MISSING +#define BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING #define BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED -#define BADCERT_OTHER MBEDTLS_BADCERT_OTHER +#define BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER #define BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED -#define BADCERT_SKIP_VERIFY MBEDTLS_BADCERT_SKIP_VERIFY +#define BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY #define BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED -#define BADCRL_FUTURE MBEDTLS_BADCRL_FUTURE +#define BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE #define BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED #define BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE #define BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT @@ -745,29 +745,29 @@ #define ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM #define ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL #define EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER -#define EXT_BASIC_CONSTRAINTS MBEDTLS_EXT_BASIC_CONSTRAINTS +#define EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS #define EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES -#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS +#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS #define EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE -#define EXT_FRESHEST_CRL MBEDTLS_EXT_FRESHEST_CRL +#define EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL #define EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY -#define EXT_ISSUER_ALT_NAME MBEDTLS_EXT_ISSUER_ALT_NAME +#define EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME #define EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE -#define EXT_NAME_CONSTRAINTS MBEDTLS_EXT_NAME_CONSTRAINTS +#define EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS #define EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE -#define EXT_POLICY_CONSTRAINTS MBEDTLS_EXT_POLICY_CONSTRAINTS +#define EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS #define EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS -#define EXT_SUBJECT_ALT_NAME MBEDTLS_EXT_SUBJECT_ALT_NAME +#define EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME #define EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS -#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER +#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER #define GCM_DECRYPT MBEDTLS_GCM_DECRYPT #define GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT #define KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN -#define KU_DATA_ENCIPHERMENT MBEDTLS_KU_DATA_ENCIPHERMENT +#define KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT #define KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE -#define KU_KEY_AGREEMENT MBEDTLS_KU_KEY_AGREEMENT +#define KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT #define KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN -#define KU_KEY_ENCIPHERMENT MBEDTLS_KU_KEY_ENCIPHERMENT +#define KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT #define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION #define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100 #define MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT @@ -779,13 +779,13 @@ #define NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP #define NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP #define NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL -#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_NS_CERT_TYPE_EMAIL_CA +#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA #define NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING -#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA +#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA #define NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED -#define NS_CERT_TYPE_SSL_CA MBEDTLS_NS_CERT_TYPE_SSL_CA +#define NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA #define NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT -#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_NS_CERT_TYPE_SSL_SERVER +#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER #define OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62 #define OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE #define OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index bdb5749b7..36d1b9588 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -83,20 +83,20 @@ * \{ */ /* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */ -#define MBEDTLS_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ +#define MBEDTLS_X509_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ #define MBEDTLS_X509_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */ #define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */ #define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */ #define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */ #define MBEDTLS_X509_BADCRL_EXPIRED 0x20 /**< The CRL is expired. */ -#define MBEDTLS_BADCERT_MISSING 0x40 /**< Certificate was missing. */ -#define MBEDTLS_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */ -#define MBEDTLS_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */ +#define MBEDTLS_X509_BADCERT_MISSING 0x40 /**< Certificate was missing. */ +#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */ +#define MBEDTLS_X509_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */ #define MBEDTLS_X509_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */ -#define MBEDTLS_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */ -#define MBEDTLS_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */ -#define MBEDTLS_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */ -#define MBEDTLS_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */ +#define MBEDTLS_X509_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */ +#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */ +#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */ +#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */ /* \} name */ /* \} addtogroup x509_module */ @@ -105,9 +105,9 @@ */ #define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */ #define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */ -#define MBEDTLS_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */ -#define MBEDTLS_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */ -#define MBEDTLS_KU_KEY_AGREEMENT (0x08) /* bit 4 */ +#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */ +#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */ +#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */ #define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */ #define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */ @@ -117,13 +117,13 @@ */ #define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */ -#define MBEDTLS_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ +#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ #define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */ #define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */ #define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */ -#define MBEDTLS_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */ -#define MBEDTLS_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ -#define MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ +#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */ +#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ +#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ /* * X.509 extension types @@ -132,20 +132,20 @@ * different for writing certificates or reading CRLs or CSRs. */ #define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) -#define MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) -#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2) /* Parsed but not used */ +#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) +#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2) #define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3) #define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4) -#define MBEDTLS_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */ -#define MBEDTLS_EXT_ISSUER_ALT_NAME (1 << 6) +#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */ +#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME (1 << 6) #define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) -#define MBEDTLS_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */ -#define MBEDTLS_EXT_NAME_CONSTRAINTS (1 << 9) -#define MBEDTLS_EXT_POLICY_CONSTRAINTS (1 << 10) -#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) /* Parsed but not used */ -#define MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS (1 << 12) +#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */ +#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS (1 << 9) +#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS (1 << 10) +#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) +#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12) #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) -#define MBEDTLS_EXT_FRESHEST_CRL (1 << 14) +#define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14) #define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 938910ca6..bb6d37661 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -279,7 +279,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, * \brief Check usage of certificate against keyUsage extension. * * \param crt Leaf certificate used. - * \param usage Intended usage(s) (eg MBEDTLS_KU_KEY_ENCIPHERMENT before using the + * \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT before using the * certificate to perform an RSA key exchange). * * \return 0 is these uses of the certificate are allowed, diff --git a/library/oid.c b/library/oid.c index f3ab1bbb5..70b70a833 100644 --- a/library/oid.c +++ b/library/oid.c @@ -261,7 +261,7 @@ static const oid_x509_ext_t oid_x509_ext[] = { { { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" }, - MBEDTLS_EXT_BASIC_CONSTRAINTS, + MBEDTLS_X509_EXT_BASIC_CONSTRAINTS, }, { { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" }, @@ -273,7 +273,7 @@ static const oid_x509_ext_t oid_x509_ext[] = }, { { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" }, - MBEDTLS_EXT_SUBJECT_ALT_NAME, + MBEDTLS_X509_EXT_SUBJECT_ALT_NAME, }, { { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" }, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 99b41d739..55c04b5d7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3852,7 +3852,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) ( ssl->authmode == MBEDTLS_SSL_VERIFY_NONE || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) ) { - ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_SKIP_VERIFY; + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); ssl->state++; return( 0 ); @@ -3882,7 +3882,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); - ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_MISSING; + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; if( ssl->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) return( 0 ); else @@ -3903,7 +3903,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); - ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_MISSING; + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; if( ssl->authmode == MBEDTLS_SSL_VERIFY_REQUIRED ) return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); else @@ -6817,7 +6817,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - usage = MBEDTLS_KU_KEY_ENCIPHERMENT; + usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; break; case MBEDTLS_KEY_EXCHANGE_DHE_RSA: @@ -6828,7 +6828,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - usage = MBEDTLS_KU_KEY_AGREEMENT; + usage = MBEDTLS_X509_KU_KEY_AGREEMENT; break; /* Don't use default: we want warnings when adding new values */ @@ -6847,7 +6847,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 ) { - *flags |= MBEDTLS_BADCERT_KEY_USAGE; + *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE; ret = -1; } #else @@ -6868,7 +6868,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 ) { - *flags |= MBEDTLS_BADCERT_EXT_KEY_USAGE; + *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; ret = -1; } #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 7a94dd0d2..c3dfd57b5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -485,7 +485,7 @@ static int x509_get_crt_ext( unsigned char **p, switch( ext_type ) { - case MBEDTLS_EXT_BASIC_CONSTRAINTS: + case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: /* Parse basic constraints */ if( ( ret = x509_get_basic_constraints( p, end_ext_octet, &crt->ca_istrue, &crt->max_pathlen ) ) != 0 ) @@ -506,7 +506,7 @@ static int x509_get_crt_ext( unsigned char **p, return( ret ); break; - case MBEDTLS_EXT_SUBJECT_ALT_NAME: + case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: /* Parse subject alt name */ if( ( ret = x509_get_subject_alt_name( p, end_ext_octet, &crt->subject_alt_names ) ) != 0 ) @@ -1182,13 +1182,13 @@ static int x509_info_cert_type( char **buf, size_t *size, const char *sep = ""; CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" ); - CERT_TYPE( MBEDTLS_NS_CERT_TYPE_SSL_SERVER, "SSL Server" ); + CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" ); CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" ); CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" ); CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" ); - CERT_TYPE( MBEDTLS_NS_CERT_TYPE_SSL_CA, "SSL CA" ); - CERT_TYPE( MBEDTLS_NS_CERT_TYPE_EMAIL_CA, "Email CA" ); - CERT_TYPE( MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" ); + CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" ); + CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" ); + CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" ); *size = n; *buf = p; @@ -1210,9 +1210,9 @@ static int x509_info_key_usage( char **buf, size_t *size, KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" ); KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" ); - KEY_USAGE( MBEDTLS_KU_KEY_ENCIPHERMENT, "Key Encipherment" ); - KEY_USAGE( MBEDTLS_KU_DATA_ENCIPHERMENT, "Data Encipherment" ); - KEY_USAGE( MBEDTLS_KU_KEY_AGREEMENT, "Key Agreement" ); + KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" ); + KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" ); + KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" ); KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" ); KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" ); @@ -1323,7 +1323,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, * Optional extensions */ - if( crt->ext_types & MBEDTLS_EXT_BASIC_CONSTRAINTS ) + if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS ) { ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, crt->ca_istrue ? "true" : "false" ); @@ -1336,7 +1336,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, } } - if( crt->ext_types & MBEDTLS_EXT_SUBJECT_ALT_NAME ) + if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) { ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix ); SAFE_SNPRINTF(); @@ -1386,20 +1386,20 @@ struct x509_crt_verify_string { }; static const struct x509_crt_verify_string x509_crt_verify_strings[] = { - { MBEDTLS_BADCERT_EXPIRED, "The certificate validity has expired" }, + { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" }, { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" }, { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" }, { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" }, { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" }, { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" }, - { MBEDTLS_BADCERT_MISSING, "Certificate was missing" }, - { MBEDTLS_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" }, - { MBEDTLS_BADCERT_OTHER, "Other reason (can be used by verify callback)" }, + { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" }, + { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" }, + { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" }, { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" }, - { MBEDTLS_BADCRL_FUTURE, "The CRL is from the future" }, - { MBEDTLS_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" }, - { MBEDTLS_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" }, - { MBEDTLS_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" }, + { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" }, + { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" }, + { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" }, + { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" }, { 0, NULL } }; @@ -1568,7 +1568,7 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCRL_EXPIRED; if( mbedtls_x509_time_future( &crl_list->this_update ) ) - flags |= MBEDTLS_BADCRL_FUTURE; + flags |= MBEDTLS_X509_BADCRL_FUTURE; /* * Check if certificate is revoked @@ -1773,7 +1773,7 @@ static int x509_crt_verify_top( const mbedtls_md_info_t *md_info; if( mbedtls_x509_time_expired( &child->valid_to ) ) - *flags |= MBEDTLS_BADCERT_EXPIRED; + *flags |= MBEDTLS_X509_BADCERT_EXPIRED; if( mbedtls_x509_time_future( &child->valid_from ) ) *flags |= MBEDTLS_X509_BADCERT_FUTURE; @@ -1848,7 +1848,7 @@ static int x509_crt_verify_top( #endif if( mbedtls_x509_time_expired( &trust_ca->valid_to ) ) - ca_flags |= MBEDTLS_BADCERT_EXPIRED; + ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED; if( mbedtls_x509_time_future( &trust_ca->valid_from ) ) ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; @@ -1895,7 +1895,7 @@ static int x509_crt_verify_child( } if( mbedtls_x509_time_expired( &child->valid_to ) ) - *flags |= MBEDTLS_BADCERT_EXPIRED; + *flags |= MBEDTLS_X509_BADCERT_EXPIRED; if( mbedtls_x509_time_future( &child->valid_from ) ) *flags |= MBEDTLS_X509_BADCERT_FUTURE; @@ -1985,7 +1985,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, name = &crt->subject; cn_len = strlen( cn ); - if( crt->ext_types & MBEDTLS_EXT_SUBJECT_ALT_NAME ) + if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) { cur = &crt->subject_alt_names; diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 689c533ec..580db829a 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -213,7 +213,7 @@ int main( int argc, char *argv[] ) { mbedtls_printf( " failed\n" ); - if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 ) + if( ( ret & MBEDTLS_X509_BADCERT_EXPIRED ) != 0 ) mbedtls_printf( " ! server certificate has expired\n" ); if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 ) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index dfe80bda9..30594431a 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -200,11 +200,11 @@ int main( int argc, char *argv[] ) else if( strcmp( q, "non_repudiation" ) == 0 ) opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION; else if( strcmp( q, "key_encipherment" ) == 0 ) - opt.key_usage |= MBEDTLS_KU_KEY_ENCIPHERMENT; + opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT; else if( strcmp( q, "data_encipherment" ) == 0 ) - opt.key_usage |= MBEDTLS_KU_DATA_ENCIPHERMENT; + opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT; else if( strcmp( q, "key_agreement" ) == 0 ) - opt.key_usage |= MBEDTLS_KU_KEY_AGREEMENT; + opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT; else if( strcmp( q, "key_cert_sign" ) == 0 ) opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN; else if( strcmp( q, "crl_sign" ) == 0 ) @@ -225,17 +225,17 @@ int main( int argc, char *argv[] ) if( strcmp( q, "ssl_client" ) == 0 ) opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT; else if( strcmp( q, "ssl_server" ) == 0 ) - opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_SERVER; + opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER; else if( strcmp( q, "email" ) == 0 ) opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL; else if( strcmp( q, "object_signing" ) == 0 ) opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING; else if( strcmp( q, "ssl_ca" ) == 0 ) - opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_CA; + opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA; else if( strcmp( q, "email_ca" ) == 0 ) - opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_EMAIL_CA; + opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA; else if( strcmp( q, "object_signing_ca" ) == 0 ) - opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA; + opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA; else goto usage; diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index f1bf563d5..20ee5b408 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -316,11 +316,11 @@ int main( int argc, char *argv[] ) else if( strcmp( q, "non_repudiation" ) == 0 ) opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION; else if( strcmp( q, "key_encipherment" ) == 0 ) - opt.key_usage |= MBEDTLS_KU_KEY_ENCIPHERMENT; + opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT; else if( strcmp( q, "data_encipherment" ) == 0 ) - opt.key_usage |= MBEDTLS_KU_DATA_ENCIPHERMENT; + opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT; else if( strcmp( q, "key_agreement" ) == 0 ) - opt.key_usage |= MBEDTLS_KU_KEY_AGREEMENT; + opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT; else if( strcmp( q, "key_cert_sign" ) == 0 ) opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN; else if( strcmp( q, "crl_sign" ) == 0 ) @@ -341,17 +341,17 @@ int main( int argc, char *argv[] ) if( strcmp( q, "ssl_client" ) == 0 ) opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT; else if( strcmp( q, "ssl_server" ) == 0 ) - opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_SERVER; + opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER; else if( strcmp( q, "email" ) == 0 ) opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL; else if( strcmp( q, "object_signing" ) == 0 ) opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING; else if( strcmp( q, "ssl_ca" ) == 0 ) - opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_CA; + opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA; else if( strcmp( q, "email_ca" ) == 0 ) - opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_EMAIL_CA; + opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA; else if( strcmp( q, "object_signing_ca" ) == 0 ) - opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA; + opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA; else goto usage; diff --git a/scripts/data_files/rename-1.3-2.0.txt b/scripts/data_files/rename-1.3-2.0.txt index 0b7adbbaa..4bab69cc2 100644 --- a/scripts/data_files/rename-1.3-2.0.txt +++ b/scripts/data_files/rename-1.3-2.0.txt @@ -21,18 +21,18 @@ ASN1_UNIVERSAL_STRING MBEDTLS_ASN1_UNIVERSAL_STRING ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH -BADCERT_EXPIRED MBEDTLS_BADCERT_EXPIRED -BADCERT_EXT_KEY_USAGE MBEDTLS_BADCERT_EXT_KEY_USAGE +BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED +BADCERT_EXT_KEY_USAGE MBEDTLS_X509_BADCERT_EXT_KEY_USAGE BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE -BADCERT_KEY_USAGE MBEDTLS_BADCERT_KEY_USAGE -BADCERT_MISSING MBEDTLS_BADCERT_MISSING +BADCERT_KEY_USAGE MBEDTLS_X509_BADCERT_KEY_USAGE +BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED -BADCERT_NS_CERT_TYPE MBEDTLS_BADCERT_NS_CERT_TYPE -BADCERT_OTHER MBEDTLS_BADCERT_OTHER +BADCERT_NS_CERT_TYPE MBEDTLS_X509_BADCERT_NS_CERT_TYPE +BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED -BADCERT_SKIP_VERIFY MBEDTLS_BADCERT_SKIP_VERIFY +BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED -BADCRL_FUTURE MBEDTLS_BADCRL_FUTURE +BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT @@ -67,29 +67,29 @@ ENTROPY_MIN_HAVEGE MBEDTLS_ENTROPY_MIN_HAVEGE ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER -EXT_BASIC_CONSTRAINTS MBEDTLS_EXT_BASIC_CONSTRAINTS +EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES -EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS +EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE -EXT_FRESHEST_CRL MBEDTLS_EXT_FRESHEST_CRL +EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY -EXT_ISSUER_ALT_NAME MBEDTLS_EXT_ISSUER_ALT_NAME +EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE -EXT_NAME_CONSTRAINTS MBEDTLS_EXT_NAME_CONSTRAINTS +EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE -EXT_POLICY_CONSTRAINTS MBEDTLS_EXT_POLICY_CONSTRAINTS +EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS -EXT_SUBJECT_ALT_NAME MBEDTLS_EXT_SUBJECT_ALT_NAME +EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS -EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER +EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER GCM_DECRYPT MBEDTLS_GCM_DECRYPT GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN -KU_DATA_ENCIPHERMENT MBEDTLS_KU_DATA_ENCIPHERMENT +KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE -KU_KEY_AGREEMENT MBEDTLS_KU_KEY_AGREEMENT +KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN -KU_KEY_ENCIPHERMENT MBEDTLS_KU_KEY_ENCIPHERMENT +KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100 MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT @@ -101,13 +101,13 @@ MPI_CHK MBEDTLS_MPI_CHK NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL -NS_CERT_TYPE_EMAIL_CA MBEDTLS_NS_CERT_TYPE_EMAIL_CA +NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING -NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA +NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED -NS_CERT_TYPE_SSL_CA MBEDTLS_NS_CERT_TYPE_SSL_CA +NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT -NS_CERT_TYPE_SSL_SERVER MBEDTLS_NS_CERT_TYPE_SSL_SERVER +NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62 OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 1a4f0f02b..6c7cbefc4 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -266,43 +266,43 @@ X509 Verify Information: empty x509_verify_info:0:"":"" X509 Verify Information: one issue -x509_verify_info:MBEDTLS_BADCERT_MISSING:"":"Certificate was missing\n" +x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n" X509 Verify Information: two issues -x509_verify_info:MBEDTLS_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n" +x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n" X509 Verify Information: two issues, one unknown -x509_verify_info:MBEDTLS_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n" +x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n" X509 Verify Information: empty, with prefix x509_verify_info:0:" ! ":"" X509 Verify Information: one issue, with prefix -x509_verify_info:MBEDTLS_BADCERT_MISSING:" ! ":" ! Certificate was missing\n" +x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:" ! ":" ! Certificate was missing\n" X509 Verify Information: two issues, with prefix -x509_verify_info:MBEDTLS_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n" +x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n" X509 Verify Information: empty x509_verify_info:0:"":"" X509 Verify Information: one issue -x509_verify_info:BADCERT_MISSING:"":"Certificate was missing\n" +x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n" X509 Verify Information: two issues -x509_verify_info:BADCERT_EXPIRED | BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n" +x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n" X509 Verify Information: two issues, one unknown -x509_verify_info:BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n" +x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n" X509 Verify Information: empty, with prefix x509_verify_info:0:" ! ":"" X509 Verify Information: one issue, with prefix -x509_verify_info:BADCERT_MISSING:" ! ":" ! Certificate was missing\n" +x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:" ! ":" ! Certificate was missing\n" X509 Verify Information: two issues, with prefix -x509_verify_info:BADCERT_EXPIRED | BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n" +x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n" X509 Get Distinguished Name #1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C @@ -374,7 +374,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C -x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE:"NULL" +x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL" X509 Certificate verification #2 (Revoked Cert, Expired CRL) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -382,7 +382,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex X509 Certificate verification #2a (Revoked Cert, Future CRL) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C -x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE:"NULL" +x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL" X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -390,7 +390,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C -x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL" +x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL" X509 Certificate verification #4 (Valid Cert, Expired CRL) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -398,7 +398,7 @@ x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_ex X509 Certificate verification #4a (Revoked Cert, Future CRL) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C -x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCRL_FUTURE:"NULL" +x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"NULL" X509 Certificate verification #5 (Revoked Cert) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -418,7 +418,7 @@ x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-e X509 Certificate verification #8a (Expired Cert) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C -x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCERT_EXPIRED:"NULL" +x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"NULL" X509 Certificate verification #8b (Future Cert) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C @@ -462,7 +462,7 @@ x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/cr X509 Certificate verification #19 (Valid Cert, denying callback) depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCERT_OTHER:"verify_none" +x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"verify_none" X509 Certificate verification #19 (Not trusted Cert, allowing callback) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -706,7 +706,7 @@ x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/ X509 Certificate verification #79 (multiple CRLs, revoked by future) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_BADCRL_FUTURE:"NULL" +x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"NULL" X509 Certificate verification #80 (multiple CRLs, first future, revoked by second) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C @@ -1122,7 +1122,7 @@ X509 OID numstring #5 (arithmetic overflow) x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL X509 crt keyUsage #1 (no extension, expected KU) -x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_KU_KEY_ENCIPHERMENT:0 +x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 X509 crt keyUsage #2 (no extension, surprising KU) x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0 @@ -1137,13 +1137,13 @@ X509 crt keyUsage #5 (extension present, single KU absent) x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt keyUsage #6 (extension present, combined KU present) -x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_KU_KEY_ENCIPHERMENT:0 +x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 X509 crt keyUsage #7 (extension present, combined KU both absent) x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt keyUsage #8 (extension present, combined KU one absent) -x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_KU_KEY_ENCIPHERMENT|MBEDTLS_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA +x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt extendedKeyUsage #1 (no extension, serverAuth) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 27912c313..22bc18c7d 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -11,7 +11,7 @@ int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, int * ((void) data); ((void) crt); ((void) certificate_depth); - *flags |= MBEDTLS_BADCERT_OTHER; + *flags |= MBEDTLS_X509_BADCERT_OTHER; return 0; } diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 8d2cbf07d..d4d2a98ce 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -28,15 +28,15 @@ x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_ Certificate Request check Server1 key_usage depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 Certificate Request check Server1 ns_cert_type depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_NS_CERT_TYPE_SSL_SERVER +x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER Certificate Request check Server1 key_usage + ns_cert_type depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:MBEDTLS_NS_CERT_TYPE_SSL_SERVER +x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER Certificate Request check Server5 ECDSA, key_usage depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED @@ -48,11 +48,11 @@ x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1 Certificate write check Server1 SHA1, key_usage depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt" Certificate write check Server1 SHA1, ns_cert_type depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt" Certificate write check Server1 SHA1, version 1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C