Hello community, here is the log from the commit of package mbedtls for openSUSE:Factory checked in at 2015-11-24 22:31:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mbedtls (Old) and /work/SRC/openSUSE:Factory/.mbedtls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mbedtls" Changes: -------- --- /work/SRC/openSUSE:Factory/mbedtls/mbedtls.changes 2015-10-17 16:38:11.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mbedtls.new/mbedtls.changes 2015-11-24 22:31:53.000000000 +0100 @@ -1,0 +2,33 @@ +Wed Nov 18 13:29:03 UTC 2015 - [email protected] + +- Update to 1.3.15 + * Fix potential double free if ssl_set_psk() is called more than once and + some allocation fails. Cannot be forced remotely. Found by Guido Vranken, + Intelworks. + * Fix potential heap corruption on Windows when + x509_crt_parse_path() is passed a path longer than 2GB. Cannot be + triggered remotely. Found by Guido Vranken, Intelworks. + * Fix potential buffer overflow in some asn1_write_xxx() functions. + Cannot be triggered remotely unless you create X.509 certificates based + on untrusted input or write keys of untrusted origin. Found by Guido + Vranken, Intelworks. + * The X509 max_pathlen constraint was not enforced on intermediate + certificates. Found by Nicholas Wilson, fix and tests provided by + Janos Follath. #280 and #319 + * Self-signed certificates were not excluded from pathlen counting, + resulting in some valid X.509 being incorrectly rejected. Found and fix + provided by Janos Follath. #319 + * Fix bug causing some handshakes to fail due to some non-fatal alerts not + begin properly ignored. Found by mancha and Kasom Koht-arsa, #308 + * Fix build error with configurations where ECDHE-PSK is the only key + exchange. Found and fix provided by Chris Hammond. #270 + * Fix failures in MPI on Sparc(64) due to use of bad assembly code. + Found by Kurt Danielson. #292 + * Fix typo in name of the extKeyUsage OID. Found by inestlerode, #314 + * Fix bug in ASN.1 encoding of booleans that caused generated CA + certificates to be rejected by some applications, including OS X + Keychain. Found and fixed by Jonathan Leroy, Inikup. + * Fix "Destination buffer is too small" error in cert_write program. + Found and fixed by Jonathan Leroy, Inikup. + +------------------------------------------------------------------- Old: ---- mbedtls-1.3.14-gpl.tgz New: ---- mbedtls-1.3.15-gpl.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mbedtls.spec ++++++ --- /var/tmp/diff_new_pack.gyNUxq/_old 2015-11-24 22:31:54.000000000 +0100 +++ /var/tmp/diff_new_pack.gyNUxq/_new 2015-11-24 22:31:54.000000000 +0100 @@ -18,7 +18,7 @@ %define lib_name lib%{name}9 Name: mbedtls -Version: 1.3.14 +Version: 1.3.15 Release: 0 Summary: Open Source embedded SSL/TLS cryptographic library License: GPL-2.0+ ++++++ mbedtls-1.3.14-gpl.tgz -> mbedtls-1.3.15-gpl.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/ChangeLog new/mbedtls-1.3.15/ChangeLog --- old/mbedtls-1.3.14/ChangeLog 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/ChangeLog 2015-11-05 16:44:46.000000000 +0100 @@ -1,5 +1,39 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 1.3.15 released 2015-11-04 + +Security + * Fix potential double free if ssl_set_psk() is called more than once and + some allocation fails. Cannot be forced remotely. Found by Guido Vranken, + Intelworks. + * Fix potential heap corruption on Windows when + x509_crt_parse_path() is passed a path longer than 2GB. Cannot be + triggered remotely. Found by Guido Vranken, Intelworks. + * Fix potential buffer overflow in some asn1_write_xxx() functions. + Cannot be triggered remotely unless you create X.509 certificates based + on untrusted input or write keys of untrusted origin. Found by Guido + Vranken, Intelworks. + * The X509 max_pathlen constraint was not enforced on intermediate + certificates. Found by Nicholas Wilson, fix and tests provided by + Janos Follath. #280 and #319 + +Bugfix + * Self-signed certificates were not excluded from pathlen counting, + resulting in some valid X.509 being incorrectly rejected. Found and fix + provided by Janos Follath. #319 + * Fix bug causing some handshakes to fail due to some non-fatal alerts not + begin properly ignored. Found by mancha and Kasom Koht-arsa, #308 + * Fix build error with configurations where ECDHE-PSK is the only key + exchange. Found and fix provided by Chris Hammond. #270 + * Fix failures in MPI on Sparc(64) due to use of bad assembly code. + Found by Kurt Danielson. #292 + * Fix typo in name of the extKeyUsage OID. Found by inestlerode, #314 + * Fix bug in ASN.1 encoding of booleans that caused generated CA + certificates to be rejected by some applications, including OS X + Keychain. Found and fixed by Jonathan Leroy, Inikup. + * Fix "Destination buffer is too small" error in cert_write program. + Found and fixed by Jonathan Leroy, Inikup. + = mbed TLS 1.3.14 released 2015-10-06 Security diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/doxygen/input/doc_mainpage.h new/mbedtls-1.3.15/doxygen/input/doc_mainpage.h --- old/mbedtls-1.3.14/doxygen/input/doc_mainpage.h 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/doxygen/input/doc_mainpage.h 2015-11-05 16:44:46.000000000 +0100 @@ -4,7 +4,7 @@ */ /** - * @mainpage mbed TLS v1.3.14 source code documentation + * @mainpage mbed TLS v1.3.15 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/doxygen/mbedtls.doxyfile new/mbedtls-1.3.15/doxygen/mbedtls.doxyfile --- old/mbedtls-1.3.14/doxygen/mbedtls.doxyfile 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/doxygen/mbedtls.doxyfile 2015-11-05 16:44:46.000000000 +0100 @@ -28,7 +28,7 @@ # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v1.3.14" +PROJECT_NAME = "mbed TLS v1.3.15" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/include/polarssl/bn_mul.h new/mbedtls-1.3.15/include/polarssl/bn_mul.h --- old/mbedtls-1.3.14/include/polarssl/bn_mul.h 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/include/polarssl/bn_mul.h 2015-11-05 16:44:46.000000000 +0100 @@ -409,10 +409,11 @@ #endif /* PPC32 */ /* - * The Sparc64 assembly is reported to be broken. + * The Sparc(64) assembly is reported to be broken. * Disable it for now, until we're able to fix it. */ -#if 0 && defined(__sparc__) && defined(__sparc64__) +#if 0 && defined(__sparc__) +#if defined(__sparc64__) #define MULADDC_INIT \ asm( \ @@ -443,9 +444,8 @@ : "g1", "o0", "o1", "o2", "o3", "o4", \ "o5" \ ); -#endif /* SPARCv9 */ -#if defined(__sparc__) && !defined(__sparc64__) +#else /* __sparc64__ */ #define MULADDC_INIT \ asm( \ @@ -477,7 +477,8 @@ "o5" \ ); -#endif /* SPARCv8 */ +#endif /* __sparc64__ */ +#endif /* __sparc__ */ #if defined(__microblaze__) || defined(microblaze) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/include/polarssl/ssl_cache.h new/mbedtls-1.3.15/include/polarssl/ssl_cache.h --- old/mbedtls-1.3.14/include/polarssl/ssl_cache.h 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/include/polarssl/ssl_cache.h 2015-11-05 16:44:46.000000000 +0100 @@ -122,7 +122,7 @@ #endif /* POLARSSL_HAVE_TIME */ /** - * \brief Set the cache timeout + * \brief Set the maximum number of cache entries * (Default: SSL_CACHE_DEFAULT_MAX_ENTRIES (50)) * * \param cache SSL cache context diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/include/polarssl/ssl_ciphersuites.h new/mbedtls-1.3.15/include/polarssl/ssl_ciphersuites.h --- old/mbedtls-1.3.14/include/polarssl/ssl_ciphersuites.h 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/include/polarssl/ssl_ciphersuites.h 2015-11-05 16:44:46.000000000 +0100 @@ -252,7 +252,6 @@ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \ - defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) #define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/include/polarssl/version.h new/mbedtls-1.3.15/include/polarssl/version.h --- old/mbedtls-1.3.14/include/polarssl/version.h 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/include/polarssl/version.h 2015-11-05 16:44:46.000000000 +0100 @@ -40,16 +40,16 @@ */ #define POLARSSL_VERSION_MAJOR 1 #define POLARSSL_VERSION_MINOR 3 -#define POLARSSL_VERSION_PATCH 14 +#define POLARSSL_VERSION_PATCH 15 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define POLARSSL_VERSION_NUMBER 0x01030E00 -#define POLARSSL_VERSION_STRING "1.3.14" -#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.14" +#define POLARSSL_VERSION_NUMBER 0x01030F00 +#define POLARSSL_VERSION_STRING "1.3.15" +#define POLARSSL_VERSION_STRING_FULL "mbed TLS 1.3.15" #if defined(POLARSSL_VERSION_C) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/library/CMakeLists.txt new/mbedtls-1.3.15/library/CMakeLists.txt --- old/mbedtls-1.3.14/library/CMakeLists.txt 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/library/CMakeLists.txt 2015-11-05 16:44:46.000000000 +0100 @@ -117,7 +117,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedtls SHARED ${src}) - set_target_properties(mbedtls PROPERTIES VERSION 1.3.14 SOVERSION 9) + set_target_properties(mbedtls PROPERTIES VERSION 1.3.15 SOVERSION 9) target_link_libraries(mbedtls ${libs}) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/library/asn1write.c new/mbedtls-1.3.15/library/asn1write.c --- old/mbedtls-1.3.14/library/asn1write.c 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/library/asn1write.c 2015-11-05 16:44:46.000000000 +0100 @@ -88,7 +88,7 @@ { size_t len = 0; - if( *p - start < (int) size ) + if( *p < start || (size_t)( *p - start ) < size ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); len = size; @@ -108,7 +108,7 @@ // len = mpi_size( X ); - if( *p - start < (int) len ) + if( *p < start || (size_t)( *p - start ) < len ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); (*p) -= len; @@ -192,7 +192,7 @@ if( *p - start < 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = (boolean) ? 1 : 0; + *--(*p) = (boolean) ? 255 : 0; len++; ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); @@ -271,7 +271,7 @@ // Calculate byte length // - if( *p - start < (int) size + 1 ) + if( *p < start || (size_t)( *p - start ) < size + 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); len = size + 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/library/oid.c new/mbedtls-1.3.15/library/oid.c --- old/mbedtls-1.3.14/library/oid.c 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/library/oid.c 2015-11-05 16:44:46.000000000 +0100 @@ -268,7 +268,7 @@ EXT_KEY_USAGE, }, { - { ADD_LEN( OID_EXTENDED_KEY_USAGE ), "id-ce-keyUsage", "Extended Key Usage" }, + { ADD_LEN( OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" }, EXT_EXTENDED_KEY_USAGE, }, { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/library/pkwrite.c new/mbedtls-1.3.15/library/pkwrite.c --- old/mbedtls-1.3.14/library/pkwrite.c 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/library/pkwrite.c 2015-11-05 16:44:46.000000000 +0100 @@ -97,7 +97,7 @@ return( ret ); } - if( *p - start < (int) len ) + if( *p < start || (size_t)( *p - start ) < len ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); *p -= len; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/library/ssl_tls.c new/mbedtls-1.3.15/library/ssl_tls.c --- old/mbedtls-1.3.14/library/ssl_tls.c 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/library/ssl_tls.c 2015-11-05 16:44:46.000000000 +0100 @@ -949,11 +949,16 @@ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) if( key_ex == POLARSSL_KEY_EXCHANGE_PSK ) { - if( end - p < 2 + (int) ssl->psk_len ) + if( end - p < 2 ) return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); *(p++) = (unsigned char)( ssl->psk_len >> 8 ); *(p++) = (unsigned char)( ssl->psk_len ); + + if( end < p || (size_t)( end - p ) < ssl->psk_len ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + + memset( p, 0, ssl->psk_len ); p += ssl->psk_len; } else @@ -1021,11 +1026,15 @@ } /* opaque psk<0..2^16-1>; */ - if( end - p < 2 + (int) ssl->psk_len ) - return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + if( end - p < 2 ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); *(p++) = (unsigned char)( ssl->psk_len >> 8 ); *(p++) = (unsigned char)( ssl->psk_len ); + + if( end < p || (size_t)( end - p ) < ssl->psk_len ) + return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); + memcpy( p, ssl->psk, ssl->psk_len ); p += ssl->psk_len; @@ -2211,6 +2220,7 @@ /* * Read the record header and validate it */ +read_record_header: if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 ) { SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); @@ -2408,7 +2418,7 @@ ssl->in_msg[0], ssl->in_msg[1] ) ); /* - * Ignore non-fatal alerts, except close_notify + * Ignore non-fatal alerts, except close_notify and no_renego */ if( ssl->in_msg[0] == SSL_ALERT_LEVEL_FATAL ) { @@ -2423,6 +2433,29 @@ SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ); } + + if( ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == SSL_ALERT_MSG_NO_RENEGOTIATION ) + { + SSL_DEBUG_MSG( 2, ( "is a no_renegotiation" ) ); + /* Will be handled when trying to parse ServerHello */ + ssl->in_left = 0; + return( 0 ); + } + + if( ssl->minor_ver == SSL_MINOR_VERSION_0 && + ssl->endpoint == SSL_IS_SERVER && + ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT ) + { + SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); + /* Will be handled in ssl_parse_certificate() */ + ssl->in_left = 0; + return( 0 ); + } + + /* Silently discard: fetch new message */ + goto read_record_header; } ssl->in_left = 0; @@ -4058,6 +4091,8 @@ { polarssl_free( ssl->psk ); polarssl_free( ssl->psk_identity ); + ssl->psk = NULL; + ssl->psk_identity = NULL; } if( ( ssl->psk = polarssl_malloc( psk_len ) ) == NULL || diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/library/x509_create.c new/mbedtls-1.3.15/library/x509_create.c --- old/mbedtls-1.3.14/library/x509_create.c 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/library/x509_create.c 2015-11-05 16:44:46.000000000 +0100 @@ -265,13 +265,16 @@ int ret; size_t len = 0; - if( *p - start < (int) size + 1 ) + if( *p < start || (size_t)( *p - start ) < size ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); len = size; (*p) -= len; memcpy( *p, sig, len ); + if( *p - start < 1 ) + return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); + *--(*p) = 0; len += 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/library/x509_crt.c new/mbedtls-1.3.15/library/x509_crt.c --- old/mbedtls-1.3.14/library/x509_crt.c 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/library/x509_crt.c 2015-11-05 16:44:46.000000000 +0100 @@ -973,7 +973,7 @@ WCHAR szDir[MAX_PATH]; char filename[MAX_PATH]; char *p; - int len = (int) strlen( path ); + size_t len = strlen( path ); WIN32_FIND_DATAW file_data; HANDLE hFind; @@ -1007,7 +1007,7 @@ w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, lstrlenW( file_data.cFileName ), - p, len - 1, + p, (int) len - 1, NULL, NULL ); if( w_ret == 0 ) return( POLARSSL_ERR_X509_FILE_IO_ERROR ); @@ -1766,7 +1766,8 @@ static int x509_crt_verify_top( x509_crt *child, x509_crt *trust_ca, - x509_crl *ca_crl, int path_cnt, int *flags, + x509_crl *ca_crl, + int path_cnt, int self_cnt, int *flags, int (*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy ) { @@ -1815,8 +1816,9 @@ check_path_cnt--; } + /* Self signed certificates do not count towards the limit */ if( trust_ca->max_pathlen > 0 && - trust_ca->max_pathlen < check_path_cnt ) + trust_ca->max_pathlen < check_path_cnt - self_cnt ) { continue; } @@ -1881,8 +1883,9 @@ } static int x509_crt_verify_child( - x509_crt *child, x509_crt *parent, x509_crt *trust_ca, - x509_crl *ca_crl, int path_cnt, int *flags, + x509_crt *child, x509_crt *parent, + x509_crt *trust_ca, x509_crl *ca_crl, + int path_cnt, int self_cnt, int *flags, int (*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy ) { @@ -1892,6 +1895,10 @@ x509_crt *grandparent; const md_info_t *md_info; + /* Counting intermediate self signed certificates */ + if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) + self_cnt++; + /* path_cnt is 0 for the first intermediate CA */ if( 1 + path_cnt > POLARSSL_X509_MAX_INTERMEDIATE_CA ) { @@ -1943,7 +1950,7 @@ if( grandparent != NULL ) { ret = x509_crt_verify_top( parent, grandparent, ca_crl, - path_cnt + 1, &parent_flags, f_vrfy, p_vrfy ); + path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); } @@ -1954,6 +1961,15 @@ grandparent != NULL; grandparent = grandparent->next ) { + /* +2 because the current step is not yet accounted for + * and because max_pathlen is one higher than it should be. + * Also self signed certificates do not count to the limit. */ + if( grandparent->max_pathlen > 0 && + grandparent->max_pathlen < 2 + path_cnt - self_cnt ) + { + continue; + } + if( x509_crt_check_parent( parent, grandparent, 0, path_cnt == 0 ) == 0 ) break; @@ -1963,7 +1979,7 @@ if( grandparent != NULL ) { ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl, - path_cnt + 1, &parent_flags, + path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); @@ -1971,7 +1987,7 @@ else { ret = x509_crt_verify_top( parent, trust_ca, ca_crl, - path_cnt + 1, &parent_flags, + path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); @@ -2001,6 +2017,7 @@ size_t cn_len; int ret; int pathlen = 0; + int selfsigned = 0; x509_crt *parent; x509_name *name; x509_sequence *cur = NULL; @@ -2067,7 +2084,7 @@ if( parent != NULL ) { ret = x509_crt_verify_top( crt, parent, ca_crl, - pathlen, flags, f_vrfy, p_vrfy ); + pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); } @@ -2076,6 +2093,14 @@ /* Look for a parent upwards the chain */ for( parent = crt->next; parent != NULL; parent = parent->next ) { + /* +2 because the current step is not yet accounted for + * and because max_pathlen is one higher than it should be */ + if( parent->max_pathlen > 0 && + parent->max_pathlen < 2 + pathlen ) + { + continue; + } + if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 ) break; } @@ -2084,14 +2109,14 @@ if( parent != NULL ) { ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, - pathlen, flags, f_vrfy, p_vrfy ); + pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); } else { ret = x509_crt_verify_top( crt, trust_ca, ca_crl, - pathlen, flags, f_vrfy, p_vrfy ); + pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/programs/x509/cert_write.c new/mbedtls-1.3.15/programs/x509/cert_write.c --- old/mbedtls-1.3.14/programs/x509/cert_write.c 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/programs/x509/cert_write.c 2015-11-05 16:44:46.000000000 +0100 @@ -190,11 +190,11 @@ pk_context *issuer_key = &loaded_issuer_key, *subject_key = &loaded_subject_key; char buf[1024]; - char issuer_name[128]; + char issuer_name[256]; int i; char *p, *q, *r; #if defined(POLARSSL_X509_CSR_PARSE_C) - char subject_name[128]; + char subject_name[256]; x509_csr csr; #endif x509write_cert crt; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/Readme new/mbedtls-1.3.15/tests/data_files/dir4/Readme --- old/mbedtls-1.3.14/tests/data_files/dir4/Readme 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/Readme 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,38 @@ +This directory contains the certificates for the tests targeting the enforcement of the policy indicated by the *pathLenConstraint* field. All leaf elements were generated with *is_ca* unset and all roots with the *selfsign=1* option. + +1. zero pathlen constraint on an intermediate CA (invalid) +``` +cert11.crt -> cert12.crt (max_pathlen=0) -> cert13.crt -> cert14.crt +``` + +2. zero pathlen constraint on the root CA (invalid) +``` +cert21.crt (max_pathlen=0) -> cert22.crt -> cert23.crt +``` + +3. nonzero pathlen constraint on the root CA (invalid) +``` +cert31.crt (max_pathlen=1) -> cert32.crt -> cert33.crt -> cert34.crt +``` + +4. nonzero pathlen constraint on an intermediate CA (invalid) +``` +cert41.crt -> cert42.crt (max_pathlen=1) -> cert43.crt -> cert44.crt -> cert45.crt +``` + +5. nonzero pathlen constraint on an intermediate CA with maximum number of elements in the chain (valid) +``` +cert51.crt -> cert52.crt (max_pathlen=1) -> cert53.crt -> cert54.crt +``` + +6. nonzero pathlen constraint on the root CA with maximum number of elements in the chain (valid) +``` +cert61.crt (max_pathlen=1) -> cert62.crt -> cert63.crt +``` + +7. pathlen constraint on the root CA with maximum number of elements and a self signed certificate in the chain (valid) +(This situation happens for example when a root of some hierarchy gets integrated into another hierarchy. In this case the certificates issued before the integration will have an intermadiate self signed certificate in their chain) +``` +cert71.crt (max_pathlen=1) -> cert72.crt -> cert73.crt (self signed) -> cert74.crt -> cert74.crt +``` + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert11.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert11.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert11.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert11.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9zCCAd+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgMjAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMBYxFDASBgNV +BAMTC1Rlc3Qgcm9vdCAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +hqLw+KDH8+tkX9hphnydOZFoueGTY5v8WdYI6KZXoIln9IAu4Rmb6M59uLziXurg +VKuwBqOkbUZsIY0NOA6C8FpdjZL1di8Viq669vBBs9c+x9hKpx8/VVcZfTaGgqni +h5XiivQynBQ4E2KOxEQ+VjUMDqIBHYG1VXWs4KMkAeJsqDYHtmS4XsC9TXTIri5S +9IX4mE5A9+ngSTo0/6Sjwcd27uO2IQHXDC7jkxX5OH5jFPAqsVKTYDeWlCU7bvbr +iy1H9Z9uCl+M7unbAl8BKQ8leOnno3KO3lQQAPGP2EFRT0XMuUXJnfydPbzMa9FY +ufB1I8zCBZviPvO/Of3yrwIDAQABo1AwTjAMBgNVHRMEBTADAQEBMB0GA1UdDgQW +BBSUHSH6gjrYFZnS1gDvk7BpfwTKwDAfBgNVHSMEGDAWgBSUHSH6gjrYFZnS1gDv +k7BpfwTKwDANBgkqhkiG9w0BAQsFAAOCAQEATLqZGFEBO+2IiHjkn7pBkAuktmHm +jkkuFLONwe0vlxZFaabaFqSgkoS5eZ50D0dmuUkpJRNMnGK1B/ja5RewtAdxD6us +VT8JpeWYkhxaSIHjUW95jJLMVr17it8jHawI05tD26nqDjTq3C2rM4ExpAaK/Dgv +83ZHe4IdvenkXckDMIjmSsK0GfomZmKvmnfxhg4FnQvZGI48JJUqPA2dHxRhUyr4 +ohBmH5Xi5oLICd85GRi8YqD00agKL99EjGulaKNEdsQkrC4ZvY6QDV0EEnbu8b4R +GfiA42UWN2dKNSqNhBOrP9g5yTcIWXh1Dwpd1Z9vhBCwmBegPqqM5IM1dQ== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert12.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert12.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert12.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert12.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgMjAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMCYxJDAiBgNV +BAMTG1Rlc3QgaW50ZXJtZWRpYXRlIG1heHBhdGggMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANJrP7/Y+KjupvlgaOmQYArfGuoh3CzcdPe/mlhq+fxD +8U9qzgSVuVR+FpNZi9DyMljMBrWV1OnZI+cVCDYYkNMa3IkV+AkzJGqwcSBKE+6N +RXZvv+I4xbGymdSSaT6Kh1PgPVk/EYNfLFF30pBsycjM81aMtZgW6aA9xCSp0r8W +XkZodsrJUQerDh/7VmDVEeKanZog8auvrvs/ENiA8d4p/75lOIER4nLz6SSn5Eqy +uXzNCwmT5PVwWStXbDD7EBs3rOtR2VNWQ9o6QdfKQOe/SkIddZr1IWGEJ8JHjtNo +jxcYO67A+Jgp1Jwjk+83eRICs0hlWyeHWfBlbOVIKLcCAwEAAaNTMFEwDwYDVR0T +BAgwBgEBAQIBADAdBgNVHQ4EFgQUyw8Phy/FAvifGQ+G6HWkMiWzyqUwHwYDVR0j +BBgwFoAUlB0h+oI62BWZ0tYA75OwaX8EysAwDQYJKoZIhvcNAQELBQADggEBACFS +6tFy9TpVMUfh1mkr3rFEVtho0NJkRhJW8z2PTmKQa069S9gS+U6+CsqwvM1y3yyh +Pt2q34fhhhbQ+gS8iAm+zvQtBsys3frfVkeKmRzxWDh2LnT+tJi/xtqdlULua5NB +21So46HdlceDTuv2vUbrHgxUS/IEjIL6OZZ0Sc6S6YybvGSioGsRUHO2k2IiOnUa +C+hpBvOkXScnItfdMKAAce71CsZeN97sbxeNIMBDiX9bSy+dZLscEhRwBUABiNr/ +sYdYvIpbrFXowjMtBdac+vvhcem7dkCrCdsGylGINWhE2tC9hKmFkFXo4mu/AGDS +M4/59TlMeK8X+WZ9zBs= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert13.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert13.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert13.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert13.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDEwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAmMSQwIgYDVQQDExtUZXN0IGludGVybWVkaWF0ZSBtYXhwYXRoIDIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs0qdKXytu/GTKpa2H0CE3 +OPSIMM2hiYbavzUroyL+hFv9XVoxh5CGnVUxK7B9ifVvzyElrcV7tjuIlGwp1hLH +tx/YU22xksI/n5/NS/qrxkK5xjwEWB9lx93rwLK0QnfjYRZrir7yySoBKi6IlHOv +GOwl0V/JAslMWwUZlFmvYvoCWSWGrDAkxWVnHq+HoZ7YoM/bdJdsIIJYe3tt7L8D +cJVP5dQ8jSs8/Ehm8BbG339r3B7v/KdK8zuoMig9ag/YOu9jOb0QvYC2HdZoL4WV +N+7aasTQmDGWGOt7fk7AEl0EI8lDvr2O/5q6ad9jRCkxyq3lJwRy+M3MdVKgA1On +AgMBAAGjUDBOMAwGA1UdEwQFMAMBAQEwHQYDVR0OBBYEFM6u5Gkjkxb8PDdQIGKD +D8t1Zv/9MB8GA1UdIwQYMBaAFMsPD4cvxQL4nxkPhuh1pDIls8qlMA0GCSqGSIb3 +DQEBCwUAA4IBAQCLpKATt01DUM8wCiDFVSpmpiCBqxnLRfQuY+ta1p+f15LME+cT +94lwaYCfCBtXQYwiuVFYdK8ztWEStPg6BecMLPB2K9gO/talxUoVDumsmR83p+2y +8YJmFHyjr+BShsjP9paCjUQkJiMOiWRpNFNpScv0IOHmb8NLER3vX/tCmxyVHPg/ +7tBpDXRD6jOyajYH4KUx6wddcYWb63N9sApVpRHNaqpUKjuiQwfUFZjA7AyK/FUS +/cO3++uq+CkZhBu8vupaznXD4h0E28GbZgvu/F0edB7f0Q5DpnuDJ6HFMYl3A2mM +m8pqKNnRYGCtQwppBYVsoBisga2ymtNud7K+ +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert14.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert14.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert14.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert14.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDIwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAeMRwwGgYDVQQDExNUZXN0IGxlYWYgaW52YWxpZCAzMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6Vc/T2GYTWj7nGZcy2voZyeWkFyfDIy +oexyJe8eyuWX+YqaSCra1JMcww0Jy8e9/6/aI9ezd1d73eZDcW5h61tagCpBki+W +dYh+FJfCdDdPnSkitWOBLKBK21AQ9dxePvkQBEanDdAk2IwasydCoHEiSCqwXNEz +jVJPL38ibbLf9sNO3kk6zOFA3QqVSTJ4BddNh9bHL7y106ekfMhrfyTzSpo3Wj0V +20ThmJZ1NuwYRl3j1XHALP0t8Cp2ZLbXuFsTWqTFNzXj+gWM8b2IfZqmqcew5poZ +4aDkjXXOizRxDPxCHp7rLz9xv1pIIBxady0YWp+w9vxLxFF6rYBLtQIDAQABo00w +SzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQoF/qrn9WnKV3zOnCwMl99Uhmx8DAfBgNV +HSMEGDAWgBTOruRpI5MW/Dw3UCBigw/LdWb//TANBgkqhkiG9w0BAQsFAAOCAQEA +VUnlX//h3T5Ajc85WNkyTuirhSZtIr6+X/AxH4kR/QG5NiaDxP9H0FzMs5FcMni8 +3Rs4d2H3CBs+QB7lm/b+xy26vpORwlVFXScHeTEanuXSVsmGPkn7TAQrPoyZgVUN +uy4TGi8Mlkso4gmgehvgTklIV+Emxy32Abd1lRfI8/vOQ1xTdA7f3X98AfWStTya +DGRsQLZE/Q4/Gh57xNqF0ftBIRwt9TbGlu8AyZiIilVECGvE/gtTwuqpQPOhJQmi +NdYTErgD2Wkw9ohifQFo46AMMU1seehtqijW2pC2UjmV5nboPs0eGQmWrfNCjDOr +sZfh98BafcaFGjz605V36g== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert21.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert21.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert21.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert21.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgMjAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMBYxFDASBgNV +BAMTC1Rlc3Qgcm9vdCAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +mTX2sHY42Ord9gWyB6GcdlLjjE+4zBJ1BoDpMnvJ89niMTuZTq1ViMp/B6RuTH+2 +YF3+riZYQDH9yM/8rgvAUIvK9STaq19Zrm0mnfQUo9yKdkfoJ+XvWuvK6f+NkAMg +xfhAD6eSupigTvov/w2IT8rS0dxo4KF6hKBL2aYlXhiEyi/NmsEPZWvVh+qk3L/Q +GSwpgC+DhVoQzFRofUdK9O9MkgR675iftaFDvyi7F0fxrSLfB/Wy4cgRYzIW6pyN +2sXWivKdLI3bgB01ffdbO17ZAGILK1whO29/bX6hbH09Y/H7jR2vjy+KP9N0PEa3 +7SBymlokB3A8wq/LWPYPeQIDAQABo1MwUTAPBgNVHRMECDAGAQEBAgEAMB0GA1Ud +DgQWBBSOBd1fH00Y9r5S8cELj/9IT4BGlDAfBgNVHSMEGDAWgBSOBd1fH00Y9r5S +8cELj/9IT4BGlDANBgkqhkiG9w0BAQsFAAOCAQEAFEY2StppaPzOgG6vEvPJr//+ +NWY1jKcBB3cT+zWJW54+BexDjyaBRnBIPvRLDG8PAlhlYr9v/P6JCjBSuhYorFLG +P4ZhD+akuMvn6yF7nsyG20LHPwvE7/jye7+zSO3hhyqCg7N7M7O17exo/agw/iUI +DYUuUv1ZJlZvPB2kmZMYa78g0P2ynyKpu4hdbstJzxwA4aQDXGQxcQNtv+3ZCdC2 +TI4w0jodkjqdq/4y0McpkEvYL3/LaQElLaHr8CQo7xYEzsjv+cnzojCO/ilXU+Rl +sz940Q4njAJqlpfiJ44aFytjp96uN4YVpViFCvRz//9uyQY9kuA/8kKwJuO3qw== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert22.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert22.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert22.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert22.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBzCCAe+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgMjAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMCYxJDAiBgNV +BAMTG1Rlc3QgaW50ZXJtZWRpYXRlIG1heHBhdGggMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANpGlBMXdo8cO9oqUw/b6PMwiMNV8LCe6wB9VKHPa6OG +Q0o8Xqktgwnh1rojgpMhbCApE7UXeMr6ZGq/NtqmO1hO5adV5JehWZyvg7j4EBpG +g8iWo0jNpKMJ0Yx1uBkkljEdZLTHa4bK/zy2NKqDNS2yWs9/M5+xw5XE2ecAg7FT +cXhf3q50V+M6T2IaQ9BxntTyCT8IIF2eRM/t9Y944s9Rfzm/KQVKRYPudX7YhTt9 +iqCJB4JoqYhs3HEO0wPkJxY4KBTUCN94s+7jUFdRrYxe+8Ya6tIYWqD38i5qdGhY +xrVey1LatsDJQ2EgNYobM/LjoCLK1WUssEqf0OU2bi0CAwEAAaNQME4wDAYDVR0T +BAUwAwEBATAdBgNVHQ4EFgQUOBl8edVm/H5xdS2EGEeLzftZ/DUwHwYDVR0jBBgw +FoAUjgXdXx9NGPa+UvHBC4//SE+ARpQwDQYJKoZIhvcNAQELBQADggEBAFwZriTu +DKkiDHFfz3UX4fIxYTHCi4TveYZGPeTbxhBb3XZC5qDF4T5HvCTSkG9+oFfZzI1a +lPN2yZB7QnmHJoyWa5fuovwUL0iI3iIZMqU56tdVPW8gkJe++U5kHMSpz2VF0eo8 +7XkKWxZovRwczgfDFRP9zM9CylyzQjqxx6kbxJozWnwc5UrVbJMaPIqonXp1nDoZ +i878+hX4rJUEjgO6Sa9GVZQpmuCrQF0qKsTiUBzZN67hoD3xoTAYi5IXQE2tRD1N +j3zwng9liCsxurGMnuV0BPWv/IDYRu/syjee1Qv1VFeRto5D4Rldmi2p1f5iWJCk +5m5YpRsknaICjYs= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert23.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert23.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert23.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert23.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDEwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAeMRwwGgYDVQQDExNUZXN0IGxlYWYgaW52YWxpZCAyMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigGgHGNWNkEWWFn7eaU4kC2WjR3RtcBs +oW1MlQndUvwWUHgcbfIg7nh66Oi6Xl3IqAMjHj1J0EPGcwTfmLdaRvN38KjTMh3/ +FiFrrUL0MNgiGxjkTthWgsfV4C/i3vRDTCW+2UMFdd6+z7hwFf+ldTsCP9Qp+93G +drslrvAR2W0qjHLULAJGk/6WzxFG6xeCgdhkooDPprsflZJ/cN1SuqTYOaVMAj9J +aovStUTVhF8ouDULpq0fiBImoldObcGdaAWlgRl0k8NdoSLpWd/7+hi4sH5PSOZq ++8g1lQ3cgrE7ta4X3p/i6eApcn1hyEkTy9ZpKOFvZXnM4D1j8+KSKQIDAQABo00w +SzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTCN2vDLY1tcenTzyRmlS4TBe2xijAfBgNV +HSMEGDAWgBQ4GXx51Wb8fnF1LYQYR4vN+1n8NTANBgkqhkiG9w0BAQsFAAOCAQEA +eb/tgtSbrz7j7HQaxGgI5LVedRro3a2fNLhO0wNboGI6gACIPait1ePkUwuMfLfl +Fky2/2VZ8Ie4pQqxFmdSUqf1NSmxgiWLRho4oTiFv1z08LYQgSdKT49ffKO67TDG +D1nI8rEuT1Nupq8WI5jcKgWqktMJjgKzfN+9nCgFGQMGqTBnt7uYZHhnuZfKSJPv +gHmS4gj72OQ2Nu6xORGhd6J8VjzcG6BX1pLebNQRzlHT3E5IVNF/9cCrc+E87Wns +bDGtzhyx7SIP7/2TiJeBZs7p8xXpaDF2cNx2F+jZH+P8feT7c+JoY7A72uVDSlYf +WVf02pylKRgqayOujH3PWA== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert31.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert31.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert31.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert31.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgMjAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMBYxFDASBgNV +BAMTC1Rlc3Qgcm9vdCAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +mTX2sHY42Ord9gWyB6GcdlLjjE+4zBJ1BoDpMnvJ89niMTuZTq1ViMp/B6RuTH+2 +YF3+riZYQDH9yM/8rgvAUIvK9STaq19Zrm0mnfQUo9yKdkfoJ+XvWuvK6f+NkAMg +xfhAD6eSupigTvov/w2IT8rS0dxo4KF6hKBL2aYlXhiEyi/NmsEPZWvVh+qk3L/Q +GSwpgC+DhVoQzFRofUdK9O9MkgR675iftaFDvyi7F0fxrSLfB/Wy4cgRYzIW6pyN +2sXWivKdLI3bgB01ffdbO17ZAGILK1whO29/bX6hbH09Y/H7jR2vjy+KP9N0PEa3 +7SBymlokB3A8wq/LWPYPeQIDAQABo1MwUTAPBgNVHRMECDAGAQEBAgEBMB0GA1Ud +DgQWBBSOBd1fH00Y9r5S8cELj/9IT4BGlDAfBgNVHSMEGDAWgBSOBd1fH00Y9r5S +8cELj/9IT4BGlDANBgkqhkiG9w0BAQsFAAOCAQEAB9nLaqxsBW0isDaBGNJyzH9O +WqYY0hex9tm3UqygfE9b9aahykpkowQIzh4D9Xpbd0hZGVlK/sw2qsKj6gDOiMtL +uWs4gaFNWIQqhVsTzL88c7XaW55n+TRQdVZyy38DZVWphte1Mumc9WB8N15rZTDh +iXjwGl0mrV1egq4hJZLpy14f6ihqU7KGfmc9onxvgvWxYLi+5v8874c4ophSKsI2 +qVE8iZ6uq2oQ66Pd5S50cYk6MEW5lifAhLM5WFZmW7dRKmykBGZ9rFrJrIvhkmh9 +He7q6TEQP1Wcoc147nIg0BTkHGtdrEv3jIX6UKKUEwUUk9ARB1mSodZQHBhuww== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert32.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert32.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert32.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert32.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBzCCAe+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgMjAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMCYxJDAiBgNV +BAMTG1Rlc3QgaW50ZXJtZWRpYXRlIG1heHBhdGggMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANpGlBMXdo8cO9oqUw/b6PMwiMNV8LCe6wB9VKHPa6OG +Q0o8Xqktgwnh1rojgpMhbCApE7UXeMr6ZGq/NtqmO1hO5adV5JehWZyvg7j4EBpG +g8iWo0jNpKMJ0Yx1uBkkljEdZLTHa4bK/zy2NKqDNS2yWs9/M5+xw5XE2ecAg7FT +cXhf3q50V+M6T2IaQ9BxntTyCT8IIF2eRM/t9Y944s9Rfzm/KQVKRYPudX7YhTt9 +iqCJB4JoqYhs3HEO0wPkJxY4KBTUCN94s+7jUFdRrYxe+8Ya6tIYWqD38i5qdGhY +xrVey1LatsDJQ2EgNYobM/LjoCLK1WUssEqf0OU2bi0CAwEAAaNQME4wDAYDVR0T +BAUwAwEBATAdBgNVHQ4EFgQUOBl8edVm/H5xdS2EGEeLzftZ/DUwHwYDVR0jBBgw +FoAUjgXdXx9NGPa+UvHBC4//SE+ARpQwDQYJKoZIhvcNAQELBQADggEBAFwZriTu +DKkiDHFfz3UX4fIxYTHCi4TveYZGPeTbxhBb3XZC5qDF4T5HvCTSkG9+oFfZzI1a +lPN2yZB7QnmHJoyWa5fuovwUL0iI3iIZMqU56tdVPW8gkJe++U5kHMSpz2VF0eo8 +7XkKWxZovRwczgfDFRP9zM9CylyzQjqxx6kbxJozWnwc5UrVbJMaPIqonXp1nDoZ +i878+hX4rJUEjgO6Sa9GVZQpmuCrQF0qKsTiUBzZN67hoD3xoTAYi5IXQE2tRD1N +j3zwng9liCsxurGMnuV0BPWv/IDYRu/syjee1Qv1VFeRto5D4Rldmi2p1f5iWJCk +5m5YpRsknaICjYs= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert33.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert33.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert33.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert33.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDEwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAmMSQwIgYDVQQDExtUZXN0IGludGVybWVkaWF0ZSBtYXhwYXRoIDIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKAaAcY1Y2QRZYWft5pTiQ +LZaNHdG1wGyhbUyVCd1S/BZQeBxt8iDueHro6LpeXcioAyMePUnQQ8ZzBN+Yt1pG +83fwqNMyHf8WIWutQvQw2CIbGORO2FaCx9XgL+Le9ENMJb7ZQwV13r7PuHAV/6V1 +OwI/1Cn73cZ2uyWu8BHZbSqMctQsAkaT/pbPEUbrF4KB2GSigM+mux+Vkn9w3VK6 +pNg5pUwCP0lqi9K1RNWEXyi4NQumrR+IEiaiV05twZ1oBaWBGXSTw12hIulZ3/v6 +GLiwfk9I5mr7yDWVDdyCsTu1rhfen+Lp4ClyfWHISRPL1mko4W9leczgPWPz4pIp +AgMBAAGjUDBOMAwGA1UdEwQFMAMBAQEwHQYDVR0OBBYEFMI3a8MtjW1x6dPPJGaV +LhMF7bGKMB8GA1UdIwQYMBaAFDgZfHnVZvx+cXUthBhHi837Wfw1MA0GCSqGSIb3 +DQEBCwUAA4IBAQCprzpoj6UaEG4eqLg2L3HqsvY73/XE8ytuZ9wDC3HodnmpezUX +48XwJPHFO7OGPGWZgsU2qX/Zp7yUXkVFSK4VnmnSzUtXNVlU0oWEEOzQLrpphksH +dcF8YNN/Y65KnhzIU784uHeFefUpPaE6yS5OSZboptZWVF9y1LoU3F7gN0UGvVG9 +hflz5O0/KvmYd+6+Yrje+2lbHiJHNXLmOPiZyk9TBDknygBuU14IOWghQim3yks9 +tKk8D38Vl85V5aG9nO4STjx5J8BtSl0x6wW3t9WwU5UC9geCROhZI1XRBafIoKkn +VSgHLpLTARtLikbbg/3SxpnW12msHvgLVasf +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert34.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert34.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert34.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert34.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDIwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAeMRwwGgYDVQQDExNUZXN0IGxlYWYgaW52YWxpZCAzMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSrgWFD4lYQ0RF/z3mJZjn1lgNBkhnCP +0hciJv/etoMN3bCB+uc8fo0wxDQ2ZcbzTAQ0qBNnjJvAJ1qslZA9boIBKmT8JSix +ii/1XTDWI3E5aOvX1h6lW66pVsIzLm0NAf0VJn2xLw0Yv8hfKbwjcNeAfm7GCwJB +8skjekMKJ8+e6pP4ZHxmrnOo0kUlCg8w8RKzZ6sYJxX1ETekWPEUSXrscQ/YSjpO +zjLDph1lO4gVErBhdJgJpJznqkrRBiR7f/hIrpAV3wOUbtfrxrIb5FXOM9rt/svW +RRrzIUGnBvo04WZ+KQHPsMn+9x8i+/tueOg1KLfs10hW0RWsTQjmOQIDAQABo00w +SzAJBgNVHRMEAjAAMB0GA1UdDgQWBBSOBr1U4h5PYyOqGe/gJgwWk7FfezAfBgNV +HSMEGDAWgBTCN2vDLY1tcenTzyRmlS4TBe2xijANBgkqhkiG9w0BAQsFAAOCAQEA +aBLuwNN5vOh2dLbn8lMNsc/oTFSInzu+ylzC/KLTkjoyMYY+S2ISUuew9pzUo4Gs +AAE/rqVYednayyA13eNRBnwIw+8kPTESaJMGl6uQQd8DzAalzqxbFhbwFY2T0pdi +LNFkGjmGdpRNy/VSTy6JEEBMhIKXjMpactmpiV6mwK3bfnFaXZ6o70+JZrNeiSe0 +g8sci6gBVEt27bGvhLalut8WXc7VCkxQhQCSBdv/94EmRxzPye6iAK0L9jaTHlt+ +qR5MWJxZN32muI7nsKnetUMZbIYwvO1LPn8f+0hdYkck8kE7ga1UM98oTgQeIOmj +3JNCDkNY+Z387ujaaOAVxw== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert41.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert41.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert41.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert41.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9zCCAd+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgNDAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMBYxFDASBgNV +BAMTC1Rlc3Qgcm9vdCA0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +mTX2sHY42Ord9gWyB6GcdlLjjE+4zBJ1BoDpMnvJ89niMTuZTq1ViMp/B6RuTH+2 +YF3+riZYQDH9yM/8rgvAUIvK9STaq19Zrm0mnfQUo9yKdkfoJ+XvWuvK6f+NkAMg +xfhAD6eSupigTvov/w2IT8rS0dxo4KF6hKBL2aYlXhiEyi/NmsEPZWvVh+qk3L/Q +GSwpgC+DhVoQzFRofUdK9O9MkgR675iftaFDvyi7F0fxrSLfB/Wy4cgRYzIW6pyN +2sXWivKdLI3bgB01ffdbO17ZAGILK1whO29/bX6hbH09Y/H7jR2vjy+KP9N0PEa3 +7SBymlokB3A8wq/LWPYPeQIDAQABo1AwTjAMBgNVHRMEBTADAQEBMB0GA1UdDgQW +BBSOBd1fH00Y9r5S8cELj/9IT4BGlDAfBgNVHSMEGDAWgBSOBd1fH00Y9r5S8cEL +j/9IT4BGlDANBgkqhkiG9w0BAQsFAAOCAQEAWhrHGIMcEG2UJfv920hftxi+Jvj/ +ivrhEscqlVA0QNLqZV8v/ai/AiypDLk7uwKtsxF2i+sl81473aSFS9hh3F83/ofm +x8EU8X1FBQHN1zyAEpZyPXr7MiaTXn4w5sCeZLmpWyxGk+cRiPVRE0QUbXDGfVRp +3v984oCUMUzbb+zv6QlkHa6m/kZq0qrnNVVp0X4c7/Pb5elJOVlKnIslNgd/eLrz +zSabToAX9OP6tbJdSRky/LmIYW+CXH/Y4YVwpEu7NisZmDo6lnCBoRQB3QgxoMLp +mM+RUY+AyHr0ZsSUSb6iicJMRZ3mhxCLvnK/Noe/3hq4pUk4Sit7s7JL7A== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert42.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert42.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert42.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert42.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgNDAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMCYxJDAiBgNV +BAMTG1Rlc3QgaW50ZXJtZWRpYXRlIG1heHBhdGggMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANpGlBMXdo8cO9oqUw/b6PMwiMNV8LCe6wB9VKHPa6OG +Q0o8Xqktgwnh1rojgpMhbCApE7UXeMr6ZGq/NtqmO1hO5adV5JehWZyvg7j4EBpG +g8iWo0jNpKMJ0Yx1uBkkljEdZLTHa4bK/zy2NKqDNS2yWs9/M5+xw5XE2ecAg7FT +cXhf3q50V+M6T2IaQ9BxntTyCT8IIF2eRM/t9Y944s9Rfzm/KQVKRYPudX7YhTt9 +iqCJB4JoqYhs3HEO0wPkJxY4KBTUCN94s+7jUFdRrYxe+8Ya6tIYWqD38i5qdGhY +xrVey1LatsDJQ2EgNYobM/LjoCLK1WUssEqf0OU2bi0CAwEAAaNTMFEwDwYDVR0T +BAgwBgEBAQIBATAdBgNVHQ4EFgQUOBl8edVm/H5xdS2EGEeLzftZ/DUwHwYDVR0j +BBgwFoAUjgXdXx9NGPa+UvHBC4//SE+ARpQwDQYJKoZIhvcNAQELBQADggEBAGKh +pBhYSGN0KGWIG4GG4mVoTiw880ehetDuTpl3ymZNqkoUuTaAtU3PJWOctcJva7h6 +4PSgyabi/WQmhntR1GxCUt0GTuhHmyJYsSwakXUgMgF6W6TKcxg6m4vjMkkrf+ZT +1lO/MiwxhTTluHPGkl/nBG+uxySInuQMDvdyQDXp2e17qxops+G+1UnRJinqLtsd +LMkCOT4pyh6B5ysnJ8gP1Z2EKWjhKJcIHRMUm7Ap/pf8Zgh5LIqdRtDSuNuTmPLP +lkgoebOCO3c/mWCciR0xGCcz86G3fYznvGp4XqHnRkg3SpAcHQbQ/nSHA+1LdfFi +nqZQPnJPVsJctDR935c= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert43.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert43.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert43.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert43.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDEwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAmMSQwIgYDVQQDExtUZXN0IGludGVybWVkaWF0ZSBtYXhwYXRoIDIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKAaAcY1Y2QRZYWft5pTiQ +LZaNHdG1wGyhbUyVCd1S/BZQeBxt8iDueHro6LpeXcioAyMePUnQQ8ZzBN+Yt1pG +83fwqNMyHf8WIWutQvQw2CIbGORO2FaCx9XgL+Le9ENMJb7ZQwV13r7PuHAV/6V1 +OwI/1Cn73cZ2uyWu8BHZbSqMctQsAkaT/pbPEUbrF4KB2GSigM+mux+Vkn9w3VK6 +pNg5pUwCP0lqi9K1RNWEXyi4NQumrR+IEiaiV05twZ1oBaWBGXSTw12hIulZ3/v6 +GLiwfk9I5mr7yDWVDdyCsTu1rhfen+Lp4ClyfWHISRPL1mko4W9leczgPWPz4pIp +AgMBAAGjUDBOMAwGA1UdEwQFMAMBAQEwHQYDVR0OBBYEFMI3a8MtjW1x6dPPJGaV +LhMF7bGKMB8GA1UdIwQYMBaAFDgZfHnVZvx+cXUthBhHi837Wfw1MA0GCSqGSIb3 +DQEBCwUAA4IBAQCprzpoj6UaEG4eqLg2L3HqsvY73/XE8ytuZ9wDC3HodnmpezUX +48XwJPHFO7OGPGWZgsU2qX/Zp7yUXkVFSK4VnmnSzUtXNVlU0oWEEOzQLrpphksH +dcF8YNN/Y65KnhzIU784uHeFefUpPaE6yS5OSZboptZWVF9y1LoU3F7gN0UGvVG9 +hflz5O0/KvmYd+6+Yrje+2lbHiJHNXLmOPiZyk9TBDknygBuU14IOWghQim3yks9 +tKk8D38Vl85V5aG9nO4STjx5J8BtSl0x6wW3t9WwU5UC9geCROhZI1XRBafIoKkn +VSgHLpLTARtLikbbg/3SxpnW12msHvgLVasf +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert44.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert44.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert44.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert44.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDIwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAmMSQwIgYDVQQDExtUZXN0IGludGVybWVkaWF0ZSBtYXhwYXRoIDMw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRKuBYUPiVhDREX/PeYlmO +fWWA0GSGcI/SFyIm/962gw3dsIH65zx+jTDENDZlxvNMBDSoE2eMm8AnWqyVkD1u +ggEqZPwlKLGKL/VdMNYjcTlo69fWHqVbrqlWwjMubQ0B/RUmfbEvDRi/yF8pvCNw +14B+bsYLAkHyySN6Qwonz57qk/hkfGauc6jSRSUKDzDxErNnqxgnFfURN6RY8RRJ +euxxD9hKOk7OMsOmHWU7iBUSsGF0mAmknOeqStEGJHt/+EiukBXfA5Ru1+vGshvk +Vc4z2u3+y9ZFGvMhQacG+jThZn4pAc+wyf73HyL7+2546DUot+zXSFbRFaxNCOY5 +AgMBAAGjUDBOMAwGA1UdEwQFMAMBAQEwHQYDVR0OBBYEFI4GvVTiHk9jI6oZ7+Am +DBaTsV97MB8GA1UdIwQYMBaAFMI3a8MtjW1x6dPPJGaVLhMF7bGKMA0GCSqGSIb3 +DQEBCwUAA4IBAQCB3dtsoVdschVyCWSI16Se46RZJtLW1bM019KdyZj9DdIZ2VPm +Ip+BQFcVJyzbfmhn5QBbhNDKkwsfldI9Y8IqZ132j442/XIFZIilaPi3cE/WLFUY +Nxu2opuN3+KDwDYO32CUp3frr9OjAtB5amZnkXau+C1EkJlSuWaT+/gIlYwlr4/H +uADcyqFSmy28P9jmkK8AzZHhKnlRadAn2cDB8MFXD5VxnLJfejkprQVLdxTXRovP +cE/6c7PUGIK22WcSX8KTfuviKmjdGVhgeKps2nRNKaSIlqYCztyc8IjcZwJCnh6c +ZW8V9bi7WxDK+I9PPgrgLK8W+VTkS0RtjP5a +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert45.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert45.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert45.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert45.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDMwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAeMRwwGgYDVQQDExNUZXN0IGxlYWYgaW52YWxpZCA0MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcNsE/s4nauA5vSG/23znHT5ZjFAQiRa +83xo83MD2jMrBjgBBzOW0IKedk9lmqcRmoMsWt3PbYeH2Am+EqtOjh9vbHw/wXEw +eXg7DtZaYTjeRNkrwZ0z5Bz/TTvia7YkcfaU83OG4JyL8GmmbtiGNOHZyHqTv2Ky +j6YqyBJaDE7dwBNBJd5DElEuvr6Tu/Y3K3Z6z8bZUAX/5oII2sq8rg76ZQ+Dfk8i +upjp4MVPvowh/+ys+WNMW5MA5k1dwYyU1MZ20O/aa9VTMkb4DPyv4pXZgi1dBCMc +YskPRVoPPsE5xl3DZ3h4qZ039MbcalXFYe65689+Ra1O4/dsXR5raQIDAQABo00w +SzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTKtXdQZA8cZkS/89eiih4GTJX+fDAfBgNV +HSMEGDAWgBSOBr1U4h5PYyOqGe/gJgwWk7FfezANBgkqhkiG9w0BAQsFAAOCAQEA +IWynyo8ezt+So+w29h7z2ZS3/EcrErnSiDDJ0DaE/vcvflrT/tEPeDHTxy61qQuX +KoseO84foFqLPu1YqgSjRgmbk76gt8aAu0lr6/t0RHWdHKZG3QtK8696pGoMAhVg +Ha3f/YYaEkqSnHwU+/vxEXEkGHM22UHwb7dtH2LfBHtoQtjE6M+Ulv6QdkLj2LFD +XMKJIyAlibTRMW8YOP4G/DekCq1DstUOcTn7BFqeAjjzYwv3NHpOJHdZrUgyGb7B +QqDXf2rM3s7LEpwDMvfdraAEWld4/LRLkfau/PfKD5YwGYg3Nb45xyXFSEijVjAr +23G8HAIcJJu2jUIWGr9OtQ== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert51.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert51.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert51.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert51.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9zCCAd+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgNDAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMBYxFDASBgNV +BAMTC1Rlc3Qgcm9vdCA0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +mTX2sHY42Ord9gWyB6GcdlLjjE+4zBJ1BoDpMnvJ89niMTuZTq1ViMp/B6RuTH+2 +YF3+riZYQDH9yM/8rgvAUIvK9STaq19Zrm0mnfQUo9yKdkfoJ+XvWuvK6f+NkAMg +xfhAD6eSupigTvov/w2IT8rS0dxo4KF6hKBL2aYlXhiEyi/NmsEPZWvVh+qk3L/Q +GSwpgC+DhVoQzFRofUdK9O9MkgR675iftaFDvyi7F0fxrSLfB/Wy4cgRYzIW6pyN +2sXWivKdLI3bgB01ffdbO17ZAGILK1whO29/bX6hbH09Y/H7jR2vjy+KP9N0PEa3 +7SBymlokB3A8wq/LWPYPeQIDAQABo1AwTjAMBgNVHRMEBTADAQEBMB0GA1UdDgQW +BBSOBd1fH00Y9r5S8cELj/9IT4BGlDAfBgNVHSMEGDAWgBSOBd1fH00Y9r5S8cEL +j/9IT4BGlDANBgkqhkiG9w0BAQsFAAOCAQEAWhrHGIMcEG2UJfv920hftxi+Jvj/ +ivrhEscqlVA0QNLqZV8v/ai/AiypDLk7uwKtsxF2i+sl81473aSFS9hh3F83/ofm +x8EU8X1FBQHN1zyAEpZyPXr7MiaTXn4w5sCeZLmpWyxGk+cRiPVRE0QUbXDGfVRp +3v984oCUMUzbb+zv6QlkHa6m/kZq0qrnNVVp0X4c7/Pb5elJOVlKnIslNgd/eLrz +zSabToAX9OP6tbJdSRky/LmIYW+CXH/Y4YVwpEu7NisZmDo6lnCBoRQB3QgxoMLp +mM+RUY+AyHr0ZsSUSb6iicJMRZ3mhxCLvnK/Noe/3hq4pUk4Sit7s7JL7A== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert52.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert52.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert52.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert52.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgNDAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMCYxJDAiBgNV +BAMTG1Rlc3QgaW50ZXJtZWRpYXRlIG1heHBhdGggMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANpGlBMXdo8cO9oqUw/b6PMwiMNV8LCe6wB9VKHPa6OG +Q0o8Xqktgwnh1rojgpMhbCApE7UXeMr6ZGq/NtqmO1hO5adV5JehWZyvg7j4EBpG +g8iWo0jNpKMJ0Yx1uBkkljEdZLTHa4bK/zy2NKqDNS2yWs9/M5+xw5XE2ecAg7FT +cXhf3q50V+M6T2IaQ9BxntTyCT8IIF2eRM/t9Y944s9Rfzm/KQVKRYPudX7YhTt9 +iqCJB4JoqYhs3HEO0wPkJxY4KBTUCN94s+7jUFdRrYxe+8Ya6tIYWqD38i5qdGhY +xrVey1LatsDJQ2EgNYobM/LjoCLK1WUssEqf0OU2bi0CAwEAAaNTMFEwDwYDVR0T +BAgwBgEBAQIBATAdBgNVHQ4EFgQUOBl8edVm/H5xdS2EGEeLzftZ/DUwHwYDVR0j +BBgwFoAUjgXdXx9NGPa+UvHBC4//SE+ARpQwDQYJKoZIhvcNAQELBQADggEBAGKh +pBhYSGN0KGWIG4GG4mVoTiw880ehetDuTpl3ymZNqkoUuTaAtU3PJWOctcJva7h6 +4PSgyabi/WQmhntR1GxCUt0GTuhHmyJYsSwakXUgMgF6W6TKcxg6m4vjMkkrf+ZT +1lO/MiwxhTTluHPGkl/nBG+uxySInuQMDvdyQDXp2e17qxops+G+1UnRJinqLtsd +LMkCOT4pyh6B5ysnJ8gP1Z2EKWjhKJcIHRMUm7Ap/pf8Zgh5LIqdRtDSuNuTmPLP +lkgoebOCO3c/mWCciR0xGCcz86G3fYznvGp4XqHnRkg3SpAcHQbQ/nSHA+1LdfFi +nqZQPnJPVsJctDR935c= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert53.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert53.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert53.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert53.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDEwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAmMSQwIgYDVQQDExtUZXN0IGludGVybWVkaWF0ZSBtYXhwYXRoIDIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKAaAcY1Y2QRZYWft5pTiQ +LZaNHdG1wGyhbUyVCd1S/BZQeBxt8iDueHro6LpeXcioAyMePUnQQ8ZzBN+Yt1pG +83fwqNMyHf8WIWutQvQw2CIbGORO2FaCx9XgL+Le9ENMJb7ZQwV13r7PuHAV/6V1 +OwI/1Cn73cZ2uyWu8BHZbSqMctQsAkaT/pbPEUbrF4KB2GSigM+mux+Vkn9w3VK6 +pNg5pUwCP0lqi9K1RNWEXyi4NQumrR+IEiaiV05twZ1oBaWBGXSTw12hIulZ3/v6 +GLiwfk9I5mr7yDWVDdyCsTu1rhfen+Lp4ClyfWHISRPL1mko4W9leczgPWPz4pIp +AgMBAAGjUDBOMAwGA1UdEwQFMAMBAQEwHQYDVR0OBBYEFMI3a8MtjW1x6dPPJGaV +LhMF7bGKMB8GA1UdIwQYMBaAFDgZfHnVZvx+cXUthBhHi837Wfw1MA0GCSqGSIb3 +DQEBCwUAA4IBAQCprzpoj6UaEG4eqLg2L3HqsvY73/XE8ytuZ9wDC3HodnmpezUX +48XwJPHFO7OGPGWZgsU2qX/Zp7yUXkVFSK4VnmnSzUtXNVlU0oWEEOzQLrpphksH +dcF8YNN/Y65KnhzIU784uHeFefUpPaE6yS5OSZboptZWVF9y1LoU3F7gN0UGvVG9 +hflz5O0/KvmYd+6+Yrje+2lbHiJHNXLmOPiZyk9TBDknygBuU14IOWghQim3yks9 +tKk8D38Vl85V5aG9nO4STjx5J8BtSl0x6wW3t9WwU5UC9geCROhZI1XRBafIoKkn +VSgHLpLTARtLikbbg/3SxpnW12msHvgLVasf +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert54.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert54.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert54.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert54.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDIwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAcMRowGAYDVQQDExFUZXN0IExlYWYgNCB2YWxpZDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJEq4FhQ+JWENERf895iWY59ZYDQZIZwj9IX +Iib/3raDDd2wgfrnPH6NMMQ0NmXG80wENKgTZ4ybwCdarJWQPW6CASpk/CUosYov +9V0w1iNxOWjr19YepVuuqVbCMy5tDQH9FSZ9sS8NGL/IXym8I3DXgH5uxgsCQfLJ +I3pDCifPnuqT+GR8Zq5zqNJFJQoPMPESs2erGCcV9RE3pFjxFEl67HEP2Eo6Ts4y +w6YdZTuIFRKwYXSYCaSc56pK0QYke3/4SK6QFd8DlG7X68ayG+RVzjPa7f7L1kUa +8yFBpwb6NOFmfikBz7DJ/vcfIvv7bnjoNSi37NdIVtEVrE0I5jkCAwEAAaNNMEsw +CQYDVR0TBAIwADAdBgNVHQ4EFgQUjga9VOIeT2Mjqhnv4CYMFpOxX3swHwYDVR0j +BBgwFoAUwjdrwy2NbXHp088kZpUuEwXtsYowDQYJKoZIhvcNAQELBQADggEBADdp +VpPr4AzE7ecrhclQKGjPa7leaorYuevjTLWsieY17mVQhlMX1itTNXlPBUfPAsOd +O7LUgY0yZOnV7l8TbfGal8pIF+acgFLgqM5A6z8ngChMi6iKEZChDVffAVHJs3e/ +WUm7VeFY8Mvwnay3iHj2trC7XQX2SZCovXYfNP3bVyqIaDNqt6SPY1skouWpmmUn +ISzcyH6EU/CegFjHJyXxrsIW9Nv2mDejrmcR0EJOmEAfWUgonfemeX93xkwZHW2s +lZ8/e6rTPPSGdhY/b4VRu6o1FpLcPLGZSgPwYBNVYtgT4WsoT0xUvm6Y1WipiZda +B/bpiL8l4GSVtTw1Jko= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert61.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert61.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert61.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert61.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgMjAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMBYxFDASBgNV +BAMTC1Rlc3Qgcm9vdCAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +mTX2sHY42Ord9gWyB6GcdlLjjE+4zBJ1BoDpMnvJ89niMTuZTq1ViMp/B6RuTH+2 +YF3+riZYQDH9yM/8rgvAUIvK9STaq19Zrm0mnfQUo9yKdkfoJ+XvWuvK6f+NkAMg +xfhAD6eSupigTvov/w2IT8rS0dxo4KF6hKBL2aYlXhiEyi/NmsEPZWvVh+qk3L/Q +GSwpgC+DhVoQzFRofUdK9O9MkgR675iftaFDvyi7F0fxrSLfB/Wy4cgRYzIW6pyN +2sXWivKdLI3bgB01ffdbO17ZAGILK1whO29/bX6hbH09Y/H7jR2vjy+KP9N0PEa3 +7SBymlokB3A8wq/LWPYPeQIDAQABo1MwUTAPBgNVHRMECDAGAQEBAgEBMB0GA1Ud +DgQWBBSOBd1fH00Y9r5S8cELj/9IT4BGlDAfBgNVHSMEGDAWgBSOBd1fH00Y9r5S +8cELj/9IT4BGlDANBgkqhkiG9w0BAQsFAAOCAQEAB9nLaqxsBW0isDaBGNJyzH9O +WqYY0hex9tm3UqygfE9b9aahykpkowQIzh4D9Xpbd0hZGVlK/sw2qsKj6gDOiMtL +uWs4gaFNWIQqhVsTzL88c7XaW55n+TRQdVZyy38DZVWphte1Mumc9WB8N15rZTDh +iXjwGl0mrV1egq4hJZLpy14f6ihqU7KGfmc9onxvgvWxYLi+5v8874c4ophSKsI2 +qVE8iZ6uq2oQ66Pd5S50cYk6MEW5lifAhLM5WFZmW7dRKmykBGZ9rFrJrIvhkmh9 +He7q6TEQP1Wcoc147nIg0BTkHGtdrEv3jIX6UKKUEwUUk9ARB1mSodZQHBhuww== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert62.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert62.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert62.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert62.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBzCCAe+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgMjAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMCYxJDAiBgNV +BAMTG1Rlc3QgaW50ZXJtZWRpYXRlIG1heHBhdGggMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANpGlBMXdo8cO9oqUw/b6PMwiMNV8LCe6wB9VKHPa6OG +Q0o8Xqktgwnh1rojgpMhbCApE7UXeMr6ZGq/NtqmO1hO5adV5JehWZyvg7j4EBpG +g8iWo0jNpKMJ0Yx1uBkkljEdZLTHa4bK/zy2NKqDNS2yWs9/M5+xw5XE2ecAg7FT +cXhf3q50V+M6T2IaQ9BxntTyCT8IIF2eRM/t9Y944s9Rfzm/KQVKRYPudX7YhTt9 +iqCJB4JoqYhs3HEO0wPkJxY4KBTUCN94s+7jUFdRrYxe+8Ya6tIYWqD38i5qdGhY +xrVey1LatsDJQ2EgNYobM/LjoCLK1WUssEqf0OU2bi0CAwEAAaNQME4wDAYDVR0T +BAUwAwEBATAdBgNVHQ4EFgQUOBl8edVm/H5xdS2EGEeLzftZ/DUwHwYDVR0jBBgw +FoAUjgXdXx9NGPa+UvHBC4//SE+ARpQwDQYJKoZIhvcNAQELBQADggEBAFwZriTu +DKkiDHFfz3UX4fIxYTHCi4TveYZGPeTbxhBb3XZC5qDF4T5HvCTSkG9+oFfZzI1a +lPN2yZB7QnmHJoyWa5fuovwUL0iI3iIZMqU56tdVPW8gkJe++U5kHMSpz2VF0eo8 +7XkKWxZovRwczgfDFRP9zM9CylyzQjqxx6kbxJozWnwc5UrVbJMaPIqonXp1nDoZ +i878+hX4rJUEjgO6Sa9GVZQpmuCrQF0qKsTiUBzZN67hoD3xoTAYi5IXQE2tRD1N +j3zwng9liCsxurGMnuV0BPWv/IDYRu/syjee1Qv1VFeRto5D4Rldmi2p1f5iWJCk +5m5YpRsknaICjYs= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert63.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert63.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert63.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert63.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDEwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAcMRowGAYDVQQDExFUZXN0IExlYWYgdmFsaWQgMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAIoBoBxjVjZBFlhZ+3mlOJAtlo0d0bXAbKFt +TJUJ3VL8FlB4HG3yIO54eujoul5dyKgDIx49SdBDxnME35i3Wkbzd/Co0zId/xYh +a61C9DDYIhsY5E7YVoLH1eAv4t70Q0wlvtlDBXXevs+4cBX/pXU7Aj/UKfvdxna7 +Ja7wEdltKoxy1CwCRpP+ls8RRusXgoHYZKKAz6a7H5WSf3DdUrqk2DmlTAI/SWqL +0rVE1YRfKLg1C6atH4gSJqJXTm3BnWgFpYEZdJPDXaEi6Vnf+/oYuLB+T0jmavvI +NZUN3IKxO7WuF96f4ungKXJ9YchJE8vWaSjhb2V5zOA9Y/PikikCAwEAAaNNMEsw +CQYDVR0TBAIwADAdBgNVHQ4EFgQUwjdrwy2NbXHp088kZpUuEwXtsYowHwYDVR0j +BBgwFoAUOBl8edVm/H5xdS2EGEeLzftZ/DUwDQYJKoZIhvcNAQELBQADggEBABrt +2fKOUwAb5EFD/ebXMM4Qzg6sFYpq/mcnPlmGmqwNzmumlgYUBS15liTnA4nBgR09 +b2sejlwnzcnrsFB18YCmE/TIPuh3XMJXmUxjcnCy3qPuSwpuwG3brUGQPiIZhRZz +1+iSc7uba/JGaTqLBItaRPlB6dD3jqY3UowFaWvnYiVmCXg147EBC5Mn2EDiukg0 +xsqM03yfpUkp4/W9+WpJuGNyhicSJbNxlh3zEjrgWeMvhnFmrTr7ss6P2ZoKGS3/ +QrZBLUzkk25hCF3dTNfTDVSQUt0rONJvx3ym+Kp+zQWc/oHsDs0STs5Db2J0dGp8 +VEyxyevfwivF4EQ70Jw= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert71.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert71.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert71.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert71.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgMjAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMBYxFDASBgNV +BAMTC1Rlc3Qgcm9vdCAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +mTX2sHY42Ord9gWyB6GcdlLjjE+4zBJ1BoDpMnvJ89niMTuZTq1ViMp/B6RuTH+2 +YF3+riZYQDH9yM/8rgvAUIvK9STaq19Zrm0mnfQUo9yKdkfoJ+XvWuvK6f+NkAMg +xfhAD6eSupigTvov/w2IT8rS0dxo4KF6hKBL2aYlXhiEyi/NmsEPZWvVh+qk3L/Q +GSwpgC+DhVoQzFRofUdK9O9MkgR675iftaFDvyi7F0fxrSLfB/Wy4cgRYzIW6pyN +2sXWivKdLI3bgB01ffdbO17ZAGILK1whO29/bX6hbH09Y/H7jR2vjy+KP9N0PEa3 +7SBymlokB3A8wq/LWPYPeQIDAQABo1MwUTAPBgNVHRMECDAGAQEBAgEBMB0GA1Ud +DgQWBBSOBd1fH00Y9r5S8cELj/9IT4BGlDAfBgNVHSMEGDAWgBSOBd1fH00Y9r5S +8cELj/9IT4BGlDANBgkqhkiG9w0BAQsFAAOCAQEAB9nLaqxsBW0isDaBGNJyzH9O +WqYY0hex9tm3UqygfE9b9aahykpkowQIzh4D9Xpbd0hZGVlK/sw2qsKj6gDOiMtL +uWs4gaFNWIQqhVsTzL88c7XaW55n+TRQdVZyy38DZVWphte1Mumc9WB8N15rZTDh +iXjwGl0mrV1egq4hJZLpy14f6ihqU7KGfmc9onxvgvWxYLi+5v8874c4ophSKsI2 +qVE8iZ6uq2oQ66Pd5S50cYk6MEW5lifAhLM5WFZmW7dRKmykBGZ9rFrJrIvhkmh9 +He7q6TEQP1Wcoc147nIg0BTkHGtdrEv3jIX6UKKUEwUUk9ARB1mSodZQHBhuww== +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert72.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert72.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert72.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert72.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBzCCAe+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtUZXN0 +IHJvb3QgMjAeFw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMCYxJDAiBgNV +BAMTG1Rlc3QgaW50ZXJtZWRpYXRlIG1heHBhdGggMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANpGlBMXdo8cO9oqUw/b6PMwiMNV8LCe6wB9VKHPa6OG +Q0o8Xqktgwnh1rojgpMhbCApE7UXeMr6ZGq/NtqmO1hO5adV5JehWZyvg7j4EBpG +g8iWo0jNpKMJ0Yx1uBkkljEdZLTHa4bK/zy2NKqDNS2yWs9/M5+xw5XE2ecAg7FT +cXhf3q50V+M6T2IaQ9BxntTyCT8IIF2eRM/t9Y944s9Rfzm/KQVKRYPudX7YhTt9 +iqCJB4JoqYhs3HEO0wPkJxY4KBTUCN94s+7jUFdRrYxe+8Ya6tIYWqD38i5qdGhY +xrVey1LatsDJQ2EgNYobM/LjoCLK1WUssEqf0OU2bi0CAwEAAaNQME4wDAYDVR0T +BAUwAwEBATAdBgNVHQ4EFgQUOBl8edVm/H5xdS2EGEeLzftZ/DUwHwYDVR0jBBgw +FoAUjgXdXx9NGPa+UvHBC4//SE+ARpQwDQYJKoZIhvcNAQELBQADggEBAFwZriTu +DKkiDHFfz3UX4fIxYTHCi4TveYZGPeTbxhBb3XZC5qDF4T5HvCTSkG9+oFfZzI1a +lPN2yZB7QnmHJoyWa5fuovwUL0iI3iIZMqU56tdVPW8gkJe++U5kHMSpz2VF0eo8 +7XkKWxZovRwczgfDFRP9zM9CylyzQjqxx6kbxJozWnwc5UrVbJMaPIqonXp1nDoZ +i878+hX4rJUEjgO6Sa9GVZQpmuCrQF0qKsTiUBzZN67hoD3xoTAYi5IXQE2tRD1N +j3zwng9liCsxurGMnuV0BPWv/IDYRu/syjee1Qv1VFeRto5D4Rldmi2p1f5iWJCk +5m5YpRsknaICjYs= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert73.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert73.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert73.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert73.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFzCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDEwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAmMSQwIgYDVQQDExtUZXN0IGludGVybWVkaWF0ZSBtYXhwYXRoIDEw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaRpQTF3aPHDvaKlMP2+jz +MIjDVfCwnusAfVShz2ujhkNKPF6pLYMJ4da6I4KTIWwgKRO1F3jK+mRqvzbapjtY +TuWnVeSXoVmcr4O4+BAaRoPIlqNIzaSjCdGMdbgZJJYxHWS0x2uGyv88tjSqgzUt +slrPfzOfscOVxNnnAIOxU3F4X96udFfjOk9iGkPQcZ7U8gk/CCBdnkTP7fWPeOLP +UX85vykFSkWD7nV+2IU7fYqgiQeCaKmIbNxxDtMD5CcWOCgU1AjfeLPu41BXUa2M +XvvGGurSGFqg9/IuanRoWMa1XstS2rbAyUNhIDWKGzPy46AiytVlLLBKn9DlNm4t +AgMBAAGjUDBOMAwGA1UdEwQFMAMBAQEwHQYDVR0OBBYEFDgZfHnVZvx+cXUthBhH +i837Wfw1MB8GA1UdIwQYMBaAFDgZfHnVZvx+cXUthBhHi837Wfw1MA0GCSqGSIb3 +DQEBCwUAA4IBAQDPQC9vYJegBgVZHu0StoRT7L6ShWcZc5Z/TeyrqJBdoiguSRq5 +kMiFXZpksxeFlIUYry21MigYqxOXGZ2GZYNqhLpYVh7hzAY8uYvf4U70q88zj7mw +gIcgEaMd71GHqbb2O5x3fCN7vLeU5DFYBWfqLlkL57Uqr2aRDHlucryyRNordicN +WbCxPozmqtbNMABEUbjLMCCuzJeNRSZbS0OOod6Xd3N00EK7PqaRhbihbq3L6gUG +MjUI2keSxW4vXcDfI5Hqem6SHpCc3retx2VUgwIDAoTrw7E4dwmyC4Tp7TDJL/+d +GU8qhRmoQer7mLUzpb3s8mq/4rZx+alTQ3gu +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/dir4/cert74.crt new/mbedtls-1.3.15/tests/data_files/dir4/cert74.crt --- old/mbedtls-1.3.14/tests/data_files/dir4/cert74.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/mbedtls-1.3.15/tests/data_files/dir4/cert74.crt 2015-11-05 16:44:46.000000000 +0100 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtUZXN0 +IGludGVybWVkaWF0ZSBtYXhwYXRoIDEwHhcNMDEwMTAxMDAwMDAwWhcNMzAxMjMx +MjM1OTU5WjAcMRowGAYDVQQDExFUZXN0IExlYWYgdmFsaWQgMzCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAIoBoBxjVjZBFlhZ+3mlOJAtlo0d0bXAbKFt +TJUJ3VL8FlB4HG3yIO54eujoul5dyKgDIx49SdBDxnME35i3Wkbzd/Co0zId/xYh +a61C9DDYIhsY5E7YVoLH1eAv4t70Q0wlvtlDBXXevs+4cBX/pXU7Aj/UKfvdxna7 +Ja7wEdltKoxy1CwCRpP+ls8RRusXgoHYZKKAz6a7H5WSf3DdUrqk2DmlTAI/SWqL +0rVE1YRfKLg1C6atH4gSJqJXTm3BnWgFpYEZdJPDXaEi6Vnf+/oYuLB+T0jmavvI +NZUN3IKxO7WuF96f4ungKXJ9YchJE8vWaSjhb2V5zOA9Y/PikikCAwEAAaNNMEsw +CQYDVR0TBAIwADAdBgNVHQ4EFgQUwjdrwy2NbXHp088kZpUuEwXtsYowHwYDVR0j +BBgwFoAUOBl8edVm/H5xdS2EGEeLzftZ/DUwDQYJKoZIhvcNAQELBQADggEBAK9R +J7H8epG2NagZ3Gpl6R1jSiIixWlPJci2Bz1Nr8NIER64TJCKHeh9ku6tzSdrVL3B +2rj5GmpubDXEWAKfMtt0ccF2UIva9rDMNzaAnCSevWHXf9Httr84X6RmhtXb9/Rm +fp3W+L0GlDfHfHn8uoVdQe5e6xkmGxtcHDUsyO/CJMkrwUyoB8zs7UtlNtOf45H4 +PPg09lzV7RQ9vFIH48F/4gZW+w3AqN9ZwvYkGcJUY8tyHpb9hDrR4F6loVInrlCE +0pQiQXNCdee1za9QsScSjYNxGfR2Dkzote41H098jvLalLTTg5Fqx/AylnX285FI +ETGOumNQ51IJLUpq+hc= +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/data_files/server1.key_usage.crt new/mbedtls-1.3.15/tests/data_files/server1.key_usage.crt --- old/mbedtls-1.3.14/tests/data_files/server1.key_usage.crt 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/tests/data_files/server1.key_usage.crt 2015-11-05 16:44:46.000000000 +0100 @@ -10,11 +10,11 @@ lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf -BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAQEEBAMCAeAw -DQYJKoZIhvcNAQEFBQADggEBAFd3JxNC2rEz94ProSZcv8NNk3e3Dhfms84qjkCM -YhLyZCZywZ2cj3bXThNGVND81UNgqyzk/MEGfKh5d0EHD8v97H7Zvs/EN814d0UC -/BZWlXqX9XInjxlI3baJrRWvsJJdRxMqub9LGBdhgZAtF1BVF9fk2QrV0GW6VN7a -dGYdRYO80yf+vf5g41A0DIi3dhdLF1H7UPDwfUwkF5QckXw0yqueszcmxvCAnxng -AUKoFS971WWCjCo8lMzOXOjeAwmibihT9XBabVzN1w3gOfSBbpHFi770bWgbKPWu -csFKtvrXGtLVQeKkfI1lIMWWeddvkMWWBIqFrkBBLLOI4+A= +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCAeAw +DQYJKoZIhvcNAQEFBQADggEBABKC/1x0m57EY4H412ue3ghCWgg07VcRKamnUSTs +tnqI5T0mSvuPrxhINdQB6360ibctBkXP3S9rxGHiUdeK/JqxYs2YamCs50TSWpon +p4Hzcmjsw1YgXsQ6pmYwkzU03zqs361gt7JSOzL2dN0IjwIy47qfLQb/AXhX2Ims +7gBuqVpYqJuSHR0qsN/c6WgIE3IrbK1MB6CJTkxBfcSc5E4oUIBHmww+RSVLOczM +nGk3U13dmfG0ndhMtrMyyxBZZSUwoZLjRZ6J5mHSv+k8oo1PYQeiivNEP53mgVaY +ha0gLUIk6zNBRpY1uUmxQ+RQSMIyYPBb1RedHn2s8El2mlo= -----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/suites/test_suite_version.data new/mbedtls-1.3.15/tests/suites/test_suite_version.data --- old/mbedtls-1.3.14/tests/suites/test_suite_version.data 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/tests/suites/test_suite_version.data 2015-11-05 16:44:46.000000000 +0100 @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"1.3.14" +check_compiletime_version:"1.3.15" Check runtime library version -check_runtime_version:"1.3.14" +check_runtime_version:"1.3.15" Check for POLARSSL_VERSION_C check_feature:"POLARSSL_VERSION_C":0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/suites/test_suite_x509parse.data new/mbedtls-1.3.15/tests/suites/test_suite_x509parse.data --- old/mbedtls-1.3.14/tests/suites/test_suite_x509parse.data 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/tests/suites/test_suite_x509parse.data 2015-11-05 16:44:46.000000000 +0100 @@ -1124,6 +1124,38 @@ depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_SHA256_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED x509_crt_parse_path:"data_files/dir3":1:2 +X509 CRT verify chain #1 (zero pathlen intermediate) +depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":BADCERT_NOT_TRUSTED + +X509 CRT verify chain #2 (zero pathlen root) +depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_crt_verify_chain:"data_files/dir4/cert23.crt data_files/dir4/cert22.crt":"data_files/dir4/cert21.crt":BADCERT_NOT_TRUSTED + +X509 CRT verify chain #3 (nonzero pathlen root) +depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_crt_verify_chain:"data_files/dir4/cert34.crt data_files/dir4/cert33.crt data_files/dir4/cert32.crt":"data_files/dir4/cert31.crt":BADCERT_NOT_TRUSTED + +X509 CRT verify chain #4 (nonzero pathlen intermediate) +depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_crt_verify_chain:"data_files/dir4/cert45.crt data_files/dir4/cert44.crt data_files/dir4/cert43.crt data_files/dir4/cert42.crt":"data_files/dir4/cert41.crt":BADCERT_NOT_TRUSTED + +X509 CRT verify chain #5 (nonzero maxpathlen intermediate) +depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_crt_verify_chain:"data_files/dir4/cert54.crt data_files/dir4/cert53.crt data_files/dir4/cert52.crt":"data_files/dir4/cert51.crt":0 + +X509 CRT verify chain #6 (nonzero maxpathlen root) +depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_crt_verify_chain:"data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0 + +X509 CRT verify chain #7 (maxpathlen root, self signed in path) +depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_crt_verify_chain:"data_files/dir4/cert74.crt data_files/dir4/cert73.crt data_files/dir4/cert72.crt":"data_files/dir4/cert71.crt":0 + +X509 CRT verify chain #8 (self signed maxpathlen root) +depends_on:POLARSSL_SHA256_C:POLARSSL_RSA_C +x509_crt_verify_chain:"data_files/dir4/cert61.crt data_files/dir4/cert63.crt data_files/dir4/cert62.crt":"data_files/dir4/cert61.crt":0 + X509 OID description #1 x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mbedtls-1.3.14/tests/suites/test_suite_x509parse.function new/mbedtls-1.3.15/tests/suites/test_suite_x509parse.function --- old/mbedtls-1.3.14/tests/suites/test_suite_x509parse.function 2015-10-05 20:06:46.000000000 +0200 +++ new/mbedtls-1.3.15/tests/suites/test_suite_x509parse.function 2015-11-05 16:44:46.000000000 +0100 @@ -83,6 +83,36 @@ return( 0 ); } #endif /* POLARSSL_X509_CRT_PARSE_C */ + +/* strsep() not available on Windows */ +char *mystrsep(char **stringp, const char *delim) +{ + const char *p; + char *ret = *stringp; + + if( *stringp == NULL ) + return( NULL ); + + for( ; ; (*stringp)++ ) + { + if( **stringp == '\0' ) + { + *stringp = NULL; + goto done; + } + + for( p = delim; *p != '\0'; p++ ) + if( **stringp == *p ) + { + **stringp = '\0'; + (*stringp)++; + goto done; + } + } + +done: + return( ret ); +} /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -443,6 +473,34 @@ x509_crt_free( &chain ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */ +void x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int flags_result ) +{ + char* act; + int flags; + int result, res; + x509_crt trusted, chain; + + result = flags_result ? POLARSSL_ERR_X509_CERT_VERIFY_FAILED : 0; + + x509_crt_init( &chain ); + x509_crt_init( &trusted ); + + while( ( act = mystrsep( &chain_paths, " " ) ) != NULL ) + TEST_ASSERT( x509_crt_parse_file( &chain, act ) == 0 ); + TEST_ASSERT( x509_crt_parse_file( &trusted, trusted_ca ) == 0 ); + + res = x509_crt_verify( &chain, &trusted, NULL, NULL, &flags, NULL, NULL ); + + TEST_ASSERT( res == result ); + TEST_ASSERT( flags == flags_result ); + +exit: + x509_crt_free( &trusted ); + x509_crt_free( &chain ); +} +/* END_CASE */ /* BEGIN_CASE depends_on:POLARSSL_X509_USE_C */ void x509_oid_desc( char *oid_str, char *ref_desc )
