1a8e1175bSopenharmony_ci/* 2a8e1175bSopenharmony_ci * Common source code for SSL test programs. This file is included by 3a8e1175bSopenharmony_ci * both ssl_client2.c and ssl_server2.c and is intended for source 4a8e1175bSopenharmony_ci * code that is textually identical in both programs, but that cannot be 5a8e1175bSopenharmony_ci * compiled separately because it refers to types or macros that are 6a8e1175bSopenharmony_ci * different in the two programs, or because it would have an incomplete 7a8e1175bSopenharmony_ci * type. 8a8e1175bSopenharmony_ci * 9a8e1175bSopenharmony_ci * This file is meant to be #include'd and cannot be compiled separately. 10a8e1175bSopenharmony_ci * 11a8e1175bSopenharmony_ci * Copyright The Mbed TLS Contributors 12a8e1175bSopenharmony_ci * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 13a8e1175bSopenharmony_ci */ 14a8e1175bSopenharmony_ci 15a8e1175bSopenharmony_civoid eap_tls_key_derivation(void *p_expkey, 16a8e1175bSopenharmony_ci mbedtls_ssl_key_export_type secret_type, 17a8e1175bSopenharmony_ci const unsigned char *secret, 18a8e1175bSopenharmony_ci size_t secret_len, 19a8e1175bSopenharmony_ci const unsigned char client_random[32], 20a8e1175bSopenharmony_ci const unsigned char server_random[32], 21a8e1175bSopenharmony_ci mbedtls_tls_prf_types tls_prf_type) 22a8e1175bSopenharmony_ci{ 23a8e1175bSopenharmony_ci eap_tls_keys *keys = (eap_tls_keys *) p_expkey; 24a8e1175bSopenharmony_ci 25a8e1175bSopenharmony_ci /* We're only interested in the TLS 1.2 master secret */ 26a8e1175bSopenharmony_ci if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { 27a8e1175bSopenharmony_ci return; 28a8e1175bSopenharmony_ci } 29a8e1175bSopenharmony_ci if (secret_len != sizeof(keys->master_secret)) { 30a8e1175bSopenharmony_ci return; 31a8e1175bSopenharmony_ci } 32a8e1175bSopenharmony_ci 33a8e1175bSopenharmony_ci memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); 34a8e1175bSopenharmony_ci memcpy(keys->randbytes, client_random, 32); 35a8e1175bSopenharmony_ci memcpy(keys->randbytes + 32, server_random, 32); 36a8e1175bSopenharmony_ci keys->tls_prf_type = tls_prf_type; 37a8e1175bSopenharmony_ci} 38a8e1175bSopenharmony_ci 39a8e1175bSopenharmony_civoid nss_keylog_export(void *p_expkey, 40a8e1175bSopenharmony_ci mbedtls_ssl_key_export_type secret_type, 41a8e1175bSopenharmony_ci const unsigned char *secret, 42a8e1175bSopenharmony_ci size_t secret_len, 43a8e1175bSopenharmony_ci const unsigned char client_random[32], 44a8e1175bSopenharmony_ci const unsigned char server_random[32], 45a8e1175bSopenharmony_ci mbedtls_tls_prf_types tls_prf_type) 46a8e1175bSopenharmony_ci{ 47a8e1175bSopenharmony_ci char nss_keylog_line[200]; 48a8e1175bSopenharmony_ci size_t const client_random_len = 32; 49a8e1175bSopenharmony_ci size_t len = 0; 50a8e1175bSopenharmony_ci size_t j; 51a8e1175bSopenharmony_ci 52a8e1175bSopenharmony_ci /* We're only interested in the TLS 1.2 master secret */ 53a8e1175bSopenharmony_ci if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { 54a8e1175bSopenharmony_ci return; 55a8e1175bSopenharmony_ci } 56a8e1175bSopenharmony_ci 57a8e1175bSopenharmony_ci ((void) p_expkey); 58a8e1175bSopenharmony_ci ((void) server_random); 59a8e1175bSopenharmony_ci ((void) tls_prf_type); 60a8e1175bSopenharmony_ci 61a8e1175bSopenharmony_ci len += sprintf(nss_keylog_line + len, 62a8e1175bSopenharmony_ci "%s", "CLIENT_RANDOM "); 63a8e1175bSopenharmony_ci 64a8e1175bSopenharmony_ci for (j = 0; j < client_random_len; j++) { 65a8e1175bSopenharmony_ci len += sprintf(nss_keylog_line + len, 66a8e1175bSopenharmony_ci "%02x", client_random[j]); 67a8e1175bSopenharmony_ci } 68a8e1175bSopenharmony_ci 69a8e1175bSopenharmony_ci len += sprintf(nss_keylog_line + len, " "); 70a8e1175bSopenharmony_ci 71a8e1175bSopenharmony_ci for (j = 0; j < secret_len; j++) { 72a8e1175bSopenharmony_ci len += sprintf(nss_keylog_line + len, 73a8e1175bSopenharmony_ci "%02x", secret[j]); 74a8e1175bSopenharmony_ci } 75a8e1175bSopenharmony_ci 76a8e1175bSopenharmony_ci len += sprintf(nss_keylog_line + len, "\n"); 77a8e1175bSopenharmony_ci nss_keylog_line[len] = '\0'; 78a8e1175bSopenharmony_ci 79a8e1175bSopenharmony_ci mbedtls_printf("\n"); 80a8e1175bSopenharmony_ci mbedtls_printf("---------------- NSS KEYLOG -----------------\n"); 81a8e1175bSopenharmony_ci mbedtls_printf("%s", nss_keylog_line); 82a8e1175bSopenharmony_ci mbedtls_printf("---------------------------------------------\n"); 83a8e1175bSopenharmony_ci 84a8e1175bSopenharmony_ci if (opt.nss_keylog_file != NULL) { 85a8e1175bSopenharmony_ci FILE *f; 86a8e1175bSopenharmony_ci 87a8e1175bSopenharmony_ci if ((f = fopen(opt.nss_keylog_file, "a")) == NULL) { 88a8e1175bSopenharmony_ci goto exit; 89a8e1175bSopenharmony_ci } 90a8e1175bSopenharmony_ci 91a8e1175bSopenharmony_ci /* Ensure no stdio buffering of secrets, as such buffers cannot be 92a8e1175bSopenharmony_ci * wiped. */ 93a8e1175bSopenharmony_ci mbedtls_setbuf(f, NULL); 94a8e1175bSopenharmony_ci 95a8e1175bSopenharmony_ci if (fwrite(nss_keylog_line, 1, len, f) != len) { 96a8e1175bSopenharmony_ci fclose(f); 97a8e1175bSopenharmony_ci goto exit; 98a8e1175bSopenharmony_ci } 99a8e1175bSopenharmony_ci 100a8e1175bSopenharmony_ci fclose(f); 101a8e1175bSopenharmony_ci } 102a8e1175bSopenharmony_ci 103a8e1175bSopenharmony_ciexit: 104a8e1175bSopenharmony_ci mbedtls_platform_zeroize(nss_keylog_line, 105a8e1175bSopenharmony_ci sizeof(nss_keylog_line)); 106a8e1175bSopenharmony_ci} 107a8e1175bSopenharmony_ci 108a8e1175bSopenharmony_ci#if defined(MBEDTLS_SSL_DTLS_SRTP) 109a8e1175bSopenharmony_civoid dtls_srtp_key_derivation(void *p_expkey, 110a8e1175bSopenharmony_ci mbedtls_ssl_key_export_type secret_type, 111a8e1175bSopenharmony_ci const unsigned char *secret, 112a8e1175bSopenharmony_ci size_t secret_len, 113a8e1175bSopenharmony_ci const unsigned char client_random[32], 114a8e1175bSopenharmony_ci const unsigned char server_random[32], 115a8e1175bSopenharmony_ci mbedtls_tls_prf_types tls_prf_type) 116a8e1175bSopenharmony_ci{ 117a8e1175bSopenharmony_ci dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey; 118a8e1175bSopenharmony_ci 119a8e1175bSopenharmony_ci /* We're only interested in the TLS 1.2 master secret */ 120a8e1175bSopenharmony_ci if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) { 121a8e1175bSopenharmony_ci return; 122a8e1175bSopenharmony_ci } 123a8e1175bSopenharmony_ci if (secret_len != sizeof(keys->master_secret)) { 124a8e1175bSopenharmony_ci return; 125a8e1175bSopenharmony_ci } 126a8e1175bSopenharmony_ci 127a8e1175bSopenharmony_ci memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); 128a8e1175bSopenharmony_ci memcpy(keys->randbytes, client_random, 32); 129a8e1175bSopenharmony_ci memcpy(keys->randbytes + 32, server_random, 32); 130a8e1175bSopenharmony_ci keys->tls_prf_type = tls_prf_type; 131a8e1175bSopenharmony_ci} 132a8e1175bSopenharmony_ci#endif /* MBEDTLS_SSL_DTLS_SRTP */ 133a8e1175bSopenharmony_ci 134a8e1175bSopenharmony_ciint ssl_check_record(mbedtls_ssl_context const *ssl, 135a8e1175bSopenharmony_ci unsigned char const *buf, size_t len) 136a8e1175bSopenharmony_ci{ 137a8e1175bSopenharmony_ci int my_ret = 0, ret_cr1, ret_cr2; 138a8e1175bSopenharmony_ci unsigned char *tmp_buf; 139a8e1175bSopenharmony_ci 140a8e1175bSopenharmony_ci /* Record checking may modify the input buffer, 141a8e1175bSopenharmony_ci * so make a copy. */ 142a8e1175bSopenharmony_ci tmp_buf = mbedtls_calloc(1, len); 143a8e1175bSopenharmony_ci if (tmp_buf == NULL) { 144a8e1175bSopenharmony_ci return MBEDTLS_ERR_SSL_ALLOC_FAILED; 145a8e1175bSopenharmony_ci } 146a8e1175bSopenharmony_ci memcpy(tmp_buf, buf, len); 147a8e1175bSopenharmony_ci 148a8e1175bSopenharmony_ci ret_cr1 = mbedtls_ssl_check_record(ssl, tmp_buf, len); 149a8e1175bSopenharmony_ci if (ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) { 150a8e1175bSopenharmony_ci /* Test-only: Make sure that mbedtls_ssl_check_record() 151a8e1175bSopenharmony_ci * doesn't alter state. */ 152a8e1175bSopenharmony_ci memcpy(tmp_buf, buf, len); /* Restore buffer */ 153a8e1175bSopenharmony_ci ret_cr2 = mbedtls_ssl_check_record(ssl, tmp_buf, len); 154a8e1175bSopenharmony_ci if (ret_cr2 != ret_cr1) { 155a8e1175bSopenharmony_ci mbedtls_printf("mbedtls_ssl_check_record() returned inconsistent results.\n"); 156a8e1175bSopenharmony_ci my_ret = -1; 157a8e1175bSopenharmony_ci goto cleanup; 158a8e1175bSopenharmony_ci } 159a8e1175bSopenharmony_ci 160a8e1175bSopenharmony_ci switch (ret_cr1) { 161a8e1175bSopenharmony_ci case 0: 162a8e1175bSopenharmony_ci break; 163a8e1175bSopenharmony_ci 164a8e1175bSopenharmony_ci case MBEDTLS_ERR_SSL_INVALID_RECORD: 165a8e1175bSopenharmony_ci if (opt.debug_level > 1) { 166a8e1175bSopenharmony_ci mbedtls_printf("mbedtls_ssl_check_record() detected invalid record.\n"); 167a8e1175bSopenharmony_ci } 168a8e1175bSopenharmony_ci break; 169a8e1175bSopenharmony_ci 170a8e1175bSopenharmony_ci case MBEDTLS_ERR_SSL_INVALID_MAC: 171a8e1175bSopenharmony_ci if (opt.debug_level > 1) { 172a8e1175bSopenharmony_ci mbedtls_printf("mbedtls_ssl_check_record() detected unauthentic record.\n"); 173a8e1175bSopenharmony_ci } 174a8e1175bSopenharmony_ci break; 175a8e1175bSopenharmony_ci 176a8e1175bSopenharmony_ci case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD: 177a8e1175bSopenharmony_ci if (opt.debug_level > 1) { 178a8e1175bSopenharmony_ci mbedtls_printf("mbedtls_ssl_check_record() detected unexpected record.\n"); 179a8e1175bSopenharmony_ci } 180a8e1175bSopenharmony_ci break; 181a8e1175bSopenharmony_ci 182a8e1175bSopenharmony_ci default: 183a8e1175bSopenharmony_ci mbedtls_printf("mbedtls_ssl_check_record() failed fatally with -%#04x.\n", 184a8e1175bSopenharmony_ci (unsigned int) -ret_cr1); 185a8e1175bSopenharmony_ci my_ret = -1; 186a8e1175bSopenharmony_ci goto cleanup; 187a8e1175bSopenharmony_ci } 188a8e1175bSopenharmony_ci 189a8e1175bSopenharmony_ci /* Regardless of the outcome, forward the record to the stack. */ 190a8e1175bSopenharmony_ci } 191a8e1175bSopenharmony_ci 192a8e1175bSopenharmony_cicleanup: 193a8e1175bSopenharmony_ci mbedtls_free(tmp_buf); 194a8e1175bSopenharmony_ci 195a8e1175bSopenharmony_ci return my_ret; 196a8e1175bSopenharmony_ci} 197a8e1175bSopenharmony_ci 198a8e1175bSopenharmony_ciint recv_cb(void *ctx, unsigned char *buf, size_t len) 199a8e1175bSopenharmony_ci{ 200a8e1175bSopenharmony_ci io_ctx_t *io_ctx = (io_ctx_t *) ctx; 201a8e1175bSopenharmony_ci size_t recv_len; 202a8e1175bSopenharmony_ci int ret; 203a8e1175bSopenharmony_ci 204a8e1175bSopenharmony_ci if (opt.nbio == 2) { 205a8e1175bSopenharmony_ci ret = delayed_recv(io_ctx->net, buf, len); 206a8e1175bSopenharmony_ci } else { 207a8e1175bSopenharmony_ci ret = mbedtls_net_recv(io_ctx->net, buf, len); 208a8e1175bSopenharmony_ci } 209a8e1175bSopenharmony_ci if (ret < 0) { 210a8e1175bSopenharmony_ci return ret; 211a8e1175bSopenharmony_ci } 212a8e1175bSopenharmony_ci recv_len = (size_t) ret; 213a8e1175bSopenharmony_ci 214a8e1175bSopenharmony_ci if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { 215a8e1175bSopenharmony_ci /* Here's the place to do any datagram/record checking 216a8e1175bSopenharmony_ci * in between receiving the packet from the underlying 217a8e1175bSopenharmony_ci * transport and passing it on to the TLS stack. */ 218a8e1175bSopenharmony_ci if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) { 219a8e1175bSopenharmony_ci return -1; 220a8e1175bSopenharmony_ci } 221a8e1175bSopenharmony_ci } 222a8e1175bSopenharmony_ci 223a8e1175bSopenharmony_ci return (int) recv_len; 224a8e1175bSopenharmony_ci} 225a8e1175bSopenharmony_ci 226a8e1175bSopenharmony_ciint recv_timeout_cb(void *ctx, unsigned char *buf, size_t len, 227a8e1175bSopenharmony_ci uint32_t timeout) 228a8e1175bSopenharmony_ci{ 229a8e1175bSopenharmony_ci io_ctx_t *io_ctx = (io_ctx_t *) ctx; 230a8e1175bSopenharmony_ci int ret; 231a8e1175bSopenharmony_ci size_t recv_len; 232a8e1175bSopenharmony_ci 233a8e1175bSopenharmony_ci ret = mbedtls_net_recv_timeout(io_ctx->net, buf, len, timeout); 234a8e1175bSopenharmony_ci if (ret < 0) { 235a8e1175bSopenharmony_ci return ret; 236a8e1175bSopenharmony_ci } 237a8e1175bSopenharmony_ci recv_len = (size_t) ret; 238a8e1175bSopenharmony_ci 239a8e1175bSopenharmony_ci if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { 240a8e1175bSopenharmony_ci /* Here's the place to do any datagram/record checking 241a8e1175bSopenharmony_ci * in between receiving the packet from the underlying 242a8e1175bSopenharmony_ci * transport and passing it on to the TLS stack. */ 243a8e1175bSopenharmony_ci if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) { 244a8e1175bSopenharmony_ci return -1; 245a8e1175bSopenharmony_ci } 246a8e1175bSopenharmony_ci } 247a8e1175bSopenharmony_ci 248a8e1175bSopenharmony_ci return (int) recv_len; 249a8e1175bSopenharmony_ci} 250a8e1175bSopenharmony_ci 251a8e1175bSopenharmony_ciint send_cb(void *ctx, unsigned char const *buf, size_t len) 252a8e1175bSopenharmony_ci{ 253a8e1175bSopenharmony_ci io_ctx_t *io_ctx = (io_ctx_t *) ctx; 254a8e1175bSopenharmony_ci 255a8e1175bSopenharmony_ci if (opt.nbio == 2) { 256a8e1175bSopenharmony_ci return delayed_send(io_ctx->net, buf, len); 257a8e1175bSopenharmony_ci } 258a8e1175bSopenharmony_ci 259a8e1175bSopenharmony_ci return mbedtls_net_send(io_ctx->net, buf, len); 260a8e1175bSopenharmony_ci} 261a8e1175bSopenharmony_ci 262a8e1175bSopenharmony_ci#if defined(MBEDTLS_X509_CRT_PARSE_C) 263a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && defined(MBEDTLS_RSA_C) 264a8e1175bSopenharmony_ci#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 265a8e1175bSopenharmony_ci/* 266a8e1175bSopenharmony_ci * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate 267a8e1175bSopenharmony_ci * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if 268a8e1175bSopenharmony_ci * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then 269a8e1175bSopenharmony_ci * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm 270a8e1175bSopenharmony_ci * for its signature in the key exchange message. As Mbed TLS 1.2 does not 271a8e1175bSopenharmony_ci * support them, the handshake fails. 272a8e1175bSopenharmony_ci */ 273a8e1175bSopenharmony_ci#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \ 274a8e1175bSopenharmony_ci ((hash << 8) | MBEDTLS_SSL_SIG_RSA), \ 275a8e1175bSopenharmony_ci (0x800 | hash), 276a8e1175bSopenharmony_ci#else 277a8e1175bSopenharmony_ci#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \ 278a8e1175bSopenharmony_ci ((hash << 8) | MBEDTLS_SSL_SIG_RSA), 279a8e1175bSopenharmony_ci#endif 280a8e1175bSopenharmony_ci#elif defined(MBEDTLS_PK_CAN_ECDSA_SOME) 281a8e1175bSopenharmony_ci#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), 282a8e1175bSopenharmony_ci#elif defined(MBEDTLS_RSA_C) 283a8e1175bSopenharmony_ci#if defined(MBEDTLS_SSL_PROTO_TLS1_3) 284a8e1175bSopenharmony_ci/* See above */ 285a8e1175bSopenharmony_ci#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA), \ 286a8e1175bSopenharmony_ci (0x800 | hash), 287a8e1175bSopenharmony_ci#else 288a8e1175bSopenharmony_ci#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA), 289a8e1175bSopenharmony_ci#endif 290a8e1175bSopenharmony_ci#else 291a8e1175bSopenharmony_ci#define MBEDTLS_SSL_SIG_ALG(hash) 292a8e1175bSopenharmony_ci#endif 293a8e1175bSopenharmony_ci 294a8e1175bSopenharmony_ciuint16_t ssl_sig_algs_for_test[] = { 295a8e1175bSopenharmony_ci#if defined(MBEDTLS_MD_CAN_SHA512) 296a8e1175bSopenharmony_ci MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA512) 297a8e1175bSopenharmony_ci#endif 298a8e1175bSopenharmony_ci#if defined(MBEDTLS_MD_CAN_SHA384) 299a8e1175bSopenharmony_ci MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA384) 300a8e1175bSopenharmony_ci#endif 301a8e1175bSopenharmony_ci#if defined(MBEDTLS_MD_CAN_SHA256) 302a8e1175bSopenharmony_ci MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA256) 303a8e1175bSopenharmony_ci#endif 304a8e1175bSopenharmony_ci#if defined(MBEDTLS_MD_CAN_SHA224) 305a8e1175bSopenharmony_ci MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA224) 306a8e1175bSopenharmony_ci#endif 307a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) 308a8e1175bSopenharmony_ci MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, 309a8e1175bSopenharmony_ci#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 */ 310a8e1175bSopenharmony_ci#if defined(MBEDTLS_MD_CAN_SHA1) 311a8e1175bSopenharmony_ci /* Allow SHA-1 as we use it extensively in tests. */ 312a8e1175bSopenharmony_ci MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA1) 313a8e1175bSopenharmony_ci#endif 314a8e1175bSopenharmony_ci MBEDTLS_TLS1_3_SIG_NONE 315a8e1175bSopenharmony_ci}; 316a8e1175bSopenharmony_ci#endif /* MBEDTLS_X509_CRT_PARSE_C */ 317a8e1175bSopenharmony_ci 318a8e1175bSopenharmony_ci#if defined(MBEDTLS_X509_CRT_PARSE_C) 319a8e1175bSopenharmony_ci/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function 320a8e1175bSopenharmony_ci * for more info. 321a8e1175bSopenharmony_ci */ 322a8e1175bSopenharmony_ciint x509_crt_verify_info(char *buf, size_t size, const char *prefix, 323a8e1175bSopenharmony_ci uint32_t flags) 324a8e1175bSopenharmony_ci{ 325a8e1175bSopenharmony_ci#if !defined(MBEDTLS_X509_REMOVE_INFO) 326a8e1175bSopenharmony_ci return mbedtls_x509_crt_verify_info(buf, size, prefix, flags); 327a8e1175bSopenharmony_ci 328a8e1175bSopenharmony_ci#else /* !MBEDTLS_X509_REMOVE_INFO */ 329a8e1175bSopenharmony_ci int ret; 330a8e1175bSopenharmony_ci char *p = buf; 331a8e1175bSopenharmony_ci size_t n = size; 332a8e1175bSopenharmony_ci 333a8e1175bSopenharmony_ci#define X509_CRT_ERROR_INFO(err, err_str, info) \ 334a8e1175bSopenharmony_ci if ((flags & err) != 0) \ 335a8e1175bSopenharmony_ci { \ 336a8e1175bSopenharmony_ci ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, info); \ 337a8e1175bSopenharmony_ci MBEDTLS_X509_SAFE_SNPRINTF; \ 338a8e1175bSopenharmony_ci flags ^= err; \ 339a8e1175bSopenharmony_ci } 340a8e1175bSopenharmony_ci 341a8e1175bSopenharmony_ci MBEDTLS_X509_CRT_ERROR_INFO_LIST 342a8e1175bSopenharmony_ci#undef X509_CRT_ERROR_INFO 343a8e1175bSopenharmony_ci 344a8e1175bSopenharmony_ci if (flags != 0) { 345a8e1175bSopenharmony_ci ret = mbedtls_snprintf(p, n, "%sUnknown reason " 346a8e1175bSopenharmony_ci "(this should not happen)\n", prefix); 347a8e1175bSopenharmony_ci MBEDTLS_X509_SAFE_SNPRINTF; 348a8e1175bSopenharmony_ci } 349a8e1175bSopenharmony_ci 350a8e1175bSopenharmony_ci return (int) (size - n); 351a8e1175bSopenharmony_ci#endif /* MBEDTLS_X509_REMOVE_INFO */ 352a8e1175bSopenharmony_ci} 353a8e1175bSopenharmony_ci#endif /* MBEDTLS_X509_CRT_PARSE_C */ 354a8e1175bSopenharmony_ci 355a8e1175bSopenharmony_civoid mbedtls_print_supported_sig_algs(void) 356a8e1175bSopenharmony_ci{ 357a8e1175bSopenharmony_ci mbedtls_printf("supported signature algorithms:\n"); 358a8e1175bSopenharmony_ci mbedtls_printf("\trsa_pkcs1_sha256 "); 359a8e1175bSopenharmony_ci mbedtls_printf("rsa_pkcs1_sha384 "); 360a8e1175bSopenharmony_ci mbedtls_printf("rsa_pkcs1_sha512\n"); 361a8e1175bSopenharmony_ci mbedtls_printf("\tecdsa_secp256r1_sha256 "); 362a8e1175bSopenharmony_ci mbedtls_printf("ecdsa_secp384r1_sha384 "); 363a8e1175bSopenharmony_ci mbedtls_printf("ecdsa_secp521r1_sha512\n"); 364a8e1175bSopenharmony_ci mbedtls_printf("\trsa_pss_rsae_sha256 "); 365a8e1175bSopenharmony_ci mbedtls_printf("rsa_pss_rsae_sha384 "); 366a8e1175bSopenharmony_ci mbedtls_printf("rsa_pss_rsae_sha512\n"); 367a8e1175bSopenharmony_ci mbedtls_printf("\trsa_pss_pss_sha256 "); 368a8e1175bSopenharmony_ci mbedtls_printf("rsa_pss_pss_sha384 "); 369a8e1175bSopenharmony_ci mbedtls_printf("rsa_pss_pss_sha512\n"); 370a8e1175bSopenharmony_ci mbedtls_printf("\ted25519 "); 371a8e1175bSopenharmony_ci mbedtls_printf("ed448 "); 372a8e1175bSopenharmony_ci mbedtls_printf("rsa_pkcs1_sha1 "); 373a8e1175bSopenharmony_ci mbedtls_printf("ecdsa_sha1\n"); 374a8e1175bSopenharmony_ci mbedtls_printf("\n"); 375a8e1175bSopenharmony_ci} 376