Merge remote-tracking branch 'upstream-public/pr/1141' into development
diff --git a/.github/issue_template.md b/.github/issue_template.md
index 33f68fb..5e9d83d 100644
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -8,7 +8,7 @@
## Bug
**OS**
-mbed-OS|linux|windows|
+Mbed OS|linux|windows|
**mbed TLS build:**
Version: x.x.x or git commit id
@@ -38,4 +38,4 @@
## Question
-**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)**
+**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://tls.mbed.org/discussions)**
diff --git a/ChangeLog b/ChangeLog
index ef20788..6e404ff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,19 +2,60 @@
= mbed TLS x.x.x branch released xxxx-xx-xx
+Security
+ * Fix a potential heap buffer overflow in mbedtls_ssl_write. When the (by
+ default enabled) maximum fragment length extension is disabled in the
+ config and the application data buffer passed to mbedtls_ssl_write
+ is larger than the internal message buffer (16384 bytes by default), the
+ latter overflows. The exploitability of this issue depends on whether the
+ application layer can be forced into sending such large packets. The issue
+ was independently reported by Tim Nordell via e-mail and by Florin Petriuc
+ and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707.
+
Features
* Allow comments in test data files.
Bugfix
+ * Fix ssl_parse_record_header() to silently discard invalid DTLS records
+ as recommended in RFC 6347 Section 4.1.2.7.
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
Found by projectgus and jethrogb, #836.
* Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
* Parse signature algorithm extension when renegotiating. Previously,
renegotiated handshakes would only accept signatures using SHA-1
regardless of the peer's preferences, or fail if SHA-1 was disabled.
+ * Fix leap year calculation in x509_date_is_valid() to ensure that invalid
+ dates on leap years with 100 and 400 intervals are handled correctly. Found
+ by Nicholas Wilson. #694
+ * Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys.
+ Found independently by Florian in the mbed TLS forum and by Mishamax.
+ #878, #1019.
+ * Fix variable used before assignment compilation warnings with IAR
+ toolchain. Found by gkerrien38.
+ * Fix unchecked return codes from AES, DES and 3DES functions in
+ pem_aes_decrypt(), pem_des_decrypt() and pem_des3_decrypt() respectively.
+ If a call to one of the functions of the cryptographic primitive modules
+ failed, the error may not be noticed by the function
+ mbedtls_pem_read_buffer() causing it to return invalid values. Found by
+ Guido Vranken. #756
+ * Include configuration file in md.h, to fix compilation warnings.
+ Reported by aaronmdjones in #1001
+ * Correct extraction of signature-type from PK instance in X.509 CRT and CSR
+ writing routines that prevented these functions to work with alternative
+ RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011.
+ * Don't print X.509 version tag for v1 CRT's, and omit extensions for
+ non-v3 CRT's.
+ * Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024
+ * Fix net_would_block to avoid modification by errno through fcntl call.
+ Found by nkolban. Fixes #845.
* Fix handling of handshake messages in mbedtls_ssl_read in case
MBEDTLS_SSL_RENEGOTIATION is disabled. Found by erja-gp.
+Changes
+ * Extend cert_write example program by options to set the CRT version
+ and the message digest. Further, allow enabling/disabling of authority
+ identifier, subject identifier and basic constraints extensions.
+
= mbed TLS 2.6.0 branch released 2017-08-10
Security
diff --git a/README.md b/README.md
index 5ffd2ae..4270e80 100644
--- a/README.md
+++ b/README.md
@@ -1,37 +1,37 @@
-README for mbed TLS
+README for Mbed TLS
===================
Configuration
-------------
-mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions).
+Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions).
Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below).
Compiling
---------
-There are currently four active build systems used within mbed TLS releases:
+There are currently four active build systems used within Mbed TLS releases:
- yotta
- GNU Make
- CMake
-- Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010)
+- Microsoft Visual Studio (Microsoft Visual Studio 2010 or later)
The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
Yotta, as a build system, is slightly different from the other build systems:
- it provides a minimalistic configuration file by default
-- depending on the yotta target, features of mbed OS may be used in examples and tests
+- depending on the yotta target, features of Mbed OS may be used in examples and tests
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
### Yotta
-[yotta](http://yottabuild.org) is a package manager and build system developed by mbed, and is the build system of mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
+[yotta](http://yottabuild.org) is a package manager and build system developed by Mbed, and is the build system of Mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
-Once yotta is installed, you can use it to download the latest version of mbed TLS from the yotta registry with:
+Once yotta is installed, you can use it to download the latest version of Mbed TLS from the yotta registry with:
yotta install mbedtls
@@ -39,18 +39,18 @@
yotta build
-If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running:
+If, on the other hand, you already have a copy of Mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running:
yotta/create-module.sh
-This should be executed from the root mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual:
+This should be executed from the root Mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual:
cd yotta/module
yotta build
In any case, you'll probably want to set the yotta target before building unless it has already been set globally. For more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/).
-For more details on the yotta/mbed OS edition of mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
+For more details on the yotta/Mbed OS edition of Mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
### Make
@@ -78,9 +78,9 @@
Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`.
-Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
+Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
-In case you find that you need to do something else as well, please let us know what, so we can add it to the [mbed TLS knowledge base](https://tls.mbed.org/kb).
+In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS knowledge base](https://tls.mbed.org/kb).
### CMake
@@ -143,7 +143,7 @@
Tests
-----
-mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
+Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
@@ -158,14 +158,14 @@
We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`
-Porting mbed TLS
+Porting Mbed TLS
----------------
-mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful:
+Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful:
-- [Porting mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS)
-- [What external dependencies does mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
-- [How do I configure mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
+- [Porting Mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS)
+- [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
+- [How do I configure Mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
Contributing
------------
@@ -176,12 +176,12 @@
- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission.
- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
-To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given.
+To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://os.mbed.com/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
### Making a Contribution
1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
-2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
+2. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
3. Write a test which shows that the bug was fixed or that the feature works as expected.
4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :)
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 082832c..e159e57 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -59,7 +59,7 @@
/**
* \name DER constants
- * These constants comply with DER encoded the ANS1 type tags.
+ * These constants comply with the DER encoded ASN.1 type tags.
* DER encoding uses hexadecimal representation.
* An example DER sequence is:\n
* - 0x02 -- tag indicating INTEGER
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 9b996a9..89be847 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -27,6 +27,12 @@
#include <stddef.h>
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
diff --git a/library/entropy.c b/library/entropy.c
index 23de406..bf943aa 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -83,6 +83,9 @@
mbedtls_havege_init( &ctx->havege_data );
#endif
+ /* Reminder: Update ENTROPY_HAVE_STRONG in the test files
+ * when adding more strong entropy sources here. */
+
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL,
1, MBEDTLS_ENTROPY_SOURCE_STRONG );
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 31c42db..345f102 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -270,13 +270,18 @@
*/
static int net_would_block( const mbedtls_net_context *ctx )
{
+ int err = errno;
+
/*
* Never return 'WOULD BLOCK' on a non-blocking socket
*/
if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK )
+ {
+ errno = err;
return( 0 );
+ }
- switch( errno )
+ switch( errno = err )
{
#if defined EAGAIN
case EAGAIN:
diff --git a/library/pem.c b/library/pem.c
index 8dd86a4..87401ba 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -134,45 +134,55 @@
/*
* Decrypt with DES-CBC, using PBKDF1 for key derivation
*/
-static void pem_des_decrypt( unsigned char des_iv[8],
- unsigned char *buf, size_t buflen,
- const unsigned char *pwd, size_t pwdlen )
+static int pem_des_decrypt( unsigned char des_iv[8],
+ unsigned char *buf, size_t buflen,
+ const unsigned char *pwd, size_t pwdlen )
{
mbedtls_des_context des_ctx;
unsigned char des_key[8];
+ int ret;
mbedtls_des_init( &des_ctx );
pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
- mbedtls_des_setkey_dec( &des_ctx, des_key );
- mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
+ if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 )
+ goto exit;
+ ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
des_iv, buf, buf );
+exit:
mbedtls_des_free( &des_ctx );
mbedtls_zeroize( des_key, 8 );
+
+ return( ret );
}
/*
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
*/
-static void pem_des3_decrypt( unsigned char des3_iv[8],
- unsigned char *buf, size_t buflen,
- const unsigned char *pwd, size_t pwdlen )
+static int pem_des3_decrypt( unsigned char des3_iv[8],
+ unsigned char *buf, size_t buflen,
+ const unsigned char *pwd, size_t pwdlen )
{
mbedtls_des3_context des3_ctx;
unsigned char des3_key[24];
+ int ret;
mbedtls_des3_init( &des3_ctx );
pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
- mbedtls_des3_set3key_dec( &des3_ctx, des3_key );
- mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
+ if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
+ goto exit;
+ ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
des3_iv, buf, buf );
+exit:
mbedtls_des3_free( &des3_ctx );
mbedtls_zeroize( des3_key, 24 );
+
+ return( ret );
}
#endif /* MBEDTLS_DES_C */
@@ -180,23 +190,28 @@
/*
* Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
*/
-static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
- unsigned char *buf, size_t buflen,
- const unsigned char *pwd, size_t pwdlen )
+static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
+ unsigned char *buf, size_t buflen,
+ const unsigned char *pwd, size_t pwdlen )
{
mbedtls_aes_context aes_ctx;
unsigned char aes_key[32];
+ int ret;
mbedtls_aes_init( &aes_ctx );
pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
- mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
- mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
+ if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
+ goto exit;
+ ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
aes_iv, buf, buf );
+exit:
mbedtls_aes_free( &aes_ctx );
mbedtls_zeroize( aes_key, keylen );
+
+ return( ret );
}
#endif /* MBEDTLS_AES_C */
@@ -345,22 +360,30 @@
return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
}
+ ret = 0;
+
#if defined(MBEDTLS_DES_C)
if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
- pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
+ ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
- pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
+ ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_AES_C)
if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
- pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
+ ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
- pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
+ ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
- pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
+ ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
#endif /* MBEDTLS_AES_C */
+ if( ret != 0 )
+ {
+ mbedtls_free( buf );
+ return( ret );
+ }
+
/*
* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
* length bytes (allow 4 to be sure) in all known use cases.
diff --git a/library/pkparse.c b/library/pkparse.c
index efdf437..968c83f 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -844,6 +844,16 @@
/*
* Parse an unencrypted PKCS#8 encoded private key
+ *
+ * Notes:
+ *
+ * - This function does not own the key buffer. It is the
+ * responsibility of the caller to take care of zeroizing
+ * and freeing it after use.
+ *
+ * - The function is responsible for freeing the provided
+ * PK context on failure.
+ *
*/
static int pk_parse_key_pkcs8_unencrypted_der(
mbedtls_pk_context *pk,
@@ -859,7 +869,7 @@
const mbedtls_pk_info_t *pk_info;
/*
- * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
+ * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
*
* PrivateKeyInfo ::= SEQUENCE {
* version Version,
@@ -932,16 +942,22 @@
/*
* Parse an encrypted PKCS#8 encoded private key
+ *
+ * To save space, the decryption happens in-place on the given key buffer.
+ * Also, while this function may modify the keybuffer, it doesn't own it,
+ * and instead it is the responsibility of the caller to zeroize and properly
+ * free it after use.
+ *
*/
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
static int pk_parse_key_pkcs8_encrypted_der(
mbedtls_pk_context *pk,
- const unsigned char *key, size_t keylen,
+ unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen )
{
int ret, decrypted = 0;
size_t len;
- unsigned char buf[2048];
+ unsigned char *buf;
unsigned char *p, *end;
mbedtls_asn1_buf pbe_alg_oid, pbe_params;
#if defined(MBEDTLS_PKCS12_C)
@@ -949,16 +965,14 @@
mbedtls_md_type_t md_alg;
#endif
- memset( buf, 0, sizeof( buf ) );
-
- p = (unsigned char *) key;
+ p = key;
end = p + keylen;
if( pwdlen == 0 )
return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
/*
- * This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
+ * This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
*
* EncryptedPrivateKeyInfo ::= SEQUENCE {
* encryptionAlgorithm EncryptionAlgorithmIdentifier,
@@ -970,6 +984,7 @@
* EncryptedData ::= OCTET STRING
*
* The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
+ *
*/
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
@@ -985,11 +1000,10 @@
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
- if( len > sizeof( buf ) )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ buf = p;
/*
- * Decrypt EncryptedData with appropriate PDE
+ * Decrypt EncryptedData with appropriate PBE
*/
#if defined(MBEDTLS_PKCS12_C)
if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
@@ -1081,10 +1095,8 @@
if( ret == 0 )
{
- if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
- return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
+ pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
+ if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
pem.buf, pem.buflen ) ) != 0 )
{
@@ -1113,10 +1125,9 @@
key, pwd, pwdlen, &len );
if( ret == 0 )
{
- if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
- return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+ pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
+ if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
pem.buf, pem.buflen ) ) != 0 )
{
@@ -1194,12 +1205,24 @@
* error
*/
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
- if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
- pwd, pwdlen ) ) == 0 )
{
- return( 0 );
+ unsigned char *key_copy;
+
+ if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
+ return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+
+ memcpy( key_copy, key, keylen );
+
+ ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
+ pwd, pwdlen );
+
+ mbedtls_zeroize( key_copy, keylen );
+ mbedtls_free( key_copy );
}
+ if( ret == 0 )
+ return( 0 );
+
mbedtls_pk_free( pk );
if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
@@ -1214,29 +1237,35 @@
mbedtls_pk_free( pk );
#if defined(MBEDTLS_RSA_C)
- if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
- return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
- ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 )
+ pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
+ if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
+ ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
+ key, keylen ) ) != 0 )
+ {
+ mbedtls_pk_free( pk );
+ }
+ else
{
return( 0 );
}
- mbedtls_pk_free( pk );
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
- if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
- return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
- if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
- ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 )
+ pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
+ if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
+ ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
+ key, keylen ) ) != 0 )
+ {
+ mbedtls_pk_free( pk );
+ }
+ else
{
return( 0 );
}
- mbedtls_pk_free( pk );
#endif /* MBEDTLS_ECP_C */
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 335379f..554348f 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2266,7 +2266,7 @@
int ret;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->transform_negotiate->ciphersuite_info;
- unsigned char *p, *end;
+ unsigned char *p = NULL, *end = NULL;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 89eba05..2690e46 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3493,8 +3493,15 @@
ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ /* Silently ignore invalid DTLS records as recommended by RFC 6347
+ * Section 4.1.2.7 */
+ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
@@ -6180,7 +6187,6 @@
/* Check if new hostname is valid before
* making any change to current one */
-
if( hostname != NULL )
{
hostname_len = strlen( hostname );
@@ -6207,7 +6213,6 @@
else
{
ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
-
if( ssl->hostname == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
@@ -7074,7 +7079,9 @@
int ret;
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
-
+#else
+ size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN;
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
if( len > max_len )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -7089,7 +7096,6 @@
#endif
len = max_len;
}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
if( ssl->out_left != 0 )
{
@@ -7120,7 +7126,7 @@
*
* With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
* then the caller will call us again with the same arguments, so
- * remember wether we already did the split or not.
+ * remember whether we already did the split or not.
*/
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
static int ssl_write_split( mbedtls_ssl_context *ssl,
diff --git a/library/x509.c b/library/x509.c
index e94a8a3..371d6da 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -496,9 +496,10 @@
return( 0 );
}
-static int x509_date_is_valid(const mbedtls_x509_time *t)
+static int x509_date_is_valid(const mbedtls_x509_time *t )
{
int ret = MBEDTLS_ERR_X509_INVALID_DATE;
+ int month_len;
CHECK_RANGE( 0, 9999, t->year );
CHECK_RANGE( 0, 23, t->hour );
@@ -508,17 +509,22 @@
switch( t->mon )
{
case 1: case 3: case 5: case 7: case 8: case 10: case 12:
- CHECK_RANGE( 1, 31, t->day );
+ month_len = 31;
break;
case 4: case 6: case 9: case 11:
- CHECK_RANGE( 1, 30, t->day );
+ month_len = 30;
break;
case 2:
- CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day );
+ if( ( !( t->year % 4 ) && t->year % 100 ) ||
+ !( t->year % 400 ) )
+ month_len = 29;
+ else
+ month_len = 28;
break;
default:
return( ret );
}
+ CHECK_RANGE( 1, month_len, t->day );
return( 0 );
}
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 4d674ab..0af23d7 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -51,7 +51,7 @@
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{
- memset( ctx, 0, sizeof(mbedtls_x509write_cert) );
+ memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
mbedtls_mpi_init( &ctx->serial );
ctx->version = MBEDTLS_X509_CRT_VERSION_3;
@@ -65,7 +65,7 @@
mbedtls_asn1_free_named_data_list( &ctx->issuer );
mbedtls_asn1_free_named_data_list( &ctx->extensions );
- mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_cert) );
+ mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
}
void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version )
@@ -193,14 +193,14 @@
{
int ret;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
- unsigned char *c = buf + sizeof(buf);
+ unsigned char *c = buf + sizeof( buf );
size_t len = 0;
memset( buf, 0, sizeof(buf) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
- mbedtls_sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
- c = buf + sizeof(buf) - 20;
+ mbedtls_sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 );
+ c = buf + sizeof( buf ) - 20;
len = 20;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
@@ -212,7 +212,7 @@
return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
- 0, buf + sizeof(buf) - len, len );
+ 0, buf + sizeof( buf ) - len, len );
}
#endif /* MBEDTLS_SHA1_C */
@@ -313,12 +313,18 @@
c = tmp_buf + sizeof( tmp_buf );
/* Signature algorithm needed in TBS, and later for actual signature */
- pk_alg = mbedtls_pk_get_type( ctx->issuer_key );
- if( pk_alg == MBEDTLS_PK_ECKEY )
+
+ /* There's no direct way of extracting a signature algorithm
+ * (represented as an element of mbedtls_pk_type_t) from a PK instance. */
+ if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_RSA ) )
+ pk_alg = MBEDTLS_PK_RSA;
+ else if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_ECDSA ) )
pk_alg = MBEDTLS_PK_ECDSA;
+ else
+ return( MBEDTLS_ERR_X509_INVALID_ALG );
if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
- &sig_oid, &sig_oid_len ) ) != 0 )
+ &sig_oid, &sig_oid_len ) ) != 0 )
{
return( ret );
}
@@ -326,13 +332,18 @@
/*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*/
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
+
+ /* Only for v3 */
+ if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 )
+ {
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
+ }
/*
* SubjectPublicKeyInfo
@@ -384,16 +395,21 @@
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
- sub_len = 0;
- MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) );
- len += sub_len;
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
+
+ /* Can be omitted for v1 */
+ if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 )
+ {
+ sub_len = 0;
+ MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) );
+ len += sub_len;
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
+ }
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE ) );
+ MBEDTLS_ASN1_SEQUENCE ) );
/*
* Make signature
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 8fd856b..e800538 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -50,7 +50,7 @@
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
{
- memset( ctx, 0, sizeof(mbedtls_x509write_csr) );
+ memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
}
void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
@@ -58,7 +58,7 @@
mbedtls_asn1_free_named_data_list( &ctx->subject );
mbedtls_asn1_free_named_data_list( &ctx->extensions );
- mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_csr) );
+ mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_csr ) );
}
void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg )
@@ -194,14 +194,21 @@
*/
mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
- pk_alg = mbedtls_pk_get_type( ctx->key );
- if( pk_alg == MBEDTLS_PK_ECKEY )
- pk_alg = MBEDTLS_PK_ECDSA;
-
if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
- f_rng, p_rng ) ) != 0 ||
- ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
- &sig_oid, &sig_oid_len ) ) != 0 )
+ f_rng, p_rng ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_RSA ) )
+ pk_alg = MBEDTLS_PK_RSA;
+ else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) )
+ pk_alg = MBEDTLS_PK_ECDSA;
+ else
+ return( MBEDTLS_ERR_X509_INVALID_ALG );
+
+ if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
+ &sig_oid, &sig_oid_len ) ) != 0 )
{
return( ret );
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 5032a9f..8e2feb1 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -63,6 +63,9 @@
#include <stdlib.h>
#include <string.h>
+#define MAX_REQUEST_SIZE 20000
+#define MAX_REQUEST_SIZE_STR "20000"
+
#define DFL_SERVER_NAME "localhost"
#define DFL_SERVER_ADDR NULL
#define DFL_SERVER_PORT "4433"
@@ -242,8 +245,8 @@
" server_addr=%%s default: given by name\n" \
" server_port=%%d default: 4433\n" \
" request_page=%%s default: \".\"\n" \
- " request_size=%%d default: about 34 (basic request)\n" \
- " (minimum: 0, max: 16384)\n" \
+ " request_size=%%d default: about 34 (basic request)\n" \
+ " (minimum: 0, max: " MAX_REQUEST_SIZE_STR " )\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
@@ -437,7 +440,9 @@
{
int ret = 0, len, tail_len, i, written, frags, retry_left;
mbedtls_net_context server_fd;
- unsigned char buf[MBEDTLS_SSL_MAX_CONTENT_LEN + 1];
+
+ unsigned char buf[MAX_REQUEST_SIZE + 1];
+
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = 0;
@@ -602,7 +607,8 @@
else if( strcmp( p, "request_size" ) == 0 )
{
opt.request_size = atoi( q );
- if( opt.request_size < 0 || opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN )
+ if( opt.request_size < 0 ||
+ opt.request_size > MAX_REQUEST_SIZE )
goto usage;
}
else if( strcmp( p, "ca_file" ) == 0 )
@@ -1494,8 +1500,8 @@
mbedtls_printf( " > Write to server:" );
fflush( stdout );
- len = mbedtls_snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
- opt.request_page );
+ len = mbedtls_snprintf( (char *) buf, sizeof( buf ) - 1, GET_REQUEST,
+ opt.request_page );
tail_len = (int) strlen( GET_REQUEST_END );
/* Add padding to GET request to reach opt.request_size in length */
@@ -1506,7 +1512,7 @@
len += opt.request_size - len - tail_len;
}
- strncpy( (char *) buf + len, GET_REQUEST_END, sizeof(buf) - len - 1 );
+ strncpy( (char *) buf + len, GET_REQUEST_END, sizeof( buf ) - len - 1 );
len += tail_len;
/* Truncate if request size is smaller than the "natural" size */
@@ -1550,6 +1556,12 @@
frags = 1;
written = ret;
+
+ if( written < len )
+ {
+ mbedtls_printf( " warning\n ! request didn't fit into single datagram and "
+ "was truncated to size %u", (unsigned) written );
+ }
}
buf[written] = '\0';
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 66e5f1d..9cc582d 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -51,6 +51,7 @@
#include "mbedtls/x509_csr.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/md.h"
#include "mbedtls/error.h"
#include <stdio.h>
@@ -59,9 +60,9 @@
#if defined(MBEDTLS_X509_CSR_PARSE_C)
#define USAGE_CSR \
- " request_file=%%s default: (empty)\n" \
- " If request_file is specified, subject_key,\n" \
- " subject_pwd and subject_name are ignored!\n"
+ " request_file=%%s default: (empty)\n" \
+ " If request_file is specified, subject_key,\n" \
+ " subject_pwd and subject_name are ignored!\n"
#else
#define USAGE_CSR ""
#endif /* MBEDTLS_X509_CSR_PARSE_C */
@@ -83,50 +84,70 @@
#define DFL_MAX_PATHLEN -1
#define DFL_KEY_USAGE 0
#define DFL_NS_CERT_TYPE 0
+#define DFL_VERSION 3
+#define DFL_AUTH_IDENT 1
+#define DFL_SUBJ_IDENT 1
+#define DFL_CONSTRAINTS 1
+#define DFL_DIGEST MBEDTLS_MD_SHA256
#define USAGE \
"\n usage: cert_write param=<>...\n" \
"\n acceptable parameters:\n" \
USAGE_CSR \
- " subject_key=%%s default: subject.key\n" \
- " subject_pwd=%%s default: (empty)\n" \
- " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
+ " subject_key=%%s default: subject.key\n" \
+ " subject_pwd=%%s default: (empty)\n" \
+ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
"\n" \
- " issuer_crt=%%s default: (empty)\n" \
- " If issuer_crt is specified, issuer_name is\n" \
- " ignored!\n" \
- " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \
+ " issuer_crt=%%s default: (empty)\n" \
+ " If issuer_crt is specified, issuer_name is\n" \
+ " ignored!\n" \
+ " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \
"\n" \
- " selfsign=%%d default: 0 (false)\n" \
- " If selfsign is enabled, issuer_name and\n" \
- " issuer_key are required (issuer_crt and\n" \
- " subject_* are ignored\n" \
- " issuer_key=%%s default: ca.key\n" \
- " issuer_pwd=%%s default: (empty)\n" \
- " output_file=%%s default: cert.crt\n" \
- " serial=%%s default: 1\n" \
- " not_before=%%s default: 20010101000000\n"\
- " not_after=%%s default: 20301231235959\n"\
- " is_ca=%%d default: 0 (disabled)\n" \
- " max_pathlen=%%d default: -1 (none)\n" \
- " key_usage=%%s default: (empty)\n" \
- " Comma-separated-list of values:\n" \
- " digital_signature\n" \
- " non_repudiation\n" \
- " key_encipherment\n" \
- " data_encipherment\n" \
- " key_agreement\n" \
- " key_cert_sign\n" \
- " crl_sign\n" \
- " ns_cert_type=%%s default: (empty)\n" \
- " Comma-separated-list of values:\n" \
- " ssl_client\n" \
- " ssl_server\n" \
- " email\n" \
- " object_signing\n" \
- " ssl_ca\n" \
- " email_ca\n" \
- " object_signing_ca\n" \
+ " selfsign=%%d default: 0 (false)\n" \
+ " If selfsign is enabled, issuer_name and\n" \
+ " issuer_key are required (issuer_crt and\n" \
+ " subject_* are ignored\n" \
+ " issuer_key=%%s default: ca.key\n" \
+ " issuer_pwd=%%s default: (empty)\n" \
+ " output_file=%%s default: cert.crt\n" \
+ " serial=%%s default: 1\n" \
+ " not_before=%%s default: 20010101000000\n"\
+ " not_after=%%s default: 20301231235959\n"\
+ " is_ca=%%d default: 0 (disabled)\n" \
+ " max_pathlen=%%d default: -1 (none)\n" \
+ " md=%%s default: SHA256\n" \
+ " Supported values:\n" \
+ " MD5, SHA1, SHA256, SHA512\n"\
+ " version=%%d default: 3\n" \
+ " Possible values: 1, 2, 3\n"\
+ " subject_identifier=%%s default: 1\n" \
+ " Possible values: 0, 1\n" \
+ " (Considered for v3 only)\n"\
+ " authority_identifier=%%s default: 1\n" \
+ " Possible values: 0, 1\n" \
+ " (Considered for v3 only)\n"\
+ " basic_constraints=%%d default: 1\n" \
+ " Possible values: 0, 1\n" \
+ " (Considered for v3 only)\n"\
+ " key_usage=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " digital_signature\n" \
+ " non_repudiation\n" \
+ " key_encipherment\n" \
+ " data_encipherment\n" \
+ " key_agreement\n" \
+ " key_cert_sign\n" \
+ " crl_sign\n" \
+ " (Considered for v3 only)\n"\
+ " ns_cert_type=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " ssl_client\n" \
+ " ssl_server\n" \
+ " email\n" \
+ " object_signing\n" \
+ " ssl_ca\n" \
+ " email_ca\n" \
+ " object_signing_ca\n" \
"\n"
/*
@@ -149,6 +170,11 @@
int selfsign; /* selfsign the certificate */
int is_ca; /* is a CA certificate */
int max_pathlen; /* maximum CA path length */
+ int authority_identifier; /* add authority identifier to CRT */
+ int subject_identifier; /* add subject identifier to CRT */
+ int basic_constraints; /* add basic constraints ext to CRT */
+ int version; /* CRT version */
+ mbedtls_md_type_t md; /* Hash used for signing */
unsigned char key_usage; /* key usage flags */
unsigned char ns_cert_type; /* NS cert type */
} opt;
@@ -163,7 +189,8 @@
size_t len = 0;
memset( output_buf, 0, 4096 );
- if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096, f_rng, p_rng ) ) < 0 )
+ if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096,
+ f_rng, p_rng ) ) < 0 )
return( ret );
len = strlen( (char *) output_buf );
@@ -207,7 +234,6 @@
* Set to sane values
*/
mbedtls_x509write_crt_init( &crt );
- mbedtls_x509write_crt_set_md_alg( &crt, MBEDTLS_MD_SHA256 );
mbedtls_pk_init( &loaded_issuer_key );
mbedtls_pk_init( &loaded_subject_key );
mbedtls_mpi_init( &serial );
@@ -243,6 +269,11 @@
opt.max_pathlen = DFL_MAX_PATHLEN;
opt.key_usage = DFL_KEY_USAGE;
opt.ns_cert_type = DFL_NS_CERT_TYPE;
+ opt.version = DFL_VERSION - 1;
+ opt.md = DFL_DIGEST;
+ opt.subject_identifier = DFL_SUBJ_IDENT;
+ opt.authority_identifier = DFL_AUTH_IDENT;
+ opt.basic_constraints = DFL_CONSTRAINTS;
for( i = 1; i < argc; i++ )
{
@@ -286,23 +317,88 @@
{
opt.serial = q;
}
+ else if( strcmp( p, "authority_identifier" ) == 0 )
+ {
+ opt.authority_identifier = atoi( q );
+ if( opt.authority_identifier != 0 &&
+ opt.authority_identifier != 1 )
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
+ goto usage;
+ }
+ }
+ else if( strcmp( p, "subject_identifier" ) == 0 )
+ {
+ opt.subject_identifier = atoi( q );
+ if( opt.subject_identifier != 0 &&
+ opt.subject_identifier != 1 )
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
+ goto usage;
+ }
+ }
+ else if( strcmp( p, "basic_constraints" ) == 0 )
+ {
+ opt.basic_constraints = atoi( q );
+ if( opt.basic_constraints != 0 &&
+ opt.basic_constraints != 1 )
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
+ goto usage;
+ }
+ }
+ else if( strcmp( p, "md" ) == 0 )
+ {
+ if( strcmp( q, "SHA1" ) == 0 )
+ opt.md = MBEDTLS_MD_SHA1;
+ else if( strcmp( q, "SHA256" ) == 0 )
+ opt.md = MBEDTLS_MD_SHA256;
+ else if( strcmp( q, "SHA512" ) == 0 )
+ opt.md = MBEDTLS_MD_SHA512;
+ else if( strcmp( q, "MD5" ) == 0 )
+ opt.md = MBEDTLS_MD_MD5;
+ else
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
+ goto usage;
+ }
+ }
+ else if( strcmp( p, "version" ) == 0 )
+ {
+ opt.version = atoi( q );
+ if( opt.version < 1 || opt.version > 3 )
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
+ goto usage;
+ }
+ opt.version--;
+ }
else if( strcmp( p, "selfsign" ) == 0 )
{
opt.selfsign = atoi( q );
if( opt.selfsign < 0 || opt.selfsign > 1 )
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
goto usage;
+ }
}
else if( strcmp( p, "is_ca" ) == 0 )
{
opt.is_ca = atoi( q );
if( opt.is_ca < 0 || opt.is_ca > 1 )
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
goto usage;
+ }
}
else if( strcmp( p, "max_pathlen" ) == 0 )
{
opt.max_pathlen = atoi( q );
if( opt.max_pathlen < -1 || opt.max_pathlen > 127 )
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
goto usage;
+ }
}
else if( strcmp( p, "key_usage" ) == 0 )
{
@@ -326,7 +422,10 @@
else if( strcmp( q, "crl_sign" ) == 0 )
opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN;
else
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
goto usage;
+ }
q = r;
}
@@ -353,7 +452,10 @@
else if( strcmp( q, "object_signing_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
else
+ {
+ mbedtls_printf( "Invalid argument for option %s\n", p );
goto usage;
+ }
q = r;
}
@@ -376,7 +478,8 @@
strlen( pers ) ) ) != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n",
+ ret, buf );
goto exit;
}
@@ -390,7 +493,8 @@
if( ( ret = mbedtls_mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_mpi_read_string returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_mpi_read_string "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@@ -409,7 +513,8 @@
if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@@ -418,7 +523,8 @@
if( ret < 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@@ -441,7 +547,8 @@
if( ( ret = mbedtls_x509_csr_parse_file( &csr, opt.request_file ) ) != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@@ -450,7 +557,8 @@
if( ret < 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@@ -474,7 +582,8 @@
if( ret != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@@ -489,7 +598,8 @@
if( ret != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
+ "returned -x%02x - %s\n\n", -ret, buf );
goto exit;
}
@@ -503,7 +613,8 @@
mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->E,
&mbedtls_pk_rsa( *issuer_key )->E ) != 0 )
{
- mbedtls_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" );
+ mbedtls_printf( " failed\n ! issuer_key does not match "
+ "issuer certificate\n\n" );
ret = -1;
goto exit;
}
@@ -526,25 +637,31 @@
if( ( ret = mbedtls_x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
if( ( ret = mbedtls_x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
mbedtls_printf( " . Setting certificate values ..." );
fflush( stdout );
+ mbedtls_x509write_crt_set_version( &crt, opt.version );
+ mbedtls_x509write_crt_set_md_alg( &crt, opt.md );
+
ret = mbedtls_x509write_crt_set_serial( &crt, &serial );
if( ret != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@@ -552,55 +669,74 @@
if( ret != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
mbedtls_printf( " ok\n" );
- mbedtls_printf( " . Adding the Basic Constraints extension ..." );
- fflush( stdout );
-
- ret = mbedtls_x509write_crt_set_basic_constraints( &crt, opt.is_ca,
- opt.max_pathlen );
- if( ret != 0 )
+ if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.basic_constraints != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints returned -0x%02x - %s\n\n", -ret, buf );
- goto exit;
- }
+ mbedtls_printf( " . Adding the Basic Constraints extension ..." );
+ fflush( stdout );
- mbedtls_printf( " ok\n" );
+ ret = mbedtls_x509write_crt_set_basic_constraints( &crt, opt.is_ca,
+ opt.max_pathlen );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints "
+ "returned -0x%04x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+ }
#if defined(MBEDTLS_SHA1_C)
- mbedtls_printf( " . Adding the Subject Key Identifier ..." );
- fflush( stdout );
-
- ret = mbedtls_x509write_crt_set_subject_key_identifier( &crt );
- if( ret != 0 )
+ if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.subject_identifier != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
- goto exit;
+ mbedtls_printf( " . Adding the Subject Key Identifier ..." );
+ fflush( stdout );
+
+ ret = mbedtls_x509write_crt_set_subject_key_identifier( &crt );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject"
+ "_key_identifier returned -0x%04x - %s\n\n",
+ -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
}
- mbedtls_printf( " ok\n" );
-
- mbedtls_printf( " . Adding the Authority Key Identifier ..." );
- fflush( stdout );
-
- ret = mbedtls_x509write_crt_set_authority_key_identifier( &crt );
- if( ret != 0 )
+ if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.authority_identifier != 0 )
{
- mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
- goto exit;
- }
+ mbedtls_printf( " . Adding the Authority Key Identifier ..." );
+ fflush( stdout );
- mbedtls_printf( " ok\n" );
+ ret = mbedtls_x509write_crt_set_authority_key_identifier( &crt );
+ if( ret != 0 )
+ {
+ mbedtls_strerror( ret, buf, 1024 );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_"
+ "key_identifier returned -0x%04x - %s\n\n",
+ -ret, buf );
+ goto exit;
+ }
+
+ mbedtls_printf( " ok\n" );
+ }
#endif /* MBEDTLS_SHA1_C */
- if( opt.key_usage )
+ if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.key_usage != 0 )
{
mbedtls_printf( " . Adding the Key Usage extension ..." );
fflush( stdout );
@@ -609,14 +745,16 @@
if( ret != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
mbedtls_printf( " ok\n" );
}
- if( opt.ns_cert_type )
+ if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.ns_cert_type != 0 )
{
mbedtls_printf( " . Adding the NS Cert Type extension ..." );
fflush( stdout );
@@ -625,7 +763,8 @@
if( ret != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type "
+ "returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@@ -642,7 +781,8 @@
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! write_certifcate -0x%02x - %s\n\n", -ret, buf );
+ mbedtls_printf( " failed\n ! write_certificate -0x%04x - %s\n\n",
+ -ret, buf );
goto exit;
}
diff --git a/scripts/find-mem-leak.cocci b/scripts/find-mem-leak.cocci
index 5cfe452..8179e2b 100644
--- a/scripts/find-mem-leak.cocci
+++ b/scripts/find-mem-leak.cocci
@@ -2,8 +2,8 @@
expression x, y;
statement S;
@@
- x = mbedtls_malloc(...);
- y = mbedtls_malloc(...);
+ x = mbedtls_calloc(...);
+ y = mbedtls_calloc(...);
...
* if (x == NULL || y == NULL)
S
@@ -13,8 +13,8 @@
statement S;
@@
if (
-* (x = mbedtls_malloc(...)) == NULL
+* (x = mbedtls_calloc(...)) == NULL
||
-* (y = mbedtls_malloc(...)) == NULL
+* (y = mbedtls_calloc(...)) == NULL
)
S
diff --git a/scripts/malloc-init.pl b/scripts/malloc-init.pl
deleted file mode 100755
index b7d6fcf..0000000
--- a/scripts/malloc-init.pl
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/usr/bin/perl
-
-# Check for malloc calls not shortly followed by initialisation.
-#
-# Known limitations:
-# - false negative: can't see allocations spanning more than one line
-# - possible false negatives, see patterns
-# - false positive: malloc-malloc-init-init is not accepted
-# - false positives: "non-standard" init functions (eg, the things being
-# initialised is not the first arg, or initialise struct members)
-#
-# Since false positives are expected, the results must be manually reviewed.
-#
-# Typical usage: scripts/malloc-init.pl library/*.c
-
-use warnings;
-use strict;
-
-use utf8;
-use open qw(:std utf8);
-
-my $limit = 7;
-my $inits = qr/memset|memcpy|_init|fread|base64_..code/;
-
-# cases to bear in mind:
-#
-# 0. foo = malloc(...); memset( foo, ... );
-# 1. *foo = malloc(...); memset( *foo, ... );
-# 2. type *foo = malloc(...); memset( foo, ...);
-# 3. foo = malloc(...); foo_init( (type *) foo );
-# 4. foo = malloc(...); for(i=0..n) { init( &foo[i] ); }
-#
-# The chosen patterns are a bit relaxed, but unlikely to cause false positives
-# in real code (initialising *foo or &foo instead of foo will likely be caught
-# by functional tests).
-#
-my $id = qr/([a-zA-Z-0-9_\->\.]*)/;
-my $prefix = qr/\s(?:\*?|\&?|\([a-z_]* \*\))\s*/;
-
-my $name;
-my $line;
-my @bad;
-
-die "Usage: $0 file.c [...]\n" unless @ARGV;
-
-while (my $file = shift @ARGV)
-{
- open my $fh, "<", $file or die "read $file failed: $!\n";
- while (<$fh>)
- {
- if( /mbedtls_malloc\(/ ) {
- if( /$id\s*=.*mbedtls_malloc\(/ ) {
- push @bad, "$file:$line:$name" if $name;
- $name = $1;
- $line = $.;
- } else {
- push @bad, "$file:$.:???" unless /return mbedtls_malloc/;
- }
- } elsif( $name && /(?:$inits)\($prefix\Q$name\E\b/ ) {
- undef $name;
- } elsif( $name && $. - $line > $limit ) {
- push @bad, "$file:$line:$name";
- undef $name;
- undef $line;
- }
- }
- close $fh or die;
-}
-
-print "$_\n" for @bad;
diff --git a/scripts/rm-calloc-cast.cocci b/scripts/rm-calloc-cast.cocci
new file mode 100644
index 0000000..89481c0
--- /dev/null
+++ b/scripts/rm-calloc-cast.cocci
@@ -0,0 +1,7 @@
+@rm_calloc_cast@
+expression x, n, m;
+type T;
+@@
+ x =
+- (T *)
+ mbedtls_calloc(n, m)
diff --git a/scripts/rm-malloc-cast.cocci b/scripts/rm-malloc-cast.cocci
deleted file mode 100644
index 9337dc5..0000000
--- a/scripts/rm-malloc-cast.cocci
+++ /dev/null
@@ -1,7 +0,0 @@
-@rm_malloc_cast@
-expression x, n;
-type T;
-@@
- x =
-- (T *)
- mbedtls_malloc(n)
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index f7826d4..d4aed67 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -12,6 +12,7 @@
## Tools
OPENSSL ?= openssl
+MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
## Build the generated test data. Note that since the final outputs
## are committed to the repository, this target should do nothing on a
@@ -30,6 +31,7 @@
#### Generate certificates from existing keys
################################################################
+test_ca_crt = test-ca.crt
test_ca_key_file_rsa = test-ca.key
test_ca_pwd_rsa = PolarSSLTest
test_ca_config_file = test-ca.opensslconf
@@ -67,6 +69,330 @@
################################################################
+#### Generate various RSA keys
+################################################################
+
+### Password used for PKCS1-encoded encrypted RSA keys
+keys_rsa_basic_pwd = testkey
+
+### Password used for PKCS8-encoded encrypted RSA keys
+keys_rsa_pkcs8_pwd = PolarSSLTest
+
+### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which
+### all other encrypted RSA keys are derived.
+rsa_pkcs1_1024_clear.pem:
+ $(OPENSSL) genrsa -out $@ 1024
+all_final += rsa_pkcs1_1024_clear.pem
+rsa_pkcs1_2048_clear.pem:
+ $(OPENSSL) genrsa -out $@ 2048
+all_final += rsa_pkcs1_2048_clear.pem
+rsa_pkcs1_4096_clear.pem:
+ $(OPENSSL) genrsa -out $@ 4096
+all_final += rsa_pkcs1_4096_clear.pem
+
+###
+### PKCS1-encoded, encrypted RSA keys
+###
+
+### 1024-bit
+rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_1024_des.pem
+rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_1024_3des.pem
+rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_1024_aes128.pem
+rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_1024_aes192.pem
+rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_1024_aes256.pem
+keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem
+
+# 2048-bit
+rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_2048_des.pem
+rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_2048_3des.pem
+rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_2048_aes128.pem
+rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_2048_aes192.pem
+rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_2048_aes256.pem
+keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem
+
+# 4096-bit
+rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_4096_des.pem
+rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_4096_3des.pem
+rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_4096_aes128.pem
+rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_4096_aes192.pem
+rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
+all_final += rsa_pkcs1_4096_aes256.pem
+keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem
+
+###
+### PKCS8-v1 encoded, encrypted RSA keys
+###
+
+### 1024-bit
+rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
+all_final += rsa_pkcs8_pbe_sha1_1024_3des.der
+rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
+all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem
+keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der
+
+rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
+all_final += rsa_pkcs8_pbe_sha1_1024_2des.der
+rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
+all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
+keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der
+
+rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
+all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der
+rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
+all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
+keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der
+
+keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128
+
+### 2048-bit
+rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
+all_final += rsa_pkcs8_pbe_sha1_2048_3des.der
+rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
+all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem
+keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der
+
+rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
+all_final += rsa_pkcs8_pbe_sha1_2048_2des.der
+rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
+all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
+keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der
+
+rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
+all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der
+rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
+all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
+keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der
+
+keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128
+
+### 4096-bit
+rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
+all_final += rsa_pkcs8_pbe_sha1_4096_3des.der
+rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
+all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem
+keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der
+
+rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
+all_final += rsa_pkcs8_pbe_sha1_4096_2des.der
+rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
+all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
+keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der
+
+rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
+all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der
+rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
+all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
+keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der
+
+keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128
+
+###
+### PKCS8-v2 encoded, encrypted RSA keys
+###
+
+### 1024-bit
+rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
+rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
+keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
+
+rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der
+rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
+keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
+
+keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des
+
+### 2048-bit
+rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
+rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
+keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
+
+rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der
+rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
+keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
+
+keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des
+
+### 4096-bit
+rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
+rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
+keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
+
+rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der
+rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem
+ $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
+keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
+
+keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des
+
+###
+### Rules to generate all RSA keys from a particular class
+###
+
+### Generate basic unencrypted RSA keys
+keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem
+
+### Generate PKCS1-encoded encrypted RSA keys
+keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
+
+### Generate PKCS8-v1 encrypted RSA keys
+keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096
+
+### Generate PKCS8-v2 encrypted RSA keys
+keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096
+
+### Generate all RSA keys
+keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
+
+
+
+################################################################
+### Generate certificates for CRT write check tests
+################################################################
+
+### The test files use the Mbed TLS generated certificates server1*.crt,
+### but for comparison with OpenSSL also rules for OpenSSL-generated
+### certificates server1*.crt.openssl are offered.
+###
+### Known differences:
+### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
+### as unused bits, while Mbed TLS doesn't.
+
+test_ca_server1_db = test-ca.server1.db
+test_ca_server1_serial = test-ca.server1.serial
+test_ca_server1_config_file = test-ca.server1.opensslconf
+
+server1.csr: server1.key server1_csr.opensslconf
+ $(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new
+all_final += server1.csr
+
+server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
+server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
+server1.der: server1.crt
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += server1.crt server1.noauthid.crt server1.der
+
+server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
+server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
+server1.key_usage.der: server1.key_usage.crt
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
+
+server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
+server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
+server1.cert_type.der: server1.cert_type.crt
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
+
+server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@
+server1.v1.der: server1.v1.crt
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += server1.v1.crt server1.v1.der
+
+# OpenSSL-generated certificates for comparison
+# Also provide certificates in DER format to allow
+# direct binary comparison using e.g. dumpasn1
+server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
+ echo "01" > $(test_ca_server1_serial)
+ rm -f $(test_ca_server1_db)
+ touch $(test_ca_server1_db)
+ $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@
+server1.der.openssl: server1.crt.openssl
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+server1.key_usage.der.openssl: server1.key_usage.crt.openssl
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+server1.cert_type.der.openssl: server1.cert_type.crt.openssl
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+
+server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
+ echo "01" > $(test_ca_server1_serial)
+ rm -f $(test_ca_server1_db)
+ touch $(test_ca_server1_db)
+ $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@
+server1.v1.der.openssl: server1.v1.crt.openssl
+ $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+
+server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
+
+
+
+################################################################
#### Meta targets
################################################################
@@ -74,6 +400,14 @@
all: $(all_intermediate) $(all_final)
.PHONY: default all_final all
+.PHONY: keys_rsa_all
+.PHONY: keys_rsa_unenc keys_rsa_enc_basic
+.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
+.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
+.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024
+.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048
+.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096
+.PHONY: server1_all
# These files should not be committed to the repository.
list_intermediate:
diff --git a/tests/data_files/keyfile b/tests/data_files/keyfile
deleted file mode 100644
index f54d47a..0000000
--- a/tests/data_files/keyfile
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDMYfnvWtC8Id5bPKae5yXSxQTt+Zpul6AnnZWfI2TtIarvjHBF
-UtXRo96y7hoL4VWOPKGCsRqMFDkrbeUjRrx8iL914/srnyf6sh9c8Zk04xEOpK1y
-pvBz+Ks4uZObtjnnitf0NBGdjMKxveTq+VE7BWUIyQjtQ8mbDOsiLLvh7wIDAQAB
-AoGAefPIT8MPpAJNjIE/JrfkAMTgsSLrvCurO5gzDBbxhPE+7tsMrsDDpuix3HBo
-iEg3ZbzV3obQwV7b0gcr34W4t0CMuJf5b5irHRG8JcZuncmofDy6z7S5Vs75O85z
-fVzTIuVUyuHy1rM6rSBYKfsMLVyImUb4wtIXEMHPzdCL9LECQQD3ZfgGqudMWq8v
-3BlKhsQ4fsR0vxzNlMZfoRrZzcvBT339Bp1UQ8aUo8xBtHiRwuW1NaPNgYKX6XQ6
-ppuWuTiJAkEA030i493KnFPLRwWypqF/s6ZNlVye+euFN5NF/IeJcvb/GUDRYv9O
-pRozRS1jNx4ZB1K2xT7N9MwsPHD6j6K4twJBALdfHTfT9RzjGnae7SAQQ+CcFYFz
-JiY6386B2yUVJLFj+j5RaMvMcKQ7xGnvGm7vxtNJrt/j3qg6oavXUfulzgECQQDP
-CEVLhCd/+ZeZoz5MWPTGTRrOCKmoRqNW0FlG6PfpD1qSwh04KG44uflO0yu5HUGr
-JZG+bcj4x5bWZFMkoUrpAkEAyEgQzesKFqcbt1cqv3pLXJYQBBw6leFXgHk11a7k
-+AkexhrPYyq/4tXFO2TLk2hs7tpYgNDOqZCvEu7jtN3RuA==
------END RSA PRIVATE KEY-----
diff --git a/tests/data_files/keyfile.3des b/tests/data_files/keyfile.3des
deleted file mode 100644
index 638c19a..0000000
--- a/tests/data_files/keyfile.3des
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,BE8274D6692AF2A7
-
-9ZXjoF55A9XgJpdaWmF/ZL1sJfbnE1M42N7HHRDwpq1/K+afC9poM0/AdCUbRL7w
-uvQERievbAYpNeLdah1EftM6033e1oTxUMivdL4orDKcbb3qDpSQ0o0UbjavbT+d
-aruilW8zVP4dz3mYMvGbkgoujgzdT+4wM0T1mTTuYcRKQsHlg7QDy2QrBILNuXA4
-Hmye4GlSXVUSON8vPXT12V4oeubEIZVlnkLTRFGRVA4qz5tby9GBymkeNCBu+LCw
-JwJLTbQwMFqozHvioq/2YBaHDcySpTD4X5AwrCjifUNO9BnLWLAmt8dOWr0z+48E
-P/yWr5xZl3DrKh9r9EGb9xbTxhum3yHV7bvXLoUH+t9gowmd4Lq3Qjjf8jQXle0P
-zoCOVxwN1E1IMhleEUPV7L8mbt26b0JyvrSS5ByrXahGu9vGQyy7qqx9ZANkzgXF
-3hPMDuzQXMJiUeG92VsMEdGdA1/8V5ro+ceB5c7Zca5MjMzvx2tihda7BUjj6dSE
-cA8Vvksy/NX/nqHSt0aSgphvBmZP8dN6GMcZ+hT7p0fhCq4mSFEykQqueKXiFUfz
-0xCUVZC6WzOoEkc8k7xiLWQDlsZZ13Z4yxU1IxJp7llZXpZ8GkwS+678/Nx8h54A
-mv5ZlSFWWQrvN5JPQJka7aU2ITu1LUK6mXBu+DoSDOfQuqR4vQytkjOqHK185iHs
-JQtBGkFFdElkWgubPX/S8/xxoT8MoQY/c+dr6iwcswyUnSJXh32KLPGNBoqWCCbY
-jp/VYmeb117gNpEJKJhcNbrP7DoQrC3/D7JFXnOvTA/z6FOtUmz0rQ==
------END RSA PRIVATE KEY-----
diff --git a/tests/data_files/keyfile.aes128 b/tests/data_files/keyfile.aes128
deleted file mode 100644
index dd7443f..0000000
--- a/tests/data_files/keyfile.aes128
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,B5FA3F70C2AF79EB9D3DD2C40E7AE61A
-
-iyfOvvyTPPR7on4XPFxu6CoCgTqh88ROlslM+RLJhwM/qGexbgDOzeI2CPf4XfzI
-tyevKD/pqCaCMesYJh/HDQCILdW2tGbwzPajg72xkfCD6+1NHOGoDbdQN8ahGVmg
-flAYU0iXDMvqs/jnucM7nlTGp8Istn7+zd9ARyrkQy+I8nvMh3chGKWzx/XtJR+z
-Iv8p+n/o+fCHzGvtj+LWYeUc4d0OTIjnF6QPTtPOexX28z0gXRODT/indgifNXv3
-j45KO2NYOaVTaCuiWIHj7wWBokoL4bCMFcFTJbdJx5BgfLmDkTEmB/6DEXu6UOsQ
-3lPzyJhIRxn7hNq2I47TzSAFvmcXwm84txpxtSwHTcl9LgsyIiEMmHv3lPPE1G94
-F5VrCzzFHyU7nFRdUC0mqLrCHcjDn5O4SQWfH7J/7G4OArU6lA4Z2NC03IPxEmsQ
-66Fu8GdMbmtFORdlZQtOjLi3zZwN9+NwhiUrNNdVvGNJIjIcZ4FZRZysbt7++hfQ
-/JOAKhVNC8dNROJUleEYIiqx23e5lze6wqcIosziq3tb6/SQ6fH533D8+PpcZKsC
-IlWKAQzsNV+nJvt7CI1ppWc6CtV7TKn0scZm2oOC4339gdR5xzxXe9EJDsMBpcg9
-drIdBr+3UxeC6Lc/rWM7IjSQ2YULBra3toEF6UYevngXdUD2YafrpoY5rK9IH90G
-Hjbf65IaHLTS0jA7lAvJsQEBuULQQoWENOjhp8v+UfkNM2ccyOuUk3xZJNeX19YP
-1Z09UMEKbf6ucoRCc01SBl206OAsq1NZEaodszT+mDg990I/9ACVi3LEU6XB5ZVs
------END RSA PRIVATE KEY-----
diff --git a/tests/data_files/keyfile.aes192 b/tests/data_files/keyfile.aes192
deleted file mode 100644
index 96702d8..0000000
--- a/tests/data_files/keyfile.aes192
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-192-CBC,72F869F41B989D71730B2983448251B8
-
-R6ST6H9oUyFWBavUO++azbn9ga87lgeuqNMVVScOcXjguqQZdnuZq9AzwQQETEv+
-ZbVPL9w2isuXKoavaPxYyCXbZ+l6JRfWiXi6CmnfNhx4MgYpbH9BEqGbIVxA3fvu
-zFutqi+Ru6QeERshDNke6HfFjJ91WkBjNjrXcfDmt0uRGqFSWd5DSEniyaPmxCYs
-mpRwr9XESFiBkCHL+/iSkW0EZBjwHW0//RNsZKtuqVJGW/dZhDxerOGRl0a1oWkb
-IvfED7afrXMlpHokMwtUduk2TBE1AoczZ6Dv7RZGipaBR4yb9kYgIkiqFk53lg5h
-7b3WQt6TYECI7X3Q2rDgPQtUChVud0uUQYmQ5328HRE8zhlWxHGmTQMWVBW6X+FM
-ikFLRUeYBeq0UJu20DmvklZV6iDxsULLu+Rb0b8NkT+V2feSXbrP976oCSUznvT6
-3e2EOH+KAqMy5JZhTsjM7HtkleMwYQ9v+Wnbnn1OsB9drYWUJuhQeXt6v8dkm/eD
-9m6dZzivc/h1UThIuuZPo+6S7FoluIlt5uv2UcnYYdYOgKSd1Vm0wztGaJn3CSGw
-JEbebucr+5ptOHxflV5Txgnfj63sJyVd/wy0T8sMRO2znk5uVLWxf855fNXev9M3
-gA3+MXC2eGaR9DYOxfakFRwL+Z30RlIktaqDK76BZRD4sWB6dIVw5JdCXpNMCuDH
-dxlTKcP59uPAEB2VyhDvm5CN3T+bM2K6WDZFO95hKKfEk5ea/UB7DA2ucfovdayE
-Hd46EUKC4/cdUFiSycgD01ztdda7hU7hFvOkHTK7O3G1yvEwH0+jxKNsudNfbbxc
------END RSA PRIVATE KEY-----
diff --git a/tests/data_files/keyfile.aes256 b/tests/data_files/keyfile.aes256
deleted file mode 100644
index 5df09cf..0000000
--- a/tests/data_files/keyfile.aes256
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,53572EEEE794948AC48CB0E077CE075A
-
-p0YobpQmzHb3NgGlojpYoH+G5f1XX9snYv2GQe2tGTBQpoHh+ivHcOt85EZu9pC1
-1KRdALEwp7Cb4RYeQncV9Bfp5rItupS1TwfgKAlp7Plmb4vDcDVw+KL3PaYn52Bd
-qq5USLxCvKcl91hZXzitttH072lEj2MzW2QpX2/1hCRPgMDu9PJlBX2S+GOaYP+9
-sTWTCc1yvHMW4XGEM4P4yfRg9EOTxU5gIYWUE2JqmEGd+9I0hK2YevAPLNKHxzpy
-klCCBYqDplcVT5zEyCmdiBHIjzodlFuocZC8ncinVnsuJvpTeMQ+zOZ5rao8xm2j
-uCnnVRh7yZktfsf5B/ZKBMGyPYRyKN4CCYhF0GzbehTvBirgDELq4LHyDdnnOTwU
-YJiqo17x6S4FVNq6AubADVAbCOMFyfr+TFshI8spOwqfGFFDs8/WWL5OnBS85Pd1
-dgoqwzJAt55GyDUbGnp6hUFl9g96nvV3sE6Xe4xVE2Cpf1BtUl9Dt3UrrDrbS0dk
-pKxl2FA2H0BVKtfNBHXvWkORi+v+XZl34rZZ37B8snYIN2aOqLuvyM4fd1EabkyG
-ymMEUHJcrc5zl/7IECaHrCahqZIsLpLhGTd0MMGrkGSvRLiY5nQ4MN5tKI0fUw0S
-5KIjOA6ZX5nvh4rYgQcgN7K6dXNA2hOj5256Vv0HVwXsVhQFmCGnuo+h8XxudRVH
-RuIUaTUtl29a/2nPTzXB6MNZe7Wol8EkzuYEgyaizKr7nO0J1umg+lj7ipX/80Ji
-3ADi0yL4F831LsdAiTY60Lu2e3WABleZsvuLMWSodb9WzJXknsnFEDLGOM+HGj8Q
------END RSA PRIVATE KEY-----
diff --git a/tests/data_files/keyfile.des b/tests/data_files/keyfile.des
deleted file mode 100644
index f232305..0000000
--- a/tests/data_files/keyfile.des
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-CBC,F87FE1C0FB9B3E77
-
-1NbOyRx5kBWeXy93eCXyidDpR3pbfgGWIIgXVCVE4/ZXgEt14A23YndZeI5OSxvG
-JWhqZ+VuiRsxeKAjo+xf4bnKLArvbshhzUKCEVsCP1d2d1xfgjsnyr8tqNiJE0F6
-7Nimjcrpw/udCk2RBVyshN9kiPBbnA+XUdOHfEnbdkqDsS5DGjq7H1kBZuHhTQa8
-Xv6ta3kbI1BGiqKDhH2H9iJlZMwpVQuJs+HqcqNEhsPm0V4kp0S3PZMbYVKpEtDO
-vh9CHprQy/nlHfq7ZAs9/2HN4/OT/5kw4JM9qQy7eo/6FX2yh39Lyz8u7PXLaVgM
-pwOiFb+zvegYts5aCXyM1nBUu9NFPDQNDytjXOhbWL0hEr1RzgK67f5QYIxWgGCK
-St4moIn7J5BifViNdp7j/RXCoCmda3Zv5PiRw83yScSlzgDdTNpm/70jp8pGSxEn
-Ib768zYEcYeeKyPar210Nh9abySPpkFFaujN4do5wujboC0VPz73M6eTeZ6iOUgR
-cX9WwkfRj6G6VQfM6xAZdOkQ2cj6M4YRze1RKLhqo0+gre76FLn8Kzf/Hjrp/0iy
-0flr/6BwLxGV49vMUCesJ9oqE/frru9Y89cOwbgcHxKJ24Oz+64OUPyeSxDMElZ8
-lXiNk3aBEuLdBOKJ8B9kyKuxNqwDoqhCsrc77Gjio+q24w+G2+KAzBEup4S9cYgp
-FiSvK8sizKINfE14f9HA60MJJzyEjTUuL7+ioL7xHGtIkdWbs/Qp7KxliH6qoIUv
-VUsT6VS1nWLDyTyMbcjMx1odRsWrLwLqIsvNIcGGwe+P4sm4LivNnQ==
------END RSA PRIVATE KEY-----
diff --git a/tests/data_files/pkcs8_pbe_sha1_2des.key b/tests/data_files/pkcs8_pbe_sha1_2des.key
deleted file mode 100644
index 4ae7aec..0000000
--- a/tests/data_files/pkcs8_pbe_sha1_2des.key
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIE6jAcBgoqhkiG9w0BDAEEMA4ECJUO+jJnTjpKAgIIAASCBMi9QFFLgKGYOSDR
-0zyRMc87RkrvSlyRi8BibyKvTNEDq77jTr6ZEuOF1OeZ9fvdZwJeI4GkTeKkWqTw
-XDjWATXHbgTX82I3T8R2iBnv6Za9uaFDtDH5gbUYSrSNzMaoyS90hc9PTJ2+TG/Y
-xUe99kSvzbhAatVQE+0TWpgH+8oACRvGelnHWofw4/CKJXJctUO8l6LdhLht1kwd
-YXNX0xjxpY/eLGlsUaiDBdb0D9WFjdi4fcZ46IHspqTfBUhYbpDj8IQT1vjH6yjm
-cPNPstEeyfFnirvgFuHg9LXTH0cf0mJgLzgiclgRVEOel87Lei5icEFI4hDAzWna
-s3YiTijc926mD5AqQ55QXPN9v6b/uAV1QyKenoYzIWC3Y4phTTeApCyV44f9oMMD
-wzcYWMZoHzEIiZj/iiCF1uOSamIjunCmpiBXTI7OGXbxXvSSJ3aU9nJHqVT88/ke
-nj//EzWVYAjMdNYl0bOsWoIONl3eEEnLaUrOYOTVMxGac6yy/oIKR7GP0R26N4V2
-c434y0aQpn6opT+JYa83N1RwES2/NxwrHs4pcx2WShbTjg1Cw1XMHk8nQYNnM4oJ
-kXWyns/k1Bay/SXgpl2NRsoWzxCR7BavB2mRcyMz3djbOYscuT4QwpB/Wf6kr6pN
-gszegRtwLmVBehwvGJwL2SEx2CDHvJNhvoD7vbNiWeTFo1wW1wF4aE7p/Ee7gSRX
-z14OC8NSbuYV660ntNQ9LB+Z7NDT2d6JTjSnhQHxxLBwy3OnM2/vu0eCd/5+MGjN
-C4svgFsAH9qnT1VQTzmpwGBJAbD29CVvUUeBF3+up+Mr+IQU9OWWEtUZ2Fm29gs4
-j4azYJUI4+RLw75yNLVgxS5r4Cc4cKGB/P7qVqdH2CmjrEk0jxyTFT/PE3Df1cz9
-F8eEprdml2ktrlQ3gCD9fw0kXBsp5vwecpQDS3r2v980vnMxb5Cm7kMTMFb4/hMY
-z1yaDkarkSHQk3qFYtO5DkEUXhF6fwATyqOgJYwcy/9ynzItqgbsCIYMjpXF7Yww
-FNa/GQlqIbYRCd4KT64Ahus7I00vVS3b3glcC+KlDkwCJJ0M+glzHrJs3L+PiJMi
-gm+YT/5FuSqJZ/JI5QP7VMovqSLEw6y6QQHSBCOxh/CGhAL/BZ9A9afvPTRiI9OF
-fyxAaf8KH1YPI3uKIuDcms0d0gJqQoDmLafdfggd6dwuLF3iQpDORgx80oPbjfl1
-FEbU8M5DqiH+eOxgEvIL0AhMnPa4mv1brVdlxS3CyojnqxPfecXyEXrhEYJWJdsF
-aYKR5bU1bY990aN6T3EDRblmHs25Fc328xS2ZJkHNxcJDruwi4EFpQVT+fukOz00
-hOW2BEMFJLRflE+372LNIgSRVNI536YhF8r4r7O1jrw9McX3hzbJGAtcsXqyIO/k
-hxC3x5ViqgZbDYgHz/CJJfP2RC8spp2RbZ/uDJu2YI8z8s9OXvcYv0EQmBAJxdt/
-lyfkzEr/n8oRtDIkrq7lR3rjMUz7AbCfNJpqrEBFol9+qH8+jnmowL8LWBlh0v/A
-pc3qWIulXOR1pbwXyAELo8wGhnJWL4WmY252S3i0Jn8Gf2kXewMRJsixStairjWD
-1m0wWUVGSm5CO8Rfon8=
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.der b/tests/data_files/pkcs8_pbe_sha1_3des.der
deleted file mode 100644
index f2ce029..0000000
--- a/tests/data_files/pkcs8_pbe_sha1_3des.der
+++ /dev/null
Binary files differ
diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.key b/tests/data_files/pkcs8_pbe_sha1_3des.key
deleted file mode 100644
index f9c11ad..0000000
--- a/tests/data_files/pkcs8_pbe_sha1_3des.key
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIE6jAcBgoqhkiG9w0BDAEDMA4ECGhNuQogiktrAgIIAASCBMhfcb+Jt0YOgGni
-IWnwmmtYT6Nvina/j3FCGzcHCDyUQDqh1rPUtZnmUdM3fyEGlUJdX9wmHh3gUkWx
-JE00QMzYDQsUbGrt8H3rCQ+aXegCicXAyBgDh0YUhO7bWmgJNSvZOduIeCJ81mnb
-xtl3CGgaYVOWspr458crtvn1Hlhq0EGs54EUHWBE89PHNxokGHqkFQcdp7QHO9Zm
-ZvjTn+kR0K5KQbeQwMf3LcboueDV71ueUZsHlTSZ5Qs7WZORRzMBoo2SWV+Mh7U/
-yAQv4i6CMauVifVqTMbLtfdTyZCts3N57sGstyqIruE1Jwg8m3i+cV/QIh9Fcgo8
-R+snSlbOZMzCpUIvcuVkEMBP8+89/BtIabXL8SoTsD6v/f/YJfcw9qpOH+AoA3JG
-UZT+0VxfIk0JUkX8QvM2qMQYY9efX+Dq+N0ODS1vsdP43pKxowOQlQUPKOsqoDch
-IXW9qDD3uV+clg5L6BqDbX1O98oegcg6L24ZK1yKVzotiTj/eaZVpzTtrNYzWB0+
-qO9FTwLqOmIRcduKKu5zctC7QlpFY3U2ikbkYpPsam/9GSXVe0LuMRLleiMPQUdU
-ZJlkZr221OGq5TVhyJ6zEwud26wExB16tLU26ZvEFwExoUPboH/UQwX8L9vd8BKp
-a32u35n5MOn+54Rfa4qfpU+uLB056CCKL8PwVLN9Xzeg+gJLfWqwEalPmSsylakO
-7+suOGaUKy1a/uszD97dKk3Abwfoyb0qvbdF131GR04NYIzkQl72CBlxuWqVUt9o
-pmwsUDAzwoJWi0sKy0dTm3KZHLJ+3OMIydod3beS9uS6Yro6NJBN5EPw3PoByBF5
-DUkOfW6tV0dlHyXOuwU+JzBd4iwJgO53GVPAap8a/eOGgNCiw72gYM4lcHnwShL0
-/v969VqntPXb7YF1hMs6ef3zTmLEB4xaXcARynnNkZnpQppxSPeHeXU+KxZCjkLE
-brzHFnUMr8UJOyra3C/iXfi/OKJcBIURc3oY29Q45GBcV0s/W3n8TVF4qEqtbv3c
-NbEmgcdzLGA28XiuyUH+pLxK3qP54jlqhd22q5qoN/gz4MKG+hJMMcO00Hj7+4Fb
-fnxxGE5far3zjHLaxfnRKIfseU9DrQVh6gTg8ibe0kdoUXrptIb51eRcukE7s/yc
-01Play8GYik4x+kcNAmQT29EslB/3RcrWH3tZExJjjDaC+Ty2atCMmlLGxt7VHOa
-C3k0QHYSE/TULBldB64S1vVFrZgzLFTlXKGm38mOGCG3t/lQQDTo3IAp0YE+atM3
-VG6ON3SSU0QRP1aEkZY8t9rf3+/J8Nl8oF4kF9ISzLNhlR/KJlNkmDvG/ic0skJK
-KYezuuYH8/eEr9ZFfBsb9mRsFCM9iBZl/XqebCCC5/kfXzL/Hpp4f0L7DH4C0f6L
-LbMCFhvsCNGh+1pdIjN9hbAkv/r2NN8+MaY2xFk0ukLfKgpLp0EfpkkcM0EZcvFn
-j1JpB7rshCLj4PzM77fLh99H4cffL2qyzXqFF2Y7iW28bW/RQFxYwpyEnowrcRH/
-11Qi525SdKWRkb9QlTJqFI6wsWe5kmYO/kDqGUpGPGK8+XTRTFjTci7NPLqN+s0w
-Z4/b5SMVucBKq9sUm6g=
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128.key
deleted file mode 100644
index d475ef4..0000000
--- a/tests/data_files/pkcs8_pbe_sha1_rc4_128.key
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIE4zAcBgoqhkiG9w0BDAEBMA4ECCLhzdwnOXIZAgIIAASCBMG8Wgfn++CFRl37
-FdQZ90pI+u37yj8v0kFd3rDaDMurEftf10gWwTbm8R8J0eK1edIAHQabkgsF83gD
-yrxKFp1zhHI1t65gPKHcirhx0t9XuClxAOzEme//iMaw/yf/IKYo9NRqyvA6BKHW
-2h3J4+JSGLSaCsRUyzhoL6xOzF+VX8zE8PI11TcqfJe7TGs/9G0Pv2XxFpfrG7pz
-nz5mkAYdckYHcu7+CQGJ09ZUkblV3MYKEEbq5xXEo4Kku/n1YNrh6BEWMLo5XgOU
-YIAkzhSfnbTt6QrxM+90b4qwk5amrC4w1jUu73ZzaBQs7fhx01pR2y3zTPBD2Dpk
-G3iLprgEFqsoGCCOqqqEiEF/xDREZEPW0es2RruQ9Tn14LbgTj5XVFI/wBcvp9uZ
-pjS5chC0/CRbGcRi47A9vx9bjgwiGCDpxx0/Kn68uFCaCeGOAQ687XxAn1UHmBD3
-esjjb7S16ld9rSKV0oXWugUZKFdoq87AHY8Njhin++biuAEfySu3iH5ajzZV9dEj
-6JHVwotuL2diVu7NU8mIsfr1kCJoUxIAbWFvoglWNmTtaIBkc5ch+kUTsz9rDtSp
-lL9fT+wzjN7Q7lyRfIhNOheg2xF9huwF6mqnSlDfvwvEJ8NsQI9+CeooI2c1Zc0a
-Bh/vDvCzov8TE+1Ma8CnrbaM/aSZ0FIq6PcpWSBLXSDXbLwabEEOLoXQXogOZsc5
-0sz71l5c8jJPlzXxFYYW8CNuxTsUP+hN2oWvbmL5YLq8P+1tw68jcdbqhTqoqrW1
-pGEXd2iMRUfCTDuCM6Bn4iIN80qUqqBAuoTC+zCVHnI7+ygmovhf/ykfVzNaDSIW
-BkDsmZoH6bq3F9HpvOWggh0yK/l1b1E4PDQ6hq7qWNyJMyjYBJEbEdd9O3GW2qev
-3ARhb0yGulxYH/h3yp2mIfxL+UTfRMcUZD2SobL+phLR/9TMUi6IaHnBAF85snAb
-rbtAKCp9myFLwG1BujaQ18fKQFgcMjbJY3gLIz+3AC72irLSdgGti2drjP2hDGKp
-RITAEydZXIwf67JMKkvyuknVWMf9ri9tMOZEvohnU3bW4g9vkv89CUtCLWF8iejM
-fKIP5hjHOcKRLvvACFbgjYCPt8iPCcQckYe+FZI5T7zYsyQQ47fygS1f7MWZblPJ
-UKAm8jxWUyySvEzIMHkoZaHtC72OS/L3iCjJ7mkKSZKeCDAzSEJeeQcOl0klVCQ8
-0P+mXq5wtGakW9MKLhmsOjUIsyN2f3gCO0nESYhWD+3EKFLSW7ZsHbDmwqSDh6bn
-blFvlQd7cpfYFtlmbxZFcv/l2ijQWPHi93G/0VIhFHxI6LegKt00bIL5iwyF3NpW
-dNzuE69hweTSKvOPqRsRnWyGv9dVLIaQPwUS+eEfsGGNzM9rbty0j5Bw6KY/uDgt
-blTfN3yZBcyEsdPwyiVLdi65zMzN8g4VVQBHFhXWPa2N4gJQVq+6q9hQkgFFU7y3
-f8MX4BrKq8ifwWxsjL2FawcAoDcHUdCZjt/HZ+9/rL3iQvKeHbDbqu4kxlrE1FJn
-0LHIB21qZIo+6r3fdNMUFkuDRBT9eEh3Wxlg8G35FYCIiOuIwB2ED/Hdnqtnemxj
-kjRXU176HQ==
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des.der
deleted file mode 100644
index 75c5734..0000000
--- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.der
+++ /dev/null
Binary files differ
diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des.key
deleted file mode 100644
index a303daa..0000000
--- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.key
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI4W7G1sVqHJMCAggA
-MBQGCCqGSIb3DQMHBAjXOQ/kHb9EVASCBMg68SwrdD/DLeKcPtCkE36wHvrK6wi7
-CjwFv2U/gIfNCUNXBZPI4G7voL1XOLJ8h0WWqlEraHo7zYWI5Ky98SI6wOpDGDzo
-URvavOVT3Ry/QfLtt0GZvELmJb6qO2AcL1qIDULx4xXqb3rI29xR/xVaCkB8CGSe
-JxU+1TbJJG0UdVDm28dhO8J4qgBpj9N6M/e8K1TIu8ty6IkFPFumTN9zMV9VXRIo
-Ajr1RDIiFXCZ4ayEnja2RIZwi89rn/iC/QzfsqQFr5axw58wz+0/EfD/i79gKoOX
-jKBEwWN44LsxJW/ucy3pm7xRurwZvOQZIeZcecVVecAaHmCRFfq+VpSnU5iDZEDL
-0GU+CKXW+zDnuIfUc/lx7LWjFyqR12OviS2CdrkaTKSVBAEYCFQdGPCp51WoZMnE
-uaKkLp0y58e5J0mHx4kmk2saAacdO/YolHjkh5zNe1Z+sORwPEo4ruZY/+wem/TG
-KFQsVjH/jAsyQFsyXaOrQ4QyOwxw52Vz6b7vrffaTdnKlyvJTvebEbhNiNmt2Ni+
-wac/1VcedkMpUrNmpJyal6lzWrVQmW1Q9qBinxHeGnNHk2QWTGZCQCClxDTfPoE1
-HC85cD4h91eBV4fiQm/ML/WmaGAQGUiTlX5vESJG1pKYXGqv1cr1pj+MTjqfjApl
-KOj93yAvx4ss42onWe9DPOBojSMuIzEVZOeq7mt7QeNpN9unjsDVrvq/fmsvIBb0
-t5HFVX4JlZoF2sfrwP0jEkyHxlk0pZZc5rbwtVI601MolDzjTNBcYbUB0IUlIj9f
-mM35IAFWZtrXXv3k5ZRFQU2jB7DFP9zHWsai7quhhduvt498rNxiWu7YlAQfhaU/
-wVK+3Fca7AGrlQ8YmzV0uOwoTMvKbLNwiiIG6QsgWRhmOIwHdNlRvhaZl6ybRLty
-ppMaqlOgDu88/8SMCce8yBderXW/0QxCZjQ3gEDufqxjC2IelOfEbChMLIs6p+9B
-qaPtji3TxOscQZMD9g4jYXUawHSq55B/MegD5sfvTl3ql+qsQnleXDUz2gJ+MBlH
-Qp6HZMs2woAbvFyxAXSUeKAOZrnW1TmRNmj6SwtE9aPmMwSYxZtTukesl+CpzEqi
-BdBZia3Yxu9Z5694Cg1eXoPIir6u6svZA5OIpEIUDIUPnMmG9pjxQ1xK40vyjdMZ
-+9uAVdGX118nuwZ6Al4bfrPOOmwII2X1xmfFGG3rbVHVD9dIGJ1HGWPZio4F/eai
-kfSYHr0410JRAOvd9G4vrH6rq/zE5QcLCmXyH5W9vF3RJDAK4ArcaLF5RPY8slEJ
-NcZ7XTcKUc/Tg6VCMo3agozuzrxKCX5x6rvn0COYgdU3ozTO72dJlFQY2KpJP0n2
-RWWjdl2r7XYVRoQJd5XaZ3/mgJ7FtL42Rh6+vjEJLezWgUTo3B4Z0WG8WIp4wfAw
-d4qbAa4lVWtP++HZvIqOPaL+nZgFS22ygtoIVyYDj7lcqH9cdMsaMrZFAxisVQK2
-z2DnysfLg4dkdDuJjFUI07QUPwqjfRVKC8Mec45j9zrpuzu82zQ8Fub7ldtECsby
-oq0smBG1vd+ozMPnr3yvU7X7jaaM4toW+dG3OQxnUO2GyB/BAEamOB4CWWbKSfy1
-tfM=
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des.key
deleted file mode 100644
index f3a2d0c..0000000
--- a/tests/data_files/pkcs8_pbes2_pbkdf2_des.key
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIE+lx5z79hVACAggA
-MBEGBSsOAwIHBAjrWP2/SiR7cwSCBMgUgnI4/ZG3jidt8TZShsbKzxQ9bt9D1URm
-8FBTFMk8JRowaXZyM2fx1/vEUlvKHIwpytOYO42py0lDf2qdn8iIe+8V2GLpyGcL
-ifWGbDt/ctEo2jVgWT01q2PfUEirwTPTUaDR5KBjfMjGM5V5c58fnTQztAFaXFmI
-VNkiQCC6AKCbmlblEcjFGBlRGgV8sOWCW+JaR5iJNdT6PhVJzJiQrfR819fGSISj
-0N0Wqpj3VA8V9BeATZAjvofBCwRABDNsDqRhjgx7ZEVz8C6pNK7Ck6ZXEjXaWc12
-ZvkzjLuufZ5B7klvgLzfxEtvZbQJmrQddDXZP9ICykP6D8W87EqEgk8yoxeFioOm
-0/edj7AVZ3rxbxpUUHJUiYDLNXaZTksfYhL0ZsB3cEL8VofUa1K+66N/0TismNDR
-4KSIjuRausXf1WJ1oh5B18zvnl2jkzCpwISf58d7UeOny3/ZR38B71EuaXO4r21e
-BrG6fi9VewuUg1DHSYLIJErVcfNnVXHuT0EzPTjr0vdTUguzDUv4/YFcpEDk5jnQ
-xJshBegjbt5W5gY3GTVRlyWqGKyOska3e2u4Cf7tZtP0kyy38JHLkQQXgj6dxseT
-lCIipBDJX3gU7yJHMiX/OpLcJuEMakRrpWLrB0vezX9oW0weE/dFzZeiYyo2K/DI
-TIFiL6FDuLUqpcYjeB1M+wbqs0f5ndXThVYi2/j73z0dwCI1WwKZH/WOdTrjYKxi
-0oiLz7pHHaPoMRymWCKTwQhYnqiOXZIpfeOFcUY4JKDzgyKdvU7XLPnbt4yxOlJD
-yAzX0i+bJjYjuG45XHTS8too0GFG2h6VFvOYAQsiq1qOnxVqVUvYphZBSz7D8Vql
-lHXWp954AhpfUQK4mLJq/exjUIGIZb/QxbNWNv7mTMkBQxGJ6B/1Vjkv9KC04KLe
-/JMnEZD+Sw5n+5j8qS6f7YOfVJ+Hqm04M1S8cc7JD4qMufLW/RvuKyBLb3sCn0Ue
-D+uiTedxoJR8nm6yI0uZ4d9RpRreca0PPt0o+DhbrDWyqH19kafN7I6SrDSbBNUO
-wiGBbgN4Ur9rPbzapATA/X95y+Q3CFLe/wcMLcLHJ3tnRCUo17Fx+APmrAsyBiYd
-9ulUq5WcZaw3pEDpTqN+0832UOyjIwpLyVDLU5jgW04vbW41o2SW7fCa7/QxT94p
-4PEAYi2MltPYQKRO7EOh+iUOHEsc8UDb6x4i75BcKhuLwZ7nmrwzg8ZO+TWMuzYb
-McJ11aZ42hN9U5H65FQzaZhAAcOqxTffQXIdARGlfvr3lTRnO/RQbxyObEqGeMHP
-XlDzvIMdB6b0RG4EBfpDFUpWf3Mhx4AG3bGHPjUXXhNICCMDdI49d0lNJ3nkF0nv
-JsehmIOY2U6fQBEnZhn5D0rjU+nUlHvgKQKhs9yIym/K+KVUznJW4ygwFiKXysVq
-QGqfn7hbBonYqLkGL99O9JyKgz/RhEMC0dKtgu6ELYJJVWnkJGTIMkp5a8ID48qW
-RmFJX+v5ryvM9ePSUbLizOUddsXycJpGsu+Am5H20cTPXkwxYtNcu49eLrGoXf7E
-/mD/zDqFryMK3oUBHnBJf0k/mMnzwfgHNveXApOSbflvRx39652Wugd7CxcOrIA=
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_1024_3des.pem b/tests/data_files/rsa_pkcs1_1024_3des.pem
new file mode 100644
index 0000000..1bc87c9
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_1024_3des.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4A004A85A2D2D627
+
+Ls3vMslumxSeBR4o+oncq359q0k0rDTO5FIFxcw7psy6ggd9Vpr3AdIq9qvevmuB
+2t1KtlcHoI+Wi+PkpukHCpCvM0Kju19PQuNSvn6eFtR9VOwgk6x+j9x9ZeZp0Qks
+BgsGzGubqdN3ze7CEwYGM6CvVpoP3qNC9hR6IogZ9VPTjZ0vM92cm4foSDSABxGt
+Q37bLE1OKOfcCTvqx7/r+4U5Z47okeXvOS/Hf7yzayF9ZHuS0hCr+jGWl7qBWNyE
+Ze7ITQ19RA7YS2nlvCvq/8rfduQsJyZTV0gIultM3tZ9qNwr1i5yp7Iq4U6O8SGC
+cR/95R0Z8PMN2DSXoMJBsSRbK32r2GXJoGjvg+4R0UoTbc1MhUTtsoclIz98lsHk
+zVxgPMzk4mEmQGaKVp/wa1ji+9joTkcv3cALHxTtNcE/dElAHBYjjJ7r9V4uAv3t
+jay7R8SIPPh7iyuY4NTtDA5m8yyBKt7v6K5hb2WhT4aucWXHYTize+TxSTpekhrG
+J0EEz5zhWsrLhXHV1KcGDIHVXlMnu7LCGyVNFCWKRBXIbZaujed0xwWgjfXKbkYd
+MKePX76g5OyKFGGcv5KUknlQJhoRElrSz6pywbpwkl0Xqc1dusy1sZ9b5Uh6zjNc
+r5sBvj1k7iK27bzdEuL1I3DEcUdmXLNF3dehNo4v5WQL5iBePLoFSxyL8EJkMQOx
+fpwoutPzE7l71To1zmE3pmFdZbEXTfjcfqkRy9b4t57gUuo1UEhYYxoB0D0i+BkH
+T0ZmJl4Qp2euaaMqYYN2E9FJAyrmpwBMvtgs5oprXRR6geZweT+J9g==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_1024_aes128.pem b/tests/data_files/rsa_pkcs1_1024_aes128.pem
new file mode 100644
index 0000000..f76290f
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_1024_aes128.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,BF176C0F284E2E5F3D50F9C82D9CF950
+
+AS/03rvTNYSsPzqtLr13jwrSOVaTUYniMzj42/4psKVTmrI7Kaiujsa2bjI5Ae7S
+HDAumVDdRCDO/AV5qL7iJ0iJ+PqOh6aL89PktcYjkgx6XK8FDOq1wl+dPLjmrsYn
+oRyRcEllZigBZRbYpnuKZOQ25vnHxGeZ5A4dLm3zUXoMnNXs1h0rPDix/Yd2AbTh
+p371Ac6LC8i3KlOIvjlzCFaOWQNwCkffutXDb+TN86xF9+DkJ0bxHhWhHvf9+fI7
+XJFgLAeCpIUMCdhdqwVqr4Y5X0NBA3spmftK4iILn32+RHfLBshRwompMD1mo4Jd
+ueEY2P57z7fNxeCaHww7r+OUdZbySauuAmwWHEoA4NxDXAX7c/1/PoPKOI8Y1OPB
+00bKQtzGE+FSJQjRzK/n9mIZQFS0A+H54EZ1Iu/ojTpEzmzzE0TR+75lZyfqaf9D
+BhQcyjgkwnJpJ2S+u/ssJl0vpC4bKGqs/r3eWmLJQYvZuPKPqorCAUab/ta+dYfi
+gxD1DjBCdosbUOolIsjJfsejSuhEQulpaI61DWeMMap5UvzfZLLrQ5kJuibi8XqM
+oQioenXf8gPc/FOFiLAAzLKtNjmAgD4tNdA3exmkHwKj8ds+HHS/2FmF+oJ2LR3O
+tmO+cov3ZReOVp7wzR6lctG1b2WoVRu3kzwzoOik+SFBnR1v5z3uEggJV6/cyfKm
+U3KzhOkrghOjonAqw9+H+Q9hLO8d76cDAwyDB3KxLO9yzdpukB3f+wS+RgaTdrxc
+oMSiXklsO9Ro9NIYzYKABjQ1tDLeY8SOOidoLJrrXltJNDKZSVLR3edyk1rZEFXf
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_1024_aes192.pem b/tests/data_files/rsa_pkcs1_1024_aes192.pem
new file mode 100644
index 0000000..c819c02
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_1024_aes192.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-CBC,B83D6A5D09E192044299B9D06C41BDA7
+
+DQvNvAQflmShH/6aRopfKpdKCerQBAf4RYC7+MZLYaUxXUuUzFuIuUyEmNbgsvny
+ARfFtjCL07e+SGJ31hdR/BM8wWgv3v5P5+VyAnd64vUP0R2mFl92CZVxzcXw2TAf
+PbxDrgmiFxv9WfUsa2aDkDhQjKYb4qlLv1WFc1UM68jLiL8W5UBWKKQFnCivcORD
+GlsGTSxMq3YXW0QQQ5x47/4uWaXROLnIuRW7ZSeCi0wgG+RkBW1yUH6plhhSb/Aa
+EnHqsAlCMZDLwrkgeSnmsMSTpbUcCKfiZmJB5sJeJX3RVwZ6l04MHMBtWh9b5fIZ
+4ieSeDJfHqtUgJ9ie8JcLHuNsUxu5Crzjv6yuZ5su6P+YSMsNhHtOBUXAaSunRh1
+1brw1eG7E6qCnRYr7YyvtKhppDXLHf4sB8tdumTCHhBdxxUd49+SrmY8pznkNjAz
+Zhfky0/GKe+fTTMzHNjtw9/qhj0NllUpA6SyptMM1vWe62OkcQYSYeH81btdR22H
+Kubx1iYMx2hr6dsvM1+BWP8CmtD6wFEhIMBNKYcg/AWHA/NMpd7E2HTmviXBdEVA
+4xMh9fTx0cJ9YnNBuVgNNPGSJJLa7JGWdfdCUpTY6S0YEvTQw+1letrVbW3xumW2
+Tk/G/dS0t41QJuaW1sv9DkJJcl1696PSI4ysDJx9Y8LtV1+DzvdlxSyJdg3mJHEL
+qC6bCvj9IhjLsrTDWPuwXjIPl2ycG5FGtAn79pJhlDJzKJZKsbzmQJAvD5jj99l5
+ZiJ1UkmVdsFeQLxU9hsKD2Cvpl9/tdhUvLaZ0UPl43c5XaBSwcT9eztiLUXGivzc
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_1024_aes256.pem b/tests/data_files/rsa_pkcs1_1024_aes256.pem
new file mode 100644
index 0000000..9450ec1
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_1024_aes256.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,28A56EB102CAFF494BF4AFB55C4ED52A
+
+5yOXbxDDgomJtRFC9iBL819dU/vCOe0JlwdyQOQbagd1Efj7oErrMuVZJOl18d/o
+2G6OtjqlynzoeqkTwE0yJEyRMLz6CIZp0wHGoDMyT4Oe86uGh3ki9ZqIWlgxt+mA
+7e1RApFnZOCzmHCGZNCqdSNUV5G/cs7or6Gd9HvdKSCdxffPptE6FaaY8OX4737P
+pr7svylp569Secz6MO1Rds7eOPEjAZBJyDSah2AMIiEMJxGrZ662iFo/3S1MuDOY
+/xoDHtP/Vo3ep6D8Fp24PeJ4/iocu6hmhAIO4j+zLN6uow/Wu+D8kBKMhtrUtnHO
+AoP6sjkNOsMg7fbTEqTrXHkOw92PbZSBbwsgB5z6kKeTCYVDBHUaDDlOTbCxw+t8
+PH6IOrQXUIPl7dt2ilfLjqgzpw4T+RCYp1xgM1ZIsoCspUpizmMTPwtn7fuIjUHb
+copBjLOT4tUx7itVi2tTAMvtiW9mrHVI8xgpqSiTz2Hg4uMCFlxkglrwp1yIUClY
+BtMGL7qA/l/gmhHRYDpkzf+ewuTeOImyyfEnAawVT3+G6p3tf/Cs9RVgUCnCrFHa
+/BuYhGTtTV+R6F7+3yRk/XORp9R3K4BbgWHHma2dB0zYIFDXYtlrODUyQ362Tv1q
+JNFis2PbtNB7DRKrB/KtteWtg32mSaTL446a0HCF0VpFB/nq0wEPCvghed5KYHSR
+PzoegmnjkDikgid4O/RhcOC5+qEykNalddhQOY6CxJEwVTAviHbQAyW3eP1AnIa+
++Ifc2o67i57bkLLlg0pqHITlz1+g7SWDj7Aix2Y68zWZVL3n+e/wzqbdYqMVxiGz
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_1024_clear.pem b/tests/data_files/rsa_pkcs1_1024_clear.pem
new file mode 100644
index 0000000..2d1a176
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_1024_clear.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCvBX05buhPt1/btcKxPH/lplSqiqJHC1Qe4f6wsS0lx5cRUxJJ
+4RKWKAQtu7bBINFENSTvTA5uHYlW7rIHevEjSd3u5USDvAbCxhlIzQKyAueWrr2U
+06fL+FnCwYGcMky4K5zTTt4mOiq//kcz8HeGnoZg99aDTaU9aQ73mF9rwwIDAQAB
+AoGBAIdL8P/C8qcdFGcd3QFxyVTX/b9QKB5PbZnqDh68+C+qWOe1lf+yk9Gr4X8R
+CzfEjMDzbDfoTYdmIdMn9ku+CEV9PsQJi6L6CjGfukEcKEHte+gxlqjN+dql0AaU
+vDNfxMMiF/4EiLzpy3IC5ZRoserRGQAEd9ssp5f6wZ7aP1jBAkEA4qt2CEG7nTCo
+HSIt4etzgdgiFEB/G5dcu/5OGpRn/ZitvXj2B4Nspb4ZKLnRYNl/1FwS1rUuLJhx
+oXTGa0iBEwJBAMWrJ2AhWa59byDDwu6FHkbcES5onijV/Lv5kKme+KkLi7RP02Rn
+5/wXic62Y6vaM4ZSw8c/ERd0kC6EBWWScJECQQC2zb01T331eaY7SLNkPjU7hImH
+d7SLFflOC/wFZ6auWRHVetZAnPdke/liZOm9h+uV4mO3EQuaH5+UrM7Q+vpNAkBx
+GV7sN+jSV97PxnKweuY58Qy7mwxznQyAmWjWRKlOP9btkocHehRYPzeQWPdqiuzU
+PGLcjA9BdmZQ1yUnWsShAkEAuzLRM+3C4EjUYziLe+nLS+KfS2JQvmA+cONkdQHJ
+fd3iCk5xvpX9XnF4TiWspLryW+Vziq5Zu/4cmXeBRHorJA==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_1024_des.pem b/tests/data_files/rsa_pkcs1_1024_des.pem
new file mode 100644
index 0000000..9eafbb6
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_1024_des.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,B23EB871129DD92A
+
+F6S1xLJn+qc/BVv7/0RjykUUqvLR12OcChmOFo3hboC5omWrmPzhhy1IS9XuVZuy
+1gFiqMQwwLcvp5jtMvWTw2kW9zKVcnRiuzlc/wV07bpYS4YV7chi7aGp2+5oUhvV
+Ea9HgFQbx6ZYARk/bcFpejLsptiUBu2gNyy6FC+Bwov36H51y+f3tJIl51ImWnGQ
+R1HMDtLuzHTb31CmWvXCYf14IT3gowxvpO8smaqoYOIw4XeSzprBKMgqXL69/qjk
++et4W4/zG0p5R4WlKBaReXJ2C57xvSTmbaqbCjIYroshlPo9csPAwFtRrWi4Aqv5
+j9OELmZzgK745QnL3IkqsjQuS+Luqg8s4OFifcwBLSVpo2pWhdJnKk40cai8QLpr
+St8e3BHGZPdxacC04cTc8zN8Xr7r76lZ7h+ppksx0uoTV2U0+3caMqyyByuF5If+
+RUYXOJ0Y2jUMUYdid3k+C0bn5VbChFCxniv10LpJZ24Nt4RKEYy+2VhIQ+FuAbQ/
+dSMJdqBP4TTBu0DzCmqaGvgjjKLTFF635hzP+cFvaFWhVOY2v4tkV+4zkvBUKzss
+Ef3ZwhDses56/KTI54GUJqWxNK+a1ekor3tr1IUMPzeaApzUSRXusT62QMBOW0q9
+8lSNcAywvWrlcZ127J2zZMrk0SKo1jNNzYKWt0e9XpqMWAq07SlUL0MJCt/KYw6J
+1eXT+xE9H5FEZvQkBFCHYyAyq54P3yrWV9y01xi0y3ruBf50i7k/IrAtE9c1FZda
+2h5qh0GNAEiGRr8bbh3A3wugidwAVoHQeuMnAsShf+5gj8Np7W9kEQ==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_2048_3des.pem b/tests/data_files/rsa_pkcs1_2048_3des.pem
new file mode 100644
index 0000000..ac7ef3c
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_2048_3des.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3F3828FEA9BF197C
+
+30fgMPEIKER2VH64TsY5lk8ICdP0prc+UiW/tjbQL+2APptirB5SDRAtuwTvbFRc
+Da97zrRwrhhGxNVobJhhffQlyB6vhM6h5aq9dKwD3auOVFosOm0xdiAC/tv+DqAx
+DIZIhYUB5IeleQ5rlDJWoReUeOcnB+d7VP+Zlc1l7zDMx/3FgOyOhlq7dufNUGnY
+n0tZWKItiV7rOYWTjbDu79BpG52VyHf217v+DeDSugom4FIWQS+XwIKg7xvEnxn/
+vX9pgiaVfXlfZLfUMhKIP+azOIm5BdqB2rklCpa17/7aQ8gQid3qolOMObWfnBcr
+MWY2BAq7qSkebPydELB+ULgGP2F7Xdx41RfsAq8RNyVITx0G/NDkYELx02M30f0G
+8FGAP9ft1m5DMBbAYBUhZHlSFZ/9G/gWa/VskSmjniq83+RO24fXoTxYUx716z4S
+NmDV6QEv5V8ZgLtspoC003H6FWTPXuDim8UuwJeGJ719kXChT2imMeAUpITuoC81
+edv2Yf4sqAqg0EqFlsW6Sd/1k7+GZKfW0LgCRvTaqYoZp0ey4wxFoa8jqvz67jKA
+H4nywF2gyf17wk8CM01gXcGypyQcNHrqq7ai+Qr2pxyw8xNBIz5PgWmJ+3Etef0G
+hy/tHfQqgqerk/ghiAnDJH4pc048BjFdXfoIr/gMGDM5aHBDJpZuEAmhgC8PMDmV
+NjG5TxzRDlxTH1dKDI9SkMukURy9aYYVJgm0RA+Ehn6NnhZrdShv2G4MsLmEZSsm
+aik4l71NlDZlAJNYGYik7bXI16Ou9cfU1JNT9+xZ8NcYIMFH7CPRPaTcuW+SgsaM
+P7wVw5rUP9+rPwhcZCleRaR2vkD4MRK4r4+HqjIpPzlBagO8FHb5/wxhbRXUQrEW
+r7F1bMa0ZlxIGRf+Tq2mLr0suuL2Rlvth6WeVVi+Il0VllO88e4cwA2EbPRW0G+2
++yuOsb5PRf63BF3FFVhM4jGxYbC+uuGg0qC/RoI60A+098MlJZRoVV4qvvF5tOM6
+PHCqsxIijXHp4/Vvfu//E93AtVSnPxblXsUIYLx78NXMMl1j/i2PHJpTvxhGICwU
+j4WUKXT/TQISYrfNiaqc521vq1MeCeYRi5JnILxvMz5UJIQ5ehUQJ6aDxN0OzZk7
+qGFhKD5K91X2ApoE6fq38fxYkh+MN3mjD7uBArQE37TxtDdX3+l7kcxHAiILQUcS
+TIe4qYuyxHzuSlt07fkVWQg8ukDdHYBy/vL3HjDj+fuKATiSXbOLP3s5QgAiZQv5
+yzljGNvqtagxJMTjIeD8SUbg2kFwS6FR7q67S57jyyikSkeDKFXjOg56Zb8gEoBU
+nrzTkLICntwdZqFpITklGfF3tZDIWWgbYZMqEOVk+u6WQWv+rBlXfgyW1UbmcgOP
+yoiJRSvqtsVwY5cSyuiZcm4Py6VM33ad4/fd4E9W3HQL/axHfdUzN3YMGOsd/PfO
+AdgGl81+uIgttDOjj+X+HF17gq3jZA409MZEyyBXEI1QXOJE8EKOVnzjHd+nO3OZ
+GmXYWveeyMUrZba/VVoVB5S/wZntL64GHd+GqaXSuEgjmqYFTPgsehCUYoHHxxeA
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_2048_aes128.pem b/tests/data_files/rsa_pkcs1_2048_aes128.pem
new file mode 100644
index 0000000..4b9578e
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_2048_aes128.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,4D279F635142BFE952A71E8EE6D14B0D
+
+6+qW0XUu06eXe0jjSsmRGySu1KXnEjg+682sUbxOk//2YitaMx8wMQqRQvT9Uusp
+lW7tYOz47wiz2UrJXKo8Rxow3B38wW7vwjh/Xaw4m6DlcID8Ho3ubN1n9Or9goi9
+Kg3NYtrIWac5njywFzf17TIlxmbHg3wF98c0bKRInBGZxVcEtbcdRiM0ZSst4IAm
+xi7vEwHHyo7d3cBJoItJ/1kELqHmwFoWZj2wlXCVEHUU5pFfK5WY7uq5P9FQFBmI
+et0IeCCdysZyRmS8Y6BY5cWv2u9mccIvvazQev8H3W8hQ/LS418yYenqd8CAuvct
+N0tTpVhV+jXxPwV1+F29kpkburnHrbDN+ZUIVaAdea/yNMC+bcoEypnpT6D1m2ig
+ouV7jecJSOxhaDh4h1JccR6Pu2DOWTDpn6pxUrCIo4+2lVbLXOeDS8ClhFf5VzX0
+D+5ZOAdm/LSQIOBXBtqOJ2qDBJINZgpQlRDvo8wDHchslDChTNKdvzjgr/hxdPeE
+tAf33lXR0TgqX2vhwbpjqMX2Zi+7VL8ylcjWITdderiNDueDpy7UN45f+0DVhNfT
+JIleuqNl09tL34unugpM+QSzgJ0odHpZ1VXkr7zgSFOYau6/drlexS61KXsqk6x0
+rs+n9ssgVqS3HCne0l8I4VOejutBLAVGOXoz7EC9PtS+iYavetnEcqf4SBPHikrn
+j67x/wz7jlEsSCyYA8SfPJY1wcKgfKaSU+w2XxAo5bMBjb3QiBYRSvb67q+DtO8K
+hUnZMqdbvzFIyXfP4/5WGhBe7ho0dQrtVT+PcCxknMMQ+kyQp+f+jbddLCvcKQFa
+Dlvw4XpMR4Ee2ukkaWpXAc6ES301NnXoAwlvKAkThfRDHwGckGfiEIunEZN5l1TK
+0X1tp21gUZYE+o7SZNI98Sh2CjxIQSKdA212hI3A+2mOwqBNoZcoDBqrvd2cCoNR
+xDA65eV8l5HrDAtMHHt5wTHzcfMik1CTHwL0/O8izQH+fTHKw8xR+VEoGbbQRkAY
+PJzMvehkVkc7e4K22nXAs38LARUW0D77ppR78VV2d/D5FCIXrDn58pi4RjjnQOO4
+yoGv4snLhnMq8bYQ5En9403cbMCJBYp4gvC09xeNNkL6EKoBjpupSMrZNn19VsrO
+VkACjifittw08/g5ncuAAO98YHQKmNPTM6py707dMs4L5jTOcLHCqo+fo+Wnx9Nx
+v7JmWNuFwfG+gIBIYIKmW0om+pcxfYMsry8byIUGNj5SnaGtl5kLD67Lr+LLJwBJ
+TNbGd8auBVtroIjdGVnvwtS1oM6eNXogL++sD7NBY5GdJvOMVP9X0VjyfHd+byjL
+SfTAJq986dSO+5262mRY3fLsKCeQ/quIvxGsJ2sdRoTFXyKFUu5etuOH+40Yhivx
+SnyUd+mVH3MF2sWpuBRE3Ny87mmE8CzFBh+pDdVpdvb1I387wwhpcSfW/6ila16R
+1NSvAFwXMeZkxpZZ6hn1Avyc1VQi0fICjKCR0WYY7+Fl3Uv9uXznzuv9COHe2nmu
+Giom0TSsOhNeMq0N9AbnUEPAhhIEsaMSZAOODsrvtbRijCcrCkY31EI0O2pT0Vgg
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_2048_aes192.pem b/tests/data_files/rsa_pkcs1_2048_aes192.pem
new file mode 100644
index 0000000..a9585bf
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_2048_aes192.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-CBC,9253446D0CFFFA0AA50C251F129E6148
+
+CrtEJsyM72x0zqFnS3qGqTF8JtaUgKe7EkBRoDt5iEowPZFjPM6QILEsBQLAcG4J
+RKi3My1S2nBweRpEvTYZHHzHXsO4UyTCNfeIDl7F1lJ4lO+SB/kBkjAWUTcdT+h/
+x5F6F+dZDMKgYvDjvvZfQyl+x3aDd0y2ZqWQWJEvqH/uGQK921d7sdDFclwDVrUT
+YWjF91KNzycRaOvTHjX9X/bW4UZZif9KTZSKSr71zOX16YHU7aIWJH+OPD/DSylf
+dbhZAVwRBlCsUxckkReg7u13D93jlOlgP0ufvpDAeR1y+jumLOeWddiMBtRtFUPj
+IfS2RPcyP8NQnv09tru+ra6KqRJnT6SKRGS3/+cgXGIirwNz0PbYYN0BCIOh12Co
+sK7gzCbVrbLLLSLuENsC4NeihK4WBe0NqZDU9BMqZ/ardjwhiT2InM+hZC+HbltV
+4h2k/We2LSP3rAU9a7v6ve7U4OI1kFEGn+sNPuDb03C7IkIA3ThASh3gPq1nKs7O
+uWQ6SINnZiPXDvlqZiQHzFipF4OBRRxvlYyly7IBdbIfw46cT4dnQh9uBqSadVq7
+dUf25ouFP6uvnmaZ9gEWvpa5yEafb4+x4io4CLbHPp/pPIgOJKIv2Olh5biN8IhM
+BdO0surr+BHFogjjfh7p47yFNx3N4E+wc9wmEAzNgWijqq/btu6GxYkBltSwbh4X
+8SSwfWrRxmY9+n4zIyehFJ/Q4VCsVTz2meyAc1hCyi21XWm8uBSA55DHmGXrrxwh
+j4VQBzn6qYsWJPjvBfwluq0OOKjfniaoa8QiH3+Evmjyfs4wWaSDXOdxAZFvA8JG
+oqiuFPuQwmsFLxrVsL9UMPj8U++zHahqOWzCFzrd3LlUrEAE6NRrzLmB5RPcdACM
+cgoEgFRR6l81ZWOC+aM+vDyc1u15iOrYhbtgfeeUmj75nJQ3TLXDRv+BryRtP2Wd
+kI6lNUL9M8QzqYfJqfKzJ9mKEGa5iuDH1RcWr7cOv8xZtq+ZrzI3BvWMeYs3CTpg
+PFgKGg3uWvF6uwq6MQJIXU5K9AZtZE33oH0CQtDjSUVdrFyWgNmDgMGgMZlCeynC
+y/82/qCO3xiFUoK53sh7Qv9Qa0xtIeWsRrZyutyxQQv9Lq5xuiOnqL29TL+GVPJm
+/wztj2ElsxqPMgnDHJHjixBBC9POX3yHciDAiuXIukz3u6bsPhBfZKwZ6IhsKTVs
+R1XMadx8g4kHiv1GnbK0/jlZDC+ne1C5yJg5F0n3X9lx0KJ0tlNe2N2/mWeVd0Eu
+mIQq9fLYTrOguE6bSSp6sMzmtpm00Ef3GHSXsf3cWVOFRMEWGLJklDoPgPr/rSke
+QwLb0U/in/NOqmO1gfl9y70XM2zJDDDPrSN+SDf7zEu9Y7R6KmHsT4wbcC/LnSbM
+/TOodgWOBti4h9EybHc5udSMMSyQxBedAh7I0OkCyBDgXXyQv2g0ak3EgMMlaUHV
+8Gtf6y2g4Kwh5DPpJJIJ/kxgsicO6XbSGOm/Ya7i67MBaG3TBZ74B4T/urEYYc2X
+X2p8+n3RGXG6BKOQcXR195GWwwjxy+HI6hzXGO41Q7mrs1mOsUvk66VXYFFLpEcK
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_2048_aes256.pem b/tests/data_files/rsa_pkcs1_2048_aes256.pem
new file mode 100644
index 0000000..2e396e1
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_2048_aes256.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,44804F408DA69A39B0DF6B8E84F4F663
+
+zEIU+VIoZQIfjf55n7N2sCz7QOOZbVdvEacGnjOEh6NoZ41R4F+bio5HthVcq8qo
+hyKUcZaPm3+2AceL/xfdx00pq52GqYVl41MSDTiKwCBE8ulCiHmh9bMZHPToAysC
+sQlXWDP1FIcmILk+/OnorPLpsox2Is8CELgVfkd9j/ytCMA0TPVEqxqJzrmwp76p
+vP2MWS65MIoDFnLHcabHdZZQlTP5DdRj3AlNfHqUMIGygzs0vEmpHjHttOFW9mMF
+HIQ2x+Sznragg9ExjVgW4BgTD5SrXKAEDUcMv64w6VCE8Tox1QaWbKoWKEPMFBnZ
+HH7uVQJnptFFgJ7cKd6xu+TynEMe4X6iR5GAqPIqd1rhjWFxkQb7zCUy9PukFHlH
+uZ3kSLVGV2FDFWN0Hy1R0rfrEFOXc07dwg5lp6AXG7NziJoMChSS2ipAbXo2uE3G
+PdIw6nAR/abyZqtwlyZD1jO2R8WIXYiGUeeXhC0C7OO73J7IZnZox6bbVemFyZw1
+AKgDGjuaEbBC2jBEt3TE5/Aaefef+/nm7MENF9BJlPF465H1ZfFbE3PRf+2eVPf2
+Q/dsfxKFG+Ui86qcXjBjex5BvC2kfMqXumdoTlEx24FGFCRUHB5dmnWRUejglJ9Y
+QWfolL6ccre3LPYDSmGAnAzfSB8yCqtvsvT92NDFsSsO6KYBy6grhnvv0ieVcUh+
+iDQa5f80fB7ugitliOPPBzWjt5P9FDJJ7Ht2Fpbor0Ig/JKngyTfTRVjTh15PEMc
+kYHFFoeT9r5w/4wABsh6/REnuiahcJlcUadN8js/zrPPXAoAjZGfpvin0uv6haBL
+Qh9OHLSw/61J2EP7Jx1IL1TPBCBSsuNb4PLT4e3kqq6GVJNRHCMRpN35ytZr4pqj
+lkEgl1uVVeOgJYWr8jMDWrCh9ih6xBCxGCb7SSUmeRU7FUJ+ybBbvfsnMWn1TJZX
+Bee2PTac6JkXNdDgM/Pe+B/wCFR3clg0ptmr13hmLqmkbCMxkpCVCM+vPA01GNgc
+MjYIxTNxB470tKva3jWqC86ffsvvmZb9eTEog/cfCABscX3Y2ufYl71t49tIOs8X
+5AXE6GdJDCqJhyE9pDkt2prxeoDSh7tcDnxjb6JfAhvmNORrjv1hI9mmC+IT8F//
+QrqxIxBjgKszkFeG7dS5MHo16FCsawCJyl87Dyq+51KTyqeqsXBvODsNT7FnrBmg
+Hho96pEJQ4y0YqP/aXNo89fVfYM3hbdUS9XtN6xh4N4vXI6sNVS9NQzfZTcrtGAM
+H6IE/AEYp4htKeFUM+QQsPZI/EcgL5e5GP7BA7xrx5L4T94kHIjz69iKSd1zNKT6
+KhOWNsWzHZABOnpYQPvsjjDeIG9/u0ryXYGtH5dwX/z3VvIz2mQ0w14OIw2KzVYu
+KGUpGXRvSx+o7QYulVh1Q4BrA03bSaKtmYnCzpaKKslCBXxbQlTIvL2hlienA63T
+V9l9edsJCtzElSfJteqc2uh5oVDkGkgUkfmrY1b/8RHKKbjeEKHOEZB2ZxMTT3mk
+RGx6HBKoLSG5jC4TjjUcAIY0NAmJRLsabrBTDLBUqxnMZroF75Id9KaZHSa74x+Z
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_2048_clear.pem b/tests/data_files/rsa_pkcs1_2048_clear.pem
new file mode 100644
index 0000000..d947634
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_2048_clear.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAqFVn+bKgHDTGFY6QU25+HlEP7ppDRC320hNPs91pri4VZrjL
+hOD4/N7sAoWTZiIOGCo5pJ+OztG7GA2B5tC9/cmdSN8UAXR8YO49+8ZqN4g9Ox6q
+91E42Rq5A9aCMkr7wm5Ym3cK9dZGXHVa4QsROdnoaIKpu3UbbjYOrmQSXXzEkTiX
+wMTIsXz8SclaRYNhHtnv6CKAIm1sTP4a3GyGeCzBW40zknNcgTqHo6J3FLw1AENY
+iaQEeXqTOxq3MFWm0HQFoJC4IND54RiARCo7+qJe+aqMGPwIIzQEXRIQVVcG3lvU
+8lUyTPpegYb2O4zdRrCE7GCpBBe137NmJcZMtQIDAQABAoIBABl8JKu3EWpzyvGE
+jfEzr0BjwWe8TybJVq7jYZO3l8JZE8BjhdxuOwP9s/mFw5UY3s1lxyhXR8WkFxFD
+KkGJpNoBZiCcNWkq+5GpQBUYKwiRRcPnlrauw06LLyuXlEqM86SyFBQlZ7FkaW6i
+Dco4ZLk/dmIsNgo9ZpO+92YLnIQumq5nAY4Mw6CVra54koDmLXorJzidAo2n0059
+K0hUUMgh4o1BEn5I+YPZOkmASsNUh6zbm26tyaiBnU47ueYE//+RPCTPTI4ePBG5
+8nGuRGebGpdOm9OO3IGgps80mADnVUI3QTjcwQlY1pEeaQ6FMf6WpfwFSzssD6WS
+lfEoVBkCgYEA0vRCLOvbhikfaKCnAkaBYlhna1BI32gPa4+bwCKupaI2Kl3uRhPT
+JB+I+fzWXjPZDq4JsuTcHCpP2EpfBi3ltXmjmmI742D4h20Cv9lPWItICn11HHcQ
+aV40Td2Lo96N8fSzwdgr0cH8fVvTEWaZiUMZpafypNIecf7UMMi7opMCgYEAzEdP
+e/zyTHUIUpYI4OlD/C+mCHGOGnDtVG5RIAPNOiXuDshGBetQf+GmCt88RjH5Gz4R
+LuYhOQIKObtMRzsgD8UbxBoRtmwTAtaX/e/rZiW6kEgplwA7ZV/7oADOBEqhf5Yz
+ublAtD1VS9zDXr6ZoTeJVmZ0VMlKXPd3wgnZ+JcCgYBgYQRS7bcwBl25OZzT5055
+lhY560Y/+5T/+W6ZS78rIX9Jv/x6u9f9awLz49Y0189Va6I2v2To4VP1Z5Ueh52p
+WderUzI1Yjpp9R4KdMhRleDmGgeFZ8hxu35+DLgduDJ11uzBpXfvr4ch5u/5xTxk
+f+mZy6+KKg2K23gqiatgTQKBgQCW2Amfmvco8jrFETlZK6ciL+VA0umGKOF3uUZ6
+h5QiXiPeEpFyiYMWC4BbAuE1TG2QalKx+QmLWTBH1UDMUKKqQnjwY/e0ZzXaoK/3
+uhRvh2iuZjsf3/H8N9ZNHosCrEF5P2bOvDdFYQz9SfWSntg/Lg1iGaHJgiJBaBOs
+2y1z3QKBgQDF1Fd/BqSCKA3WM0+3Bf7Mu4l40CKmzjFpVGALTQIscfE4kUiymXna
+DLWearAGdiGpWLD9Wq6/hBC+LLQXQ0zckITz3L2Lh5IJBoysOc2R+N2BHdSvVlti
+sF7IbcMbszEf8rtt2+ZosApwouLjqtb//15r8CfKiUKDRYNP3OBN2A==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_2048_des.pem b/tests/data_files/rsa_pkcs1_2048_des.pem
new file mode 100644
index 0000000..c296833
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_2048_des.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,A21ED2721C71226F
+
+KC/2MeXdBpU0LCzk1qh2ZkN4f/GNMR2iqyUYYqGdcXGe2tiw1ge21cH9+TPrwX9n
+oHFPLGstWmCZDpp6ogyDLR5YD4pcCYrVaqKtHVaNnkuGj2ShMef8ql7c+xcXpWDH
+ptya071WCyQO7yifUMj0KzSgN7evDjn7m94sbmBQ7T0hWhmKs9WiBDHqEG4zDsfC
+StmDtaXoILmmruCrVgvGWAlCTfye4mBaqXvFjNl4xATLn/Nksk0TgmFijrRP0ynm
++J2shgJGyHvwSgwiX7bkOqhJrEZqI9v/ob2slaG9Kod5NUXiHKxnZjdqcH6PC4i9
+ZCdJTLlNzBEGm4Pq5w5kqm5OxD9ScTfyYKyeXbWpkCJmU8HRkXm0m3DP8jRoF6Il
+QwMCY5ANRZ81sEzQQa6obdaXeioMaD1+CpvMVBCsu9EXVAmTiH5Jwj+xbtMXwjz1
+LNIGIlZg8YutLBfnMxnz9RFbz1+PBwJpKIDkK2Sp+Twh/3hbEfsxNrMl59urDyll
+9iO/u45sY6wVXomuHiPrclC32S8QW61hGB44aGwdYTDfpTQ4hRo03xuE3l6x3GFZ
+W8CPPReIsqv6m8bT2T8THgGDYmTJs/LOQFhZacTbnHi5LwVjNKyf/zq3TXBo8sTh
+O2mpmt0Qu7VWOlEqmwmAGdzgxmuPnJtbKpPhAQbqTo35usRd7EjWkgTRzTEd7yle
+t5ylUXQoA1DFO+H+VPmzzOo443BLhINJD8nhHKVfGj3VVpWFnZgDALhFB3pC+lpn
+5ESLfD1wnMSlSUmKCYbOF5zgmasTAAOi0gaFKW7FehbAPbDha5OyrmZWO6/USAqt
+3SrobdHX8XiEjrq83CWlTPDL98gL/LO2lv6lWoO9AA6t32Zur3oS6pjFEYTZtzT2
+sztUpGQbV5OSh7TSSoKRUHKl/0YqBeO/TBUBpM+H+rTtksdnUG9u+wKF7rZodMtS
+TsnIb4onpmmk2GZc5YkV36P2kDlsceZHRPte7Vi5zEZvelHUOmiamGtpXWMug9um
+lnRs6oryDFffoEZ3gHDetE0bG6f+pRtpnvMJ8VWOFXDnuei2Rv43HLtf5p02+ELq
+m0/HtvjFGDvro7ktYFNogpVgAfOwadBArSelmH71GJa/4KvUcM6Anx+yJm2adqE6
+5Ugm8JTaJTxBTHqv8dEKsyDN/5M4QcBC1AfTx3R8XGjqYeApHd0das7w8FdDZtNJ
+MK7Oqa2HEq3ChaV8OaiyHul34gR+NttskcQkgRfJX+LJ2j3IxVAqmUdid8LFJL28
+Rpx/pONcGJHjdubbZZ67Cldb/nUs0ST+HQ+BJbYZNqTeDDBSCIsye+MUKnqBIOl/
+30zEUz5WMe2w+c5BWw65aVL7F6gtKao+W93CQ4yZGbNRfiglX193BQYwR1+7QAWT
+78jf5WyYzFj3VU8iwZ/PQ3njCR9Fumm75xtIlAhHqliKg8C3Jfb8uZvSjvntkjWn
+ksgsLRF+/P1PdulaRYNcZAoYKTz9vYpVaWlSyOm3HnKpl2wSoJXrp/cHzd37FyqW
+z8CeXtMSvio2wXmadhBEEoc8QSY5s3/J6jDJaWUxkQNPdWZkDmVgDC0DUlfEdSqh
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_4096_3des.pem b/tests/data_files/rsa_pkcs1_4096_3des.pem
new file mode 100644
index 0000000..6de58fb
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_4096_3des.pem
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,08A2EE4A627B9219
+
+BZXLuKYuOupeUZGJPIIiGd1dFXaBiFNmczkwjADQeQPb5rzf89n2d7N1442YkJ5q
+nIvyHoezi2er4bhxUX6ToftGdd9X/WeAbuW3QfzlLccf69RgLpKjWasKRlws27WE
+ighuRsgPK+UO2CzR1PSBi2OIRdAsUFhUx4IN1oSMPcx5eR3jglH+jrFwv7oOclmz
+KBWxAKBguVOFpYfbjy77Oa1sainVFIZMeXOqkOSggfX+kmHg9Vk+AgkCAhM7iy5m
+u/2uYjL1Fp3OUuMcnjWG3GAurKAfquWcifF3GSzH6lLyJllC/RnsUwB034J5PHB0
+KrfHipJyIqFSj+lOizDteA65EoT576+4VOpts0aCc5sZeouQS28nyOVKbOtaAXJL
+seQbR26RoAw6ngD8JZAFw4QrhekKRPKzkTq8s5E8QplW/Q+G2P4gmn7WeKDQGHW+
+8FJtBd3kmzIydaM8TkdgZOBaNPAvkRdJfPcce1xdhCOVfI+jM2ZrUjGNjGlVChLv
+P9cKwP1KgzUVb/jYEboD8d+ia3xwOfB2sfNS7mDoTWeJzle7zl3Np2IVNpND6zpy
+eP4sTjSMDJNGZI34aGkGQEBCznX/ssCT00CVLS4tikQQvHGGasHVqn12gTn+c4yl
+ranvfJ72h8DIpHenIQdvzRhTHG1wqIn1SpLOxxRzUCtGUuSWmbTk2Hxxk8xZUoNu
+n9n9mXv4DecGOmmaA2zHq9N/lmPv9ekRneMypD5sRjo9OUJVPeNkiHCzp8ud+Nr4
+PcKeZSsh9SBbGcgQXrGedntjualYq8/yoE0cLKOud3uq9PA7gtR6u3A+nT1NFMuD
+hnsnlDj5p+k1rWDt4GnYDSjRrbFMZ3K+s/OaJ0+Ul7WXBup+0X48zNXv+8FPxsxr
+4zMFpLuhxLAI6IJlqjM8TQhRmP79oGxolF/rNyOR+3K+HFjEFaBW/Cm6WZVKYV6N
+6kY4HBFsYFhdfPlIpKX2FfdH0WT3yzHLuMBsb1Cc3u8DSYThg/vxldwj1LZnTUJL
+ah/r94RjOXd2IDe3CvgxK8ofT5XdAPZHBKXosnMTBx0HZ/prwFXt4YvrwbSxHwT6
+Ekk+uqMZE73Ln5Qh4i1iEH0j6Gwyw+PekVsc5h++Et/7wHlvF1dv+RB1imQvZ09n
+Qst9uN6SYhhfHm7CbGpNjMFJGopEgA719QoWnzCefgnuiULWd1nvUTjsmAw+w3DR
+WbWVX88K62wE9g22uK/EB+yvyQjbOYDroTIlpL1Pndmj5R86Q84m6zgOsImmn7Jp
+fbG1CXlRCIlFCD87dxNSccMeUB5cE/qpxtaAntYqChgcbNdQATuO2YB77ZQyL9T+
+cxCOIXzhnxhqvfZ/Gb6kT4LjxYFzuY2dVIwiGAHtqASpbrB8qhsj5SOcGg+qdNwD
+LcN8nOIz90u9+odzilr5BZZIU/mFKzhPw4+Mv5QohAk4PUx50yz6NvFiCDwIhPxX
+9MvV6l1pr2Kx6nH0uzpC8H524zL2zhYmNhUdRUOCPApLv5a58t8QkgymFD7ZXQmz
+oYtIyuv0D7F5SfHcDCul0sQ/cOoVSLIX5lj23M1SLRVeUOCO1HGK1wLaZX7jLzbf
+sZUFFWclSehoyt3Z83M9/nbDq+b1Vlk/1qrxO6/AVYBneb3KKYXiYXIQHkGt6ClF
+yeAPRXunxm+R/qoXaIETcknyCOH3teePL0uC1aD4jJEwlFH3JvlSSA3ruAsrBuzQ
+Oy9VUq/Q1lK09SRT+EKzmVhvb3lVYkP99Du1BoIyD9IURGyxoT4Flfn2E+tfN2CS
+Jf/JQEtf5eI6jSM3xq9fslQORSNGWm+Gb8i1wH/Sl86d7OZMdma5fyfqA4dYAi+W
+2k5sPNomZ2z8kL8uixR8Bt/Bg8nkIKjLpZIu4cd0gP8BWbmJ6axfwbcmP78Qk1Tq
+kwW49WVg6Sc4sW3T+zPdV1wGm7DdW3KfJJOV+6i6q4GTf+4Idh0631lVC3L4wJ2v
+C0l6XgR/VZQ0O5NFGeRU0tdrqvck27BjOkngRvDjTkApngilLrggvIXSeYMku3q1
+2MuydcUFA3najp/F5v+jTiYIzJkuYsF4T49M8N7L0XLuzmhpYK7EU6E6VdsoABCY
+JWWzdZdfQ/dkGCbn1gIbSi92hG2YQ8nOJ8wOfm2fynO9iCu3o6h59sJ4zrplAyFs
+TTdK6yd0uDnp9glPmurcEXmYOGVjVfRCRRx3K9tE2QHub7lGew52KrcKt9FUPaGc
+iD/WQi6WdSVa+YvLopFBLzaau60QrwORYKBiZIOyZyVq4LVWcg1FIbni+1NTOpTO
+bo7/ymJVA8yPqlcexbYAUUL9zF9BfS+lE+MWygA83dWVogIpORu8Us4GtUf9Atq8
+Q+uxiIK6V2h3KQn20E3EHFmoRJJ7My3GPHxuG8/mczEAVMhfZJSXqGNiUOgc9EIz
+eFsfoyPiUoOkL0WCXYnt9GDPX+P5FZ2ycfLb7pQUCFqY/9Lr+0LzaEqqV/GLyBRH
+SR8j61eEV4ZlISLA10eWkkyVVHRA2OeAc2kmaVC2H7xBUY7owYDDtlUzKeKL0/al
+gvCqE7kcazHcoiBkQI8IzslFW2Q/plURJGkuiUPou36aFFTj77C2oeWT5hRxc+X3
+9frLSIRQItMhxIRxIccxuv46lHYGA/fiPLJ+L+GiuZZHYX11UIQ9wX+XB2eNLZFS
+hvJy7+u9hsYyi7KWYnXM+8I5+RO2NhXfKhPwW9IJ1aMWMUh/VEYlGOMJGSr5c6qy
+21qNuK0D5a6tKRkHxaUlLvPOlylqGINRZiupjXIrkbzNy5pEYqz3sJSv31FHUmc5
+EbrQJsI1ia1hEY5Zgq0eQc3k6HcfmfgIIZ2GB83N7AGrpMRyH9g5ZguxhdbSMjcR
+1ZgUxx3sXWPIIwlLTsxl4wY6CqTQG2ZNPya2PTW2X+Qsl78NhLqKUgXHsfQjViKO
+ZY/02FZEObhIfBprdq0HIu2sFKtqyzO14kVe4MX+ZrB+d7QmwPqDsKb9EpUWimFs
+HFPsOkJ0lc8EY5i+V5XecWOhQccjEzoqQzffnlWC+E08/G0MyngXfym/JPRJxYu4
+nFYfGzbdedXl7vYXisw2kbrrQW/EtkVfYyho4G06tszUccLGh9akU1ie6ekDQT2o
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_4096_aes128.pem b/tests/data_files/rsa_pkcs1_4096_aes128.pem
new file mode 100644
index 0000000..c54c1be
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_4096_aes128.pem
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,2DBF602A00D044C2770D4CDA0D26E8F1
+
+945LBJrU1VrfEqmgyMSQmw0BtwxxjzegntS9iB/6XsTuRbyiOpj1YgiF8oHYhNXm
+8Ubgwe0WEkqYOxyWvrBDxFgFfcpHvmrNvPssKW7u2jFx+wKKDCIBHuXIIfm8TJ1t
+lhal/TpRAs0Zu6ub66UG6WNxtKIW8Na74OyHiBk74V0GCpNAnNNpWsJ4YW+M3wep
+rMXnySl0EJ8caZYCXVzcHQVVygCEHCtSr+cehCPSJl2jeWIwqqy6fiFWYDj6s03C
+eTylSyWFOMjpTmi593Dh8vwJ8bIC4aci3BP/+TYlvT6+91voYz/X8HtlNMen/nhP
+ZRYbfwH/Qy2FaEhHI9VzQu83Wok07K9TayDBkjh2HDIL/SugeLGqBEeVzVN4aM2O
+/QA8wg+gEBTOZH/uXim/81/pWAaYfXPH76/OxjgdrbKQx1CN9GR+h8stFrMnTlQV
+AycGUc83rnWEJM9t/3KyrDMSPwbm8lm2npdboh0iXi/OocXxrW9Mm8OpD1mXFOg2
+Lm84CCs+X7lwiDMbBNRSFiiUSzmzX8GWMkwh+jjAiTa98pbc7EKcTlYlkOkOTeVj
+rj8Xb9eBz/AfdrV52XnDBXhNmlpe41ceiw2aPmZ2UhfaHbm9wYL70GTrTvbVG/gC
+u8yYT/3BLZ6j9BAaS1QlA/sbJvlvc3TqQA7wGUd8RonG1rqEK39wBM6M9dHddre9
+XyCXAaHH4GbXTGFY9xYGcoL61HFrEl6HZ8vBOs41rYROPYIkWJXFmoDHY1aZo1Oa
+ofhJG2bvv6gZQdt2f5JKeWSCMpQFSP4PWj8Z8TXvHHYQm9e3dImVK0E2go6MjVrd
+ZS6WsJajlp0UB6ceLFX+NYP5YH4u+VJF1PQ2M6+yno0BJpjPBFhv2pEHLxPCQDXg
+L66ZgCiW5WPFfnm2PZOE4qtlK2msJGDzOez+nvOc/Pxv2BVhWKhOM9Jyc7c/at2M
+gGNV3DPGFlRnuCdHDQy3ncb30fQsjJqQU2Xrj5DMYDaWcLTjznwXO5GMfVAQufdg
+EJAYGa730fPudLsT/pDJUIj24Iz4Xfnd6ilj6C2Sbdl91JZP0JwFkEuQ43zo9Nr8
+vMcz+wzfkbq9gXKOM3WNjbHFX/BfS+/vM04Cu4m6dhLIFDw1sguI5yCaHOUiuk2E
+gwGHkE2rKo+/afymCXYas/INFr944eIfkK/dMyMZI16CZZtiowG1UoFzynNb9o8U
+NUMhy8Ba5qrbvx8LhaQkHbeiBZ2vKmyay5Y9FYZ0JiY/Jn3ngiec8zsgZG3as9XY
+3quTs9W8fa0HYTNvJ4o9xZembpWMj+HLGjwZ8uiSQUFDp4mcwltb7t4cnFfu1X9Z
+MPPKzHTrECAd8A1XH6HEmeZhUaMwtLt4vNm0daXe4LvgMAHk3pQO1flVrsRxl3K0
+VD5NhJCG1UTl3OUTV2WL5+WW76JkdZ4Mn1N8tTpyLmQraifG9yBhGMxUNl4x5brf
+uAQGzV/U09eEjU8pDVZEteaLAbFqH0xsp8Chz9dGM6pKy2t2H/ZFvk3g5YOKo7cX
+mMGf1wG8WRyiZTxM+XK+tpmUkuPgRjxdw7rFTTwKNG5VmBymIHGR7lwiv7fLPXo1
+0v3gCztnKBTfCdGUjdG8yRNGAKtT4VdRsCFeUYl3ZehQUXlO3ZU6bcVv8DGFmPli
+B566h8BPIkQ49MKbxX2E6ukw5hGzilAoY4VN8txXGtncvm0FUTt+ji+wjIDAKjZM
+DWMm4bN7/LCEfsx8f1+XivzqQY7hdVntkeUH6R9GMmJ7ldfR4DYVzGljB1xZmVNV
+FD+HihBMVCtvzXLax5zlrf4iunmSMPBW8cNTJCHXNu8HbxNnlhIQ55G77DDIn8RC
+sh2UDHEWfkXuhhCfdxOMCUIBTBMCgK4N4pRdxEmj+RFKJR1wHY3SyMrcU7ye5/nr
+mxBF0HZKmHm6+U/oASjHeycUi2sXbzu60H+rSQjXVnCuFMubQ7LzJzNddmRc346O
+6fNa+28RUAxdmWOD8co5N7f80GAGKh4VwD6Hi7KDFdXPNFclesjTKF8U6E/Q/hjm
+HkH+uVeOKZI+41qiNxIpqP+76h4u69ZgZlYVd0qkbRABLBPN69cgsR4EEcLX8JLD
+rwgPaLrLyX9muYsFf6I99DDjcqbW4BAu8gjzE5qGZWQnOXAfSihUBqE2VgUQttF1
+Lw+fEe34AqJFr3ARcQg8RsZLomtQbba8VxQBVMiPgi+53HSz9IHTApTQ2ukuFB6x
+h/uyVtBImLCEmBu5p2ZSBx1SWXM9A2pj1tg7CgS6l5F+VIFInkjBmSVvRooCj/eL
+kaEXz65E96Pq0tmRlw+Zg4Xo3RaU+Ah2Vt/6Je9ljD90wpso6QbQBNnJMDF01EKu
+KJvvxf60xXB8j/EZvYm/7wDItCRnSBFZnOQlIfzy4bvM/TLFWN1AgOsIuWjROe+n
+Daq5gnCBeTwNwiSkoM5WjjlGGl3K1ubm8t1dEbjgL0tUHEv/A+cD94SkqwdPiL+K
+uY3qmWni4ZfwD7V0l9cCkUpdhmmCuX5v3ylwmSvXJ70Ag6tABDSMZK5pj2GTVGno
+ggZYcO6eORb8iaiE5ZkJ3tRYjUtbXuqTharC2OqlwEvlOGF72SrQEiS12zgkGYnJ
+ZYDGz+wDA2CCpFXxNwL1ZZp6ABgH2rgL3RUqPGrXefdib2lNupvrm7s69//wJmpC
+yH4Hex8Y7zA9I1cumIPFARQIOgNbvnCoplRYNeX4TmIMY9uMGtFNRHvrk24bCdz+
+leOGPWFPrT2SbPb6ctGRwZmgXq9NLcea62ErzDHBwEvMxFVhKAGoRUR97YZv2y3F
+hkj/kdgQVg5TEQfYWINkDlGX8kpRcyHKYA/VPzupgI9g7dvP65O9Fo3sivJ3RM8N
+QJj1hcGn6disCHnw4PrgnxDkVELIAOD5xye5919AYj3j/MwIu7kGANNjJk34Tu6P
+gRxagTKQB5qyBMsYJl7k/D0RUPA8OsRH1Z1Vl1+ZXtaraQP95Ozoin74NPESKMnf
+8lhmetneI9kgnW7zDxZbz5On26/UnXB9FfJFPsHS60SVpUFihFudrpSB6CHxvYAm
+hN5EUekFEAgB7LJ0Tcgc49MbVdMKk7H2Umoovc1Th2DBeET0Q1yabaPG3SQF9lPH
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_4096_aes192.pem b/tests/data_files/rsa_pkcs1_4096_aes192.pem
new file mode 100644
index 0000000..8f2af5a
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_4096_aes192.pem
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-192-CBC,3F70213897D2A537A35A891E5682E0BE
+
+cjhXvbgnfdO1KzCgWFTwBr0ga2bwtEhFIWSE2EeFXK4IWz413L9nfGyx4VGMcb4b
+j9f1XvJIM53bZ1lrqPkDd90qzq3GG1juNdAKUqUSATFUjo41/KLE/yCETMEhWCIr
+LdH51NvRGozU75SR+i3DlZGSepn2geDjdCrCQuwVOJlG3sXiyEKYvBpQDHYWhuH8
+isM6Vlh9sibC1WhYrvslY6M9l8C0WuKGkqZcJmIYC2q6uHTcq1g3vyZ7ZEwxSYe8
+qxGMJa9MwkmwAaT9d/FTLjXwfagl0Waz1dSBOegtqcTTjaougv+df0y9VcxVYcay
+lMhjo3wasTl1k8PW6tM1SEEXA+4QJsGWdQSqi9TqwiqwPcsxAZ5ycNmF+Kr7h3dY
+7yFzc1E3xMpH1zR2lOfvwKk+2aWEyeHrREd611Fpu4Dl0WEtxnTphswt+FHhmNqF
+J8OAm2Cyd+pzkPJOJXgbaYqM/ff7DTo9KQd+WJbizOVW9tIwz9benq3KCuL0NyJK
+r0Al9BI4ysc+3hmfPKhrGzvP/BaGPTAfE2Rk9qajPfyt1vYg6WzLrvvyPTuS14mC
+Ldbfzl/KBZz3ED3eqmW3/uMxIZcnRUL0jr7DPkdN5hoJyEbtu/kT4Cjke9IrOnOR
+rVHowECNOjiA+Z5cIW3HFK4jjQwUZKMrZNrN6gRbT/ZDa5CwgdmmFG49U+GwNHmu
+cXvNnaGY8PDPvXBG9nmJ7mDA8P/VFPYQVcPLlTbcA3QL8NUBWi95tp4FX0tdEouP
++nR08+UutUnifGDgScBeBvzI1eYP8Tb4jc/yQDT1L2qsk0bY9LNTgo5XMOuStM/d
+Hf1IH2vx5o4S71PtUClJ52dGSbdr1FGB7CNLOHugaX+D0FsjxsFiAnPAvOvZ64zR
+vILBa9G7pFxhP2cbo1jO6mAixN6pXoZTEYv2i0SpFvQzxAP98PZqWFdAFLPjEza/
+Q+OUs4xV7MdcRh/wycihFCCeGs0QFcmZtlinP7qkTpaXUKdcQmJHj5CTawu2GFZz
+4S53US3p8LqoBMOb5dgG8zzaCh85evrG6liKGtzpY3obsGZYej/Dvuht+Q2Pn9a9
+viln5g7al1KEz0cU1VTfB+SIunCMfNS36e0zl8PbSG231vEQqVbx8Xv5zgzSL5wg
+I+XtotQEgQE57miw0hjW+DCaDaBc7mpYzPBaqtC0qJUSOpFE/fig21H4uDBBZbk3
+Pf5fkLXrCuoT1EJQ1iYAuJo6KTdvIO//6h1lXu3ZeassNKS3k6yAmyy+mN9+SY4i
+RQR/tjyqbKRVoCLiNJ/h917NSa5jFJVM3DQD9ZNYR8KEzVFhullZd+MKeuVM4NoA
+H7K50+vCfIPetZfkamT6DQxcgqwRz10pfY02HmNwx5sPk+US7epVcBlEQofklLEq
+fUV3oVbnaID1FjcITwvL//MIYMyHa83e/WFkOLORxzRCOnCe5lZMRNNrWFZCCiqb
+X61aRfeGtEkEvxe4QYbUnk2jOJYsaBW08T0gOPKaIo6DpzzGKsotzYrTFs4sVr+p
+QfQvWVKq8yYwgBe+qCseNcbPFUd40xGSbZrYGLB/Btax5431A1KsRUlzo5gdDDoB
+fEGA9oFbVTZ93r+hK+zs6lWXeefe3m1wAetlLWpEneNe9V0mHZ/GiPY3cpE8dJNV
+OPucb0DQqJJdmCfC9ZXxgpXSppqB3jo+C75lgTyd2kepwf9uiVTz/ysnHvj7T5tF
+A05lfnQa30MdllCBaYisJa77Tpq8VoB1boogC/UNsCorsuXCDe4PvKPeElGokdwF
+Z32HdTWftm+9ZkiQBY7aKxPELnMaTEvxV7p3O45bqcLt2yuLejDSp64lPkX3I1Ze
+nPdEnYfOLacvDWxZAmqDmzCTwbLqeuqeXEy7SDELsOsLjJQorIcv+t4y175javpP
+8f9TNhteNhOTjg2com3KtyyApUPZHxEnFlq88zbWCqOg3pOLYXbm8qaHs2shlDoP
+Qi18GHQy8eu/mnju6UDASAY5xCCkfuh3GVQX9TqU63kK3j3+VNFmD8v8luStPFqZ
+Z41mebckvTPsdH1wzNSZ0yu1m0nTfGrbNbtG1gDEdnTBsLH4P1hm3DFVOLh1S4TK
+iVl0JUnGbWmSP5AJjbxLw4Y8KrKgKMC7SDGlSyWiEH+rPkVtqrJEwG0nnanstM8M
+Ddbf5YvpWXFYGzCERMm2WrpWVrXLwXdMW497cO+YeYviwGDTmAqFU8PoJkDCt3F/
+WbP7Sl8Y9r+a92eyoWlOh9iP1uEneNsT3z95wpqWlj9eYZlFNjD8aY/FXgfnjXey
+dehNvuCNor5+FI8fuOHj1C/2Z0PskmzoYuWmno5sPhNtE2GpWhUFejVF6QdbRbzm
+6WY9+sJeXaZcrd+AGH51ODgsliSPP48bCfkynkni6bVyURPYeTduhd9Ww8ZXpjNi
+ROUGA73edxzZffhAuqujKNE7+cs25kVchZ5zh3S9RYCW4iXfMsIyLv2bi6dqJPtD
+YW6emBTTHMYNE1EFyBVA/WLL75EDExJeCbIaCf7sh4lsVI6MMyU0TwTmZ+jNANqi
+Ciiys0AYSfRAs41m36h1Efy8G1bx946iShl/BYQS/6Bv0nr/LAOfaqo8mx9/jj/z
+Zx95oX8rKViAj/dtlH+/teW+i2zVVgjcvDr1pvekeb1n7xNLxMZs2bGHTeGFrqrB
+1rv9h9uVJP11YP7AuyAflAC3LOKOtxen8cxhvFWJGW/djyrEaETyKy7mG87v63ze
+OboJYP0F2005FS3xRZJGohcysp+CDZS/2r0DfiUi1b/yXeMf6yOdh3rXSVDDrxBZ
+ZOciIgadV2wwMgj3tMpHfA4kRuNWMdr2OUws3/Kl2vVo2sd7oh+Nrud+peSnWq1f
+0yhsbrEhxTFeSKxd39qkUg8ELMsO3mLjUVKC1bFZzd3cHulVJhBRC0vCrVAgfFye
+hy7E9sU4+cbbGGb30k8WODn7ciG146B4rv+ZXDTuDG/PJeDf5FLrJAg78RycF1Xb
+vRfMIcrygIczxKgd8sHuAk0/yYN8tM88+9wEzPr5F6Z2Dj6Giai8TH8p3t9SOpev
+JIFSVyPYxUWg5B0kCOLhihe2aBP2Gi3+VoWbNoRiqH7dV6refqZG1CPf4RzKJdT2
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_4096_aes256.pem b/tests/data_files/rsa_pkcs1_4096_aes256.pem
new file mode 100644
index 0000000..e2fc2e2
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_4096_aes256.pem
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,52B3A521A4BE45F79E26667FB6F79A81
+
+m10sgThu0xP1wMx+664P/NHSZSjTW63ntAUwVsCfpWamzPLGWOQwGqhfTP7FF8Aj
+ckgoYL9Gryulm4/YLH4lh78/beGVYbY+dhOiQoJ284J28v1hGbwr7jRITuabKted
+PSqD8UEWqHRmJojDe9yznbfAKjdRyBapQg9qrbKsuumq9KKmEb/7kXKIy0eEe2lS
+U0/aGFlPh2jpyLuV16K5NbeIZBzyuowZWcF12AI6gc+axP33gpWPDoNqP1PLluT3
+LFx7o/1S0mMpVNQ9GUcxk8X3mngJi89AyUVoby1YIffGEQWKM/lqbl4/uztVRaH+
+ZL6d/loOmIV3FqDs4RlDTUGMbauvur3BroH/sFNNfsPv0L60U5ZqNVWpJSLdiyzT
+Baqm0jET+pQnwO5pNVMmC4lV7ZTIRcoSmXwautuoxAPoJKGjrU2nKGCFWvbYyq6f
+pIR7RUH39pz6ivzW6+cHbS5B/6X4BLGMrgk4Y+DNUWtDaPebocIZKPhUfvnqwb79
+oNyDmn3wIniyOYsZg3YzVOoZGanWfEfMc8AQf/MsHmSETRRG3+zGqfuF2grgLt5M
+6f3yz5ybKnMYC3U+Qug/R0xCw4r9PygCF9S1in2mPj4alyfgU7bfTSnyIeEEzA/e
+csEnv8c3BUrfu5Mr5H2miBByEnaE8LoW4e/fo9Rjjli5YYPyS0Gmj9dsp2Sxh6d0
+F6uwftnHWidmPjzlYYRaCnCd13cf7MzIgCAALKU6YyZgj6wHZ9UGHuPY/gmM3Tly
+rTxtaZ8RkQ63QLyC3rfed9/rScZLP3unnWrE8srxIBfkrdmF7q9F7GvpDLxjg+F/
+SPDXBU91sAVCLsV4uEVmx2uYBnCGQCvk/sESlsDWVHbIzhqQeeGOTFTwRi1L7dEb
+b4+/+t5AtWV2/Jqp57c+pi9MISB6dGRi8PwzVL5o18mRqQoqDMGazqiZrnkQ2HLl
+kpXAPaZiEC0B/nbHk1jvs7T8vyckNCo3u40Th0WWMWDBg2oMNkFg02Syp9suBfGv
+eof3G7qPKGZ42hrMt/niBhRhyK4hB5P8ZtcYs/TdJJVAK3oBHbwZb44j8efkng05
+3gGCvvRjCYqP7ijhHaIBatqsStuAoJqZTQsXed+5BenACYqGxT8mJl+JMqS2kjum
+Mt9WNK6EWV5uTe/8M/A4BMbR77/AOgLBYIWpOWcsjnTWDayZiapEwnKoMPUjePlr
+pbwSdPhP2VHHFKqNak+OEDsPm3ouYrCAowe/kU+WvGuyf/83BizJZ4cbnu4XE7JO
+jw5PHrfIW0HhdqNDM5CagQOOWQazCUB/uH+ehqt0tbDmx7ZHPtA35ZQy+tVYcvFE
+RMozwpEcDQHDyooWBIWXx8v8LYySH5kYUkwTySe0WQrPjFAQ4WOQDTaq98gm/q6b
+oUGQZeRwPAdUa1muj1xUELzbeok8h2uLFS3VEliLKMo9s3gK/GKcmyb3vhZpE+uW
+JHRR+MkvSHNOyV3eT0m6S8zTj+WxDAkrwA4OWN+pZndlIMzUuJ5OH4iyXBDIbozX
+OYZgHXN4hXLO2ThNFvud6JFj/pHurTVBIATSo4Bb+VCynRmtiV6OmHoDoNQPrv0J
+OtttwAbKEIUp0dQLMDzxiyqnurEkvwXJJA/hXbh7pxCVt8mlTzuVWLLxN+paF5Ro
+3BincBlVtPdWcx75TEXhewnF/JiM29iG5qx6NQmaIe4f0MGtPCFFnedhMJg/zKpf
+WRQiXWfsCCJWPM6NQdCxmFJkPuoFWGU3wpFepUFrYVwgnSnwYdmDphyo8IzMdZKJ
+HoC6TcfxoX3EaOOFYNPDrYqFU64gpfIX537Cunr4l11kmt9F2CpZSZ7SRT/b+fDn
+JDk8+Adm8bdisO2ap/Uktei8ibEXMcpB5I0/t6VDOGFLnvax+u+eGH77YK0zVExP
+5N6h8kuMFTLYSiDi01rOxB3EgAXYqiMNttM3XyKUiNvLRIuBqiAWjQ/i94PifQzG
+i1UeItRU6Dx4JlJhKnk5C174dGwv2cg6iZpKydHexRyKl+/+pmvYFsNOQxkLc/U8
+uxxHANzHRImndCsFiWfX5Wm5AuY9Rj5EbW3D5vsGiAT2wm9Ire+OkIgAzOpp+Y+b
+llT2q7aKV6ZRbGYxqy2b7crPhC1+OgvVapGdavCh1Kl28wZyW0z63KzwhKrfpzTG
+keJn9uokrNTo8i7kB9OYQnB+Yj4l+FpX0vF6mC80HWtpe8dN1fEa+nBhMg9NYaeW
+W/VBcd6HHsMUbI+LCxhJdJYm5ZcN7+7AkoIp1lkWb3hVDutKYKFE35o2PQaulVUw
+Tsya4tqVB4FpXZ703IkBXKf2rS+mUZLkBM0FD0NZcVFC9DbYFKhqArhPygP8Dp0b
+70eMENpvur+Y28Xi5nhgB5bYtb8AKuEPr2A+MQ2e0RNyS9ADf62Xnml1xKpPjtvP
+lz40QIZai03vR4jY60RRVYxiCfbAjdR7UDnuyNynGXgRYR17GAEssztuWszOuneF
+uZrUF+QqvjDnuX6TqUUzd7DR0tt9n5nWEeX94YEwkdnGMrPSDjYVBFrUzxb0C8EO
+YduXo/ZQVQy0egZNqiIYt9MnaLpnm61PNqYjNAJ+4Lu48q7R1x3mnJj2XcHOonpI
+gn3riWaDVOg5oS/M8T2Kog5QTfZXqYj4JYluWZjgPl1OwbxflAPvZ9SJwPnQoENA
+v3emZVeCZDH7aIbLVIXPOq5cZtstuqFCVzafY8Fc9WpAQ7Av1TiSvJb/xPeD0D9g
+Ka9q9E6K1Y+Y+4gdDkRnssG0ymLk+F164+6cuCAVALwGwW+VtDyc1e1cc+445siC
+6epL71QT94CfZMQ7A0ZkgusKrL3Yvwkjf6mBkOvKeh14rbdrAltzCSrf9PmEJtB8
+BRI+CWhsBGUwqqT41U5SFkRG2G1Kx7xILbZgJXJfE71esB77zvTSZRc6/IuvLUyH
+Lt+crv6L4NrN80dHYrdpcRKspIYOMpBSGGH8OMfSVU/kvAPVB2zqzHgFxA0oHkm9
+cLCLIPVZP8F2iA8Eghm9uGILxdUkR+YdAY2ZEr2N3722ZIMBBDIljdQEaRAGDh/H
+B5e3w69NVD9d8cKHz/M7ld5O9B0o+G+/yrDkAokJuGACHjqhEzhBfpDO1orNb7Sj
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_4096_clear.pem b/tests/data_files/rsa_pkcs1_4096_clear.pem
new file mode 100644
index 0000000..96933cf
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_4096_clear.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAzoPnqYh/7ETGmdNWcczq73FW++HfSm1PdeJqi9VlaQHvm4TZ
+hj3JZAp3iw/DyQFiKDRGwukLbroWrQ5tGnksEmuLWYiinaCnApVLqgw3crzCTBoO
+XoRwyj9mE7I8D2NyjBwak/Q3mnbqAouNVNtE2WAqBzEHNIBvub1BuIhh9MzqQViB
+4SFLyuOzfSPfuRWO0/7RkykoiYC0o12SY+fALP12PMSqwsSuzTXaPNUBI94ScwZO
+MAc8ey7jomUKPnEZRASBwCNaC+NYr5RlR4JP2hqozma0nbzndPwPdYZ2m4uZnTzP
++2Y9FbP2brRYCkMbPOmnt0g2CjiDdw1J0UHbFT9OOVXTmFYrGu/BlF3sX7akLz8l
++4EWQ97acGQ2goPk1wpiaoxFAujZsCGWGSdEWEM6LEmY6Jr/2cyX4Elw4+Q7Ljxp
+DRN6jc3QFoui62bkKqozqPs+1yu93vPe8GRHIHxCzNTa3oDsE4MVX+boc/CY12nK
+9uDkBjpwL4L8/FRFSMDbqiVlCnwqkQZhfutzgD64IMy0B2FhbvaPM+22OEEHVEb2
+hq/Gbs4y6aPQP4VtIWe+UrFh0FUIR0xayGnME+blxD2Px9oJ3KpJ2IEG9ulxtHXe
+Lzw5jgC584s4wFJz8R2DL/js1dbNXiSQZnNOau0J2srz7w2XFo1puGxY9UsCAwEA
+AQKCAgBp/PKRZNfah7WxzvAnuba9qtqsrVDvHsjQRKLQH3ZLfU3e8EC/j8hjSqft
+u+qMp+QbpDDI6dgPPPxUVvoRwyymS4GaMvDam0/7mGnb3Sc8ALprWlgTlD9a3Uzj
+QO9oKm7oj6foVUeQRAV3xu2DJoHgWmVXiYccH+q3VfV74qr7e4uie+00gOUoPNKq
+oBW7JOBH1xjyQQZoA6Ex0t1F3vQXYwIi0ACfs1fPRBs8a0mJgfjQBeVs6tnUks0L
+VHX8dAk2imWZGcumHEkw26VbHPskgdgvDjEWX5QeyxqYA6mtzOjK9SH88YzaLaGF
+UZN5uNUq3vRPsYTim/yExlIjTnxEL+dNAeI0kZQpHZK8G4yHbWQ0WRJGd73lxIUS
+fXiV4/MJNi/0pPfEklZ6TThUZI26im9QxRzGDxiIk5IfL4o9kF3JXdjNNd/rm62h
+/t9pQdb7UvXGzU2RkN9q/fOsdXF7n4xibAtUMzCDSnQwID5sI13gIxsIYpLP6x1x
+8Ew2s/4j4xVfyDt/TwimAgCdFQFZuO5IiHNVoAqa7mCcAJH5UFdtFkRvDhtk9/Il
+zF9XpG+Bf6vwloUw/NEczjYzNLjKAnl1fZJCgU16ct6VQ6ysR2DXRzNi9VLigWJY
+RC/+r4PvOTP0TB5Fid6MtPAakb1/YCP25zg7XZxRW1oAVS4n2QKCAQEA9DGty3ZL
+h4BruBSRmkZfGySKS3Wo/eXyrY7kv8/6+Er7DKoGzcVbOeQxBBzwJMgssRkxSTpO
+SedraYBA8mb8E1T3ZfuzS2eNPSMNci9ukWl7xSYUJh4BogmVqUDQPdtScgRdantP
+/lSFSXFSHoRvte2aeTP6YVIwa6nYICnTi/F10++LBJPHBTWDW/DVjn6zoV4WBlML
+zx8C3GAoXDMP38eJN+Yld9ApnlTfVv+yxKGJpJSCy7fDgjr6tVMMfMRlm9CJztqd
+hAEVFRhX0HbRYnuU/vcQH8lk9NYDCY57+8xazcc/NdYthZANdRVOX0MVWVhxRrGs
+QlBRKL7idcwEFwKCAQEA2H/i1q/oXXAsJ/HdCKVg4Y3dKG3XutDNJOHw7UTPOQdO
+Vr8LA6hit+D6zkRlLyGFY22XqlwY8ae0lWlj+dCAbfefdIoNQwXz/K0F1ofz9CCc
+qLBBccrvoB5+Lab9Sk7YEjxKAt8d/6UXk19OSKJFxxn/s2zwUtKIl+0gkKpbKLFp
+QjP01B45GhYxHvwDTn3odittlaFw0VilnqDb5gqm2ficWgt15NZo160p3+f0MpCu
+6f3umM0eRpLsvZxmHmVQmyQGR+STD5AlMHXAJjVoPP7iy8EOnrgGnJgY6uEVTEK/
+2hZ0qYaqU1rPveXSJ/g8su0sokarwKlOC7iXa8+07QKCAQBm75IdVE5eXioKPNFr
+wQJSRMLvMDf+XzI/Kx8OJDPc+m59VibsEqdz7dcjrrckKiV8uevmvGdIC/9hR6kZ
+BYR4+bYYDVP1Ez+cZ+xBF/F55odAAd84eimiDnxCDoo5qPxGB8UBH94GjcZpwRUm
+vBkDDZeyQ9DluWmj2MK8PCVqtmw+3JkzYr/gWEB5PzomiQ5blXefTt6Jfr8L+pTI
+2NV2NXyITcG5kcwZbBmBaOQIszd8YwYHrf0CJq6MROfcqEVUu0F8Kvd/L52deNd7
+jrqQ0xtppufrHlAqTRSWsLNe3zPfzn+8x/4EcUba9hJFYdfcA8YsULUWdxjfHigE
+E+4dAoIBAQCjXq2f75HaoIDRi7ONiK44xkJy9aBq+pEzGcQiZ2Av2pGE6Bi5o+EK
+fJ0F9ZqdHCB5zQM7rM+t2y1r6eFla67eTJNo75veTam1rCLRpjmyqMFOkeJwqgB0
+xU3VyUMtRZ3K9O+shw0uEjheHvcF3F3nRnkrvjMDbJdifa+rOsIbTPTu3iILxtq0
+ErbyeJ1OJ7i5I0BIP1DQyKIBt8T4LGWH6hCh6jAGhL0Ms0D8Ex604XT8YYAgkfgc
+rVY0JsbwfOd8ioyqx5MplU5a6SAcNQT5siUWOBJ+NsPWeveilkLqDxySx4s1Ocdh
+qw9Ebx5MxweWxV5+/fExKxEXyy2IT25pAoIBABGpeb93kYkzbycwkJl3wsqCPIby
+kHwxWFpc0B3w4ugZQAUYt5EiJtLCiKpBqjm+6/1Gdv9zAJTndKnKPeY43gSjTV3P
+bObZ3X7X8UuAI9yJ1TybGQKmqlPzMSViBMLu0JaOYCyan0CCSZUMB8Np9XSGkvwN
+dgG9jzxqj6XvY+z9ghj3ffhB8o43T/VPIUh4ncIHH6dCToaMWAzPWAbAaIEbAjnv
+zqGFToTirBHQguS9U5tmrUxgwdeZEXKt8UE1j/GVirAngnNiImigeUfNUlovmtv2
+CJuAkxzzREpVNdQUVn4+UnMNaaLs8lP+vVqL0ojBRGN3eZEQrvJi4LEbCDc=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_4096_des.pem b/tests/data_files/rsa_pkcs1_4096_des.pem
new file mode 100644
index 0000000..5bcc71e
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_4096_des.pem
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,2B0C21459A0C9951
+
+KN6p9tJbTD9sZ8jVAp7fX8Sug6XqCi8YF+oy0SB9NeHO+YBDGJDNtWHSMSKzjbxk
+r5AN+75uV2pEoRrLyYaWVA22sbAJc766ZQX01tSkxUX96J++Do4zUxR+GJusIUnj
+RBVDZfz7vg/qa3xJy5x3cB0iqunrGGCQJ+CZsUtYnk26V3iMBjTu/WQ+vqt2RRIy
+dwzQNPy2LWkXQ7KIoh8yDGjGtWf3XYFYQU37jGlSoOG/AVxa7CrXdtATfa/kGLVP
+fOeT4wDLjKdawT4GUhUj5yt70SUSFtisNtTCKsLGLSpgvO4KWMYOsvo6uB4jxUEF
+X5pBJLz4978DJ4N4L09Qg2DxC2JIyxZ5L1dJiWSgMVnKtq4HM1J6VFNUseB0ZDB5
+X5/S8AWwfb7gtBRD8hZc+UBaBApgU/us3AZhkqczsa35j12op+mpLGnAWiQNqumn
+iHdcCOJT6ZL8dq57qmbEzzyrcdhYtFJmv+GLS6m4YMKk4CHf9lcD/8CmjxhxVZ+x
+OkeKF/MK6f1iUmXwZl28QIcoXrTzinyLjF2RbNQfhrgI2ZUTlbVgDVWhygB1eeXm
+sW9J4B1H3zGslbOcrqdh0NHdWKTvTp+lfzTtrUtd0TqgRXErFJ6e3pKDDCDgglrI
+7lyyrG9sOF2+BmYevLUe6R8XCBIFhbx0axClN19k2OnjvCbNpVlBeyUF/vbYzcBX
+1toINEauWM2J9noi0ysFs7vy9nBVlFcrNnSXNFSgbydn73fYk2WnO5myoBBapsKD
+Ph9sT48/E7xfgDmKJ+TLyz0Jfo94RMOQGgD8qNvZvAcxTpwZRY1q9c0crCihOdXE
+qavdYIzIDF8oh46/SGSU3RilE14uHHOtowzWKc2jzD/Ly5/cHTZy+DfPd1ezL0Ym
+w34jj952+FdMMXb9cmzS9Vw3zHNndWCMZ/9tPJMRoqGgbFxcXViwjWlkyNoGn2u2
+J4InmiIbxwvEt8JNfHC8qLLZkQbtdwLKP7viz2Lmyn2kSR7fWenTDr/bwgaLRhWK
+Ii4/BiZy+R0vjR64U/12+XtdYI69ijkwOITDLePY+4SYeZjHTe2BhihhfVlR8sLL
+xP0JW7MqnFs/eJy+xe+PU1MKG/WWpwhi+jGWPiYJq7cuIwz4l3x4GCuE7R+6EF9x
+SxvwD67EhI9myx/ilzdPiPJBwPWqEvd9jVEvqbTBJERiNGH8XXH1pjZ/gPdKxH7L
+QnJ+BcZrxxrNW+xKwvkABq12QhF60XkMik3o4XROY4mS9CGIOi7d+B1mrG69Hkg9
+BVVCwVibbYyX+7+Hb90x9x0e4CY9nm7h0PrGMj0vGFSY0oUKka1OPra3gqZVQzdN
+Vb+hG22Iw36VlbGbkoEezL+ic7Hpvrl4WwAcNz8Bq5iyQLbupp/rdkmYh/JL4rSh
+509YdEFAUV60eNPcGuSnxhxB2m6Oi5ViENMw/zU2po0oZkh5XUPCin+Q+Dg58z1D
+qeWg+ZVhLMucsWeXUQiNA3UQEJde/nayi1f2SxMWuvZxsaS5Wh6PrqutfwtOokuf
+DJzWJHiMavKP9nfIj9phlomZru1R/2fWEme89rCrUHv3Kl9qV4dwRMCDFsqL6iuh
+siD1BjJ2EFwm8sPnNL4GW0SZPsWZiF/ENasiVbUhvRB6gyj9YYomimIhOIjtn7As
+6dJpKFAYOFJDXFv9Ofj9sSdDQP/4GYwKTaYGbGYo/qIDPriiquA7CGBI/gksAmoL
+DqBsSXrUCaiPF7Xc8Lji5oCTH34WQd0TYLOXawWB+oiCCCUwnIt8fClGBmvbfMfu
+5oXoVPUFSDgKCylTedXJjkUXMREvNdQbSNb9osmp81WveLz3HVU7yYksuJK2Ungx
+R+QeINhN7wC6E8JJUYtn6AvxfhLpMBpjDfQ1zOqDitye4Z0YR/aI42d5ll2ZilL0
+giof2N7Spnu0g5f1twuW8rIl1BjykiJHAkIFoTHaQApQDtV/iDarJJJ05Og1lWGk
+4s5WMwXtVJiq4QIGheCW2ho9eKjcijoUzCDvK8pfb33jTd4/77h5M8DQwzyzVIqP
+ap5mVK8WTd7NJypw/VP00EoyKTgYiRY1jxCCYtVajukg6BvLnZijP2YA/E+ivpau
+lumYhCYJj/wZHxhBuL1qjjz74Eol6J81VPAgt3Dqmj4Did9XHl2K+OMzWlDfe+Ah
+eQFEK0xhkPyScYAE59dTV2Grf+abGBxYnH8RzwxUi3/F0DVWW0lLZx3tfjfJ2GVp
+dh54pdlN4DLIDcx6tuKMU/F0NC3l+esQy6sd+Cn62pj8IoJyOBStZuG9b3fJ5CfH
+dAkjlCJwtX6F+X/3MAMYLMsFL1L5BxXIdn7F+mJftndtDRX4PuKuW2wv5zM7UiWa
+oQSKofdQFI4w5jxup7SbYedLPFu22Gt8IpLWheEjxU6tOmWmp1F+SCFoM9vkv2+4
+hZjDexRp5jidGs8A3rzwQOpnWKD/HGtsJZAMYe1+UFwGJNpz7oNM2It4kfuvVqRE
+Kvesu5Ut+2FmRJ80Y5nZWY53mZHle9GTGlJeFTeueOE+aFzpj8ghWXY5swUlcNwc
+05J3fqom2j9Zt8PGt1yaVo6Hd/BbIdXJ3lWe63CnjlznSBKWn7XpgeiJ+sU+zqYE
+vclIczNVJL+FuOa9h38jn0yblMZQybStDPYpOCpb/AHxr14EFkZJKCs5zNn9RV/S
+ypllyB3DT9fBCWed8rxAH0PQ5iYc9UNeSkfmWapfJT4YCUmzNYU0C/f7blYet3xL
+1gOXpiISdTh7ilzFe/i5d1I1UegmtTSj/MmVtT8mw1gqc6NIaFIFY+VKU6am0z07
++aD5llI0Ok3/J2YMJKrW14u8VU6oAKfSqhZRdWnEemBJiAgKre9r+3qwg3pGgBCt
+sRYpXZaRLbzmtFjI5Mfy0uB2zhB0XuqVCCgqT7WqzfWilgLRPW1PLJoMxOykg9FW
+3EofQFJZ1/jHCm0Mxcy2a5edwgjIHevRQGGAWHaOnjiHXKBhpnRRTlxsv+ct13kH
+c8cT7E1vQ614hRluDfTeQmyHXerlkSwgZDsEaJpOJ2nWnes2k6u6hRLNEPMoQy5F
+dUdCwLvXxNEnClgx8IizMJmxzhvmAHF+9//WgJS+KxB002MnP4wX8ejpnCgM1/oe
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.der
new file mode 100644
index 0000000..e064e86
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem
new file mode 100644
index 0000000..a809e03
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICojAcBgoqhkiG9w0BDAEEMA4ECAvRaVQoz78HAgIIAASCAoBiIDDzD49HEwvC
+COrRrODVgYMJ4+jy08j0yQoyjjcLRt2TCMdNZ6F6ATuc7YUQhcvJIVT8RLGxluJ9
+Biolgd5Ur3elFFl/8D4jSR7x9zmEFq6fxDjrkcbb1vK/1pth9Cqfh7FXQgD6Dlmp
+2Y1YTdrelZTQs0hRZye0YmQB/qpBs+1VY+zkSNvKtlJZqPYnKawMxD9Dif7glpDV
+ndpZvNXDbbRy3vLq8k0rKRIJQ7mLjmAA+3kgRRtUhCSTbvUs9oIGqgq7xm60mcAz
+yG4LfRQ2khZSQTK47PENsDoZrazioZ6F4d7qmB/peLWuvqVdpBY6gADecxJoGq5a
+4qvZy5srgYvOFfGi8T3L88mJc38U2WQ2s/eHsmSzC7EmXapNE3OE6qwDfn3bkOF4
+odksNaz0IoK+msaUc1eweExE97ERlNKo+XuJeO7Q3rjO4+JkFINONbpfFJoSmZEm
+XX15ZYFFkYZ5eI36zOpX4ilHmTFmXq7BOmNz8hHWwmKUSVx8JsdvpMDbl7bfTtxU
+sTzS5LIgbxpP1n/RdTRe03ALuCFIyD/bFdbjH0tzzKChV8Y9OIHFt9aLDMU/br5i
+tRQFh1D5baGV2atoXi080s4iiAm/ZN95btvLOs0C+ixHpolgHsVwrkJgKIzdQKCb
+4CSHYst3/4Q/3KTm4Cp4uslKgVD2fbnSWMmHnN70kERG2kTLkCexS/Hht7YDU3WV
+g0xSRKbmedpYJ0N4pSvpIwQKAaoBWpgUVjcWOnadLNFHz7rnpwDw5cfhWBKyOor+
+1YxRhpPCLzec7UG9dYu403ATh5nbhxnmz8JkUqumSt/fvfC7j8RSWhNIsBvoiWxh
+7SCrd1Z1
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.der
new file mode 100644
index 0000000..5a35ea8
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem
new file mode 100644
index 0000000..ba60e47
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICojAcBgoqhkiG9w0BDAEDMA4ECFLoZ7dfvmefAgIIAASCAoCmLLB9OoXC5hH7
+nQ1+s4xBIk1CEfKAJGw0KRMaKsztHCB7hQwizu/pzJlGjDHlDVNkue79C0x3rhPU
+1+894yR7pcwToUeJGkv1WGKmxOJUFJjmhnsBPQw7VK/0LkJJtaMriAyoB/3goQ9w
+9itzzPBatbrc3t1omc0BQKvjl8T6qKoYOO7sKgKp8aKYxzf51fhlq7NPETnDK2Q0
+ib1L4cVeZS8MHsvl+rY37rrscTAIunEgx8hZj704ZjBMXb+wKvLNtWhpKdwyhwog
+zusj155WD/GmqfXQyaTNu3KGKZ+1CtzJ57LC6hQou3tVvqX5lxRv3mk6PdZMeI5Y
+vBaU4lBFUd7OEtVrpEegeMnKWAB6a5y83lhrK3t8yc2l7yzvkhLOK6iwF4OEjRXq
+lZLZCcKzdVOt2WodwmQ7Q+ul+unnnlaBD8A/mScX5GJQxy7g+aczcPerMbHE4Ndx
+H/ut6J4HM65TzVXl6EUGd1B5MkHa5nBqudqsyCAAYyZHlw2I3S4OF5MElsFJYlxE
+vv5qCOajPCowvND2vWi9oVntTsbC/c34/Tmxlott8zlSIj5c2sDeEfDi3vJ6nrMe
+W7tpAEyXe7Mh/Ya6jbJF64f9FLUHMwGjVsaHSTzMW89zp4H8Gw9ujiE5E8FwsVpJ
+NLF/KMRjARZEu+uuhrWbsDQ3B3iHZ94fOH8oQn4K7TPpbK8INj/JG5/FPjTKk9Lw
+1ji/zJFD4VfKuZdoRAoMRbC72i0i0h8ZBlZfpeG/pawaTJCE1SVLEvtHKB++2YHX
+ZeDqzL95FdQwnK3FgfqfNLGMlIbG2JSuCE9JBY+92RsvXjMJRZxkZjvYL+C3alHR
+VBkyv+4V
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der
new file mode 100644
index 0000000..e7e32b0
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
new file mode 100644
index 0000000..089945b
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICnjAcBgoqhkiG9w0BDAEBMA4ECHgR0/cyo14UAgIIAASCAnzDfJIvSkRQKqrV
+lAzAMnhd42XlhqWAJLh6aB76LIWVmepDkNnXRNX0W1R+XE27/uzgs4lcovW5hU40
+2HZlv3R0u9MEvMhadjL4ZWS94143p9y7P4vnYembOcc2WnlhFaGSMLFSwMI5vgnL
+8xz2P9+d8IuxGpFSgw8S8zchg4Ewzk+0nSdG0px4T5K21uhsFzjvZRLrG7XXuIee
+tKluUauy4diqA5jrJ1ShmrFmNTvtzAPfMX+QohuY8nhRUeH6bx9dEWpbIq/1K/25
+1uIdInZff850YKRQpK1IkinW0YfFxoA+sUGvxs+aDecbq8w3noaRIjJN7r7ipFEK
+dhdehOxD21Mq7iqsujV9RJxAbqkuoTfECHJP6N/Dmp9CY0wpnE1lnHOTZwCWqDPh
+aumtaFsMxJdNPZ3M5xmGInPWnT3JpW2hwtoOF0Vb0pP9VSfo+3yCm9b5ipFvcs8C
++c2MdK87zSqFvKc19cuv9tggguCzNjAcECHN7pgY4VId7cWMK/y3k4mk2C8hPQDw
+S7gm/n76BSxjZFjs9ZQn9n5meO/47ohgV1ua2WICPMuPmzz+IPJpT6mQrcPTbzm+
+nNGrBVRooPYwnHPYKGlPJWkfFzsWnQ6dRgEOcM3DJMfU29QLHmNHu0ucz2k2f2C2
+AHB1EFEIC5Rw2BxH1x/gqYlZAB7TCHZ86XWIzbYdJlyNjb+poXNczLvghpvoIBC6
+dxEEsxVVzRYCRbmLtNTdXa7XfQfEaRs5GR3qrKoNNDzms11btQWo8eiZUNIMA6sA
+i3Qhs73feJ5P3hup8Kl2P9N29MuAjYsS2oeZApjdiXAzf5IeFaqTQRHR6Vumvn65
+TLE=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der
new file mode 100644
index 0000000..9c33ac9
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem
new file mode 100644
index 0000000..534f109
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6jAcBgoqhkiG9w0BDAEEMA4ECA5GT+CJ7KU4AgIIAASCBMjIenQGGZ2PvUzA
+9D9eyOS6Tnry7U35p/WsQ+DOp6p1fniIWQmMj2s2dH5+rq1N7acCPEpmTLvDZb0e
++YFrRQU44WuwAR9itfpvr4/yR/NzyvlGlDqY2BiJJIRc9g2oQixBLcN66GMVS8YF
+Y9RadQYO3gMoR6adn3Of/6nxDvzy+4RHegXE2c6i15g563nObozLemnnThM6KiIa
++B4wOHbQD+ytp5D9oX9xbW7rK5v+SH834vlLtENres/Fr/DMV6rZGvYAPkJTxEcN
+5eTTKpeB45xAZ0DLd5OBrBtVQw/33NIHR6unWbQcD7/Tyb2UvJEwf3RvNQ8LlQ1P
+xwd85NBB1jNJ3cFMGZYCGL24m72KTanGdhuzBtXvaAEJe7fLdhtsDhJeD56yFMGX
+2KlEvzgvIQYBBIqIgOsnoBAqXg4QdDN8GRc43VmnVjd+zMmQyq30Y6S30SkAs1Wt
+lqoKw+HXSLVn3dt6fH/mwM4scau8r/qQxhsw/YkTXspGFvzjI34ejbh7kvlHe57o
+1TyJMDcKeGrpC253TJKd5xPnzY9vFQ3OuoLd4Xt2cDbhz+EB/A0IJzRRxPE0Yx0Y
+WRU5Y3I1EXI82Hv/DncGFuG91s+OIoWqB4ME9qByec8NQOH8h4Bz7Z6XuCINDBwN
+u1GMAsocVL7SwaYdBtmG3Vx3+tFHj7W9IdFBd80nDzavoY08BTJCbfC/P6KgMj87
+oVtl3iD2yecfozPg8ffA4oqTfAW4ACbq6rU9KyETOqNPlRYvqcs8yLK54MRT7hMN
+HeT32iOhMVdf/rqO2F3LasYUXY/MY3LFAlBaVWOuXvZ2sRHxDx36G0wyl5kA+Gea
+kUftk2h6VtzWywQOzDetbYkSgNW3L6SrrD//3C8Y8vN1s3WB61flF12hR388LPHW
+56KjT63/7fp58D94NotijYmXv1S1Vzu360hRmrj2+AsgInfFO2ldB0jxnSDJqyyK
+D6SSOEY4jr1BvtZT+FNYBPCJyWiEuDedN+BPpo3arlNRG5uxttSQrXhXA9mtGFBL
+wMxMdigt/+KKvZ/4yAmQjfm8JC3kDNC5w90t1Ky8Wb2SqCvW9tMK3whex8tJrER2
+UzAXyjSk3xngsbgopr1dsNVcfJPtMbPFW3X+pVqhwFgN0sVThkXLt2CRS7NTcOFL
+mRzDjUphbX1YI5jiERja2+SOvqHvBbzDCvftR46W6h2RZIVICqpULS1Zz32nro0g
+4fRBxOr4Ii3bL+wZx8uvYBDws/WjfWeOhDSyUEJx1pl3DnzspwP17JvdMvCoaxpA
+qA/+wjogVmyMTaUO2tseo+jKf7Tp5Nd8P3tMelFVI1VxARUV/KXo/gllwYW/aM5H
+8gzV5PXZXR3hKGNi+nrv5++JtddrmyisUEBVyBTDqwZHl1KCwmfZcFvsBbNOmdXd
+SKp8Tqd5QwmgcOmVeTl9YxHhL7/3zNQB5F8V0ZNDsEXiVy0+UEEjFj1yLfbsl+2D
+vWSl30AScCrIsa81iKk385wlAjftaO1XaR57ZxoDiHvG0ZJUtOV6YmW/RnkQUPZz
+9+kMTdCjmcSIh6eF7AW6XR3OQ3tTqxLStSH8BUNM9RYnkeBCn5YPnGmgA4rI/Oo5
+8Rsd8ZHYYP6EVbRqqV4=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der
new file mode 100644
index 0000000..28162fb
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem
new file mode 100644
index 0000000..bb9d227
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6jAcBgoqhkiG9w0BDAEDMA4ECMCMlAMpv/XoAgIIAASCBMhBuDiyb2dI7UGr
+SSjkSXankWDZDnnu9ctLQNh86M63CcomlJelhpPlYOGiE8d190awlciHVdd6bqTK
+TeMaeGGf2fG1oKrbXwTu/dhdVBXun82E6XYioHwaz574Cc4FE3zTX5AyiXQuEVpZ
+aiMnwwpH9QuurlxOPxWlsv2j1bWo1nkenM7itJ1UqprvXZQRZgvfyVzLrW7k/T4g
+MYzoowNNHzuS/IHaWXddpMsO/BGkaD376aSdQtmp89Xocq4ON2o4pjGs0r+iQ5rz
+/IjdbNl6vq0KOP5Lkwob7Cl3ROGVim08hYivCDgxFFuN444n9oRFa5HcPkTT2uI4
+JLkJ6UtFfziXkPkMJAbYYNtKFp6XLnQEZ7IZGttGBwuSF/b19e6WIjrhkmc4PtTN
+3GEtlnn8WeiohKz7zxINBAjGgH3QfL0SZnJctXXKArJTkpuMcbhvXIgR40ZlV12n
+sF9IexnKbhCANkUd09xsDYevxes//6kyXKBvfw9jDNpRqN5JE/dfLtWZz/VdPfGh
+z2ZNr/YCOpK6aum8GlPF3XGh0+5dXlRm6ODI5swGqLrJD28E0RBL+I580o7WLJKg
+JJCycK/Ny+Bg4GTtqA5jtYihP8oRARdTHaDplujiGdh743qn1dGTBJ+McYxrPUQ1
+wWyNvEfaosF6GmZtFI4Jtp8rleLUmzfB34u09hzf7LgzD2WI9akgtDVH+sIOfXr5
+2iQUdkXumM+TGzCHso8mHVBKAWFn4IpqbpImJcUUcg3NV07lqtwOR2bM0nYnCQTx
+ZSxtzs8dJxCGPPYPqmZukMSZfUHVN6zDmEpHbzbEgDbUTdmtVy80Zo7YTzec9fqE
+CKlfK+6i06YMncZV4uqMzWUtbENTCX77w99Q5pQTpVRsaV9dDCgn6m8T7zxt7JHC
+2uyH2H0Xk7aYQ3aeKqfwmHXkcGIexkxqJkR0JOcRa1wSEhMWnkoN1IPPA0HpcuWL
+/QBI+Y2ZoDBjQVcbtB/VlCe6lBTBw+4Pb+fOqdt9DXgqMhoBXeeLIA9UZHef2v8z
+cHT02+QpLZfdf8X8hcgca+kSvEiBrjUClivM5U1RcG7uE/Hqc0JE17B9LboRqzyk
+MUvaWntz9HR09Z3Dlrvz/rBcVYkgF+tiLESPlINqnRLUsN+/xn9+VezFizO0G39X
+95gO9W6lwc+CAA7iZL4+yVzfZa652Yg2eck8EOgZ2N9r+Vd/7rPsv6ysGpU/7p/z
+96zCPaZ5FRzVUrh2jQb9ne8SKr2C08XxAO6pqvDEJxHBYC1U8dvki3dfbyO/rNei
+GzXpJPnIvIkE1++XxPlWZz7xFOEP5qufivzm+P6cGCNbme3mY64NYhNsDox92S6h
+PtYYxdjGrp+de3+vRwQXFkt8WHxg3jxBk1H06832rdP5Nx4SOpPEhFv4xE46oVr+
+WcOi7h15De6dk+0pPZaBffBj2eZjs5lqdokSjyS4ScCgMUVHz/Emq6XLE51C2SOb
+c9Zo6w6/zxxfxoXJ+CF8Srmsn5H7cw/tqnTZZmOjsLw0Uh4LaHS5BIwvqfB4z1EU
+6RwXSVvjNdZ+7uBKtmE3rETgAneiNSt8JWvpSxV/deq1exseugi89soTc+ki1Swn
+UdVwFqkfgdODn/zZGp8=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der
new file mode 100644
index 0000000..7ebca11
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
new file mode 100644
index 0000000..ad926ad
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE5DAcBgoqhkiG9w0BDAEBMA4ECLSMnow3PFQjAgIIAASCBMKuiZ+kNidmdRCN
+EYHL8FVAAPRY3RFrjZfqNK8XHSxaZzLWjaCQj5Yv14ALjs2k34Ru/xvqRfamN4NY
+M1MrPt7sUSS2jnDwm/IQ80vYYgmH9zKexVTMsZQ2CoLEM3ZMLm6wCkEHuuFZkQX4
+Z0EbnXiWs8PpfrYxed8BMT5o8cW+yiixxMesyj1x8Bgp7r82ZpVZshhDXlnzpbnc
+IiSaqe0obzGZnNu5I+/bXTbyXiAccLj2BuNqX67Om9LBqh/igwNpHQpNIaxmvxqL
+MlqdPDjRYN0qe4d6JqqnFx1YzdTiRLlAnHDnK4G5mZwb50Nixy5mrgI6IhCrsTHQ
+09/yfo1jHR9ido41Sbu7PcVxn6/gzpNVXgwDOw8ia6Bxq0dDnLH8/1IawB69DiSD
+wuNSdQcBtJy8hCZN7wa6uNCzTclvXLwOtTJ6D//UmpFRv46ZYsK6uySwFwDOeDrW
+AyuSoKd9C9cedG30XAyVHFMffkZYCxT8RnQuLrouUwMdEd+7qeApQMBw3InyII+9
+ykhoO1qiH5wyehNFmxEjQUTIdOs8hcOic71FggJ/+bMTnji4ukdPPKHBSdwPjbnc
+qe/ch/KDfIUNyy/51uNMjSdOweJqG9SIIlfDG6Pd2bMFkao1Y7VsG4AM89mGYIWo
+AJDuBrl7AEsm0WSVENyDa+7qjKsS06pcFG0JsmeZb62SSds5+/Nq1Kn5//2ShpHd
+SA1NabnMn1fpCI02tc66igk5isjqp49o3MKguXwiIjo8nGM5dSy/qYSkVhLxVTzz
+ovYhOjMoHRFYqfK1wxT9CExLz9+CI8sWawh1/hDKha2tPlhm2S1OabPTIk3Qn36W
+aCbhGXYWchILReK0d9W6SJZ2v4uNuDjbye6qrSmCHBurCw17l84kBx0vFTDDW80q
+VB3PFUOL2+XYgk17qagMVJHJa5s8ER//MZ3QDO09RJktusaKClR4kE9xkZFUQHF/
++U4L7DyCtGr1ajdvudNXXYtlD3QoZukrsI1v9XGXPWloVRCU0+x8VCcIKLbwLmGD
+NCkeaQbOypRiPc0WRdJnwsjBlDC2Icd9zWLH8qnVBA0b2TGh3amalsUkEy9NSuGT
+yDIt05uQP0rX1T1rohMNOWHkColtcc6ZxlJuBReHWhF+9RJXPBtA3TmVgC6x0GVF
+FND8DKWHGG+7h/0DKD9r5lRNqhagmQnqwoUVtn56KtazUtrscAt6O3RsTU09Ys5A
+jsuzR+O7uTT0SHr/24YtrqNnXumJZZHayF6T0xpn8xIhWULoAjm1e4EQh/THcMYJ
+PwriuoXZVWZKLeSlomlaV6BD285eTjmjfT5SKv+Aqji3XA5PJXhUtEA7x4kue45G
+4sFWW9eCMpxXecJhO4Dwhk8/dP/3iOFTY5tHtT4OO0c3klI53O2U98D7781QIEkn
+dE3qsTXurM4arvsu7EYMM9ihrqeQbb1pEySfkdT15I4bCTFRykYI9ZIZ8iUgFtAg
+TUP66e7bkv8sxZLHKGpfOSUR+jbQLyahtWz7+EonSUYc9AbErXnnXmZH6mgQw4qd
+Dgi9i5PGWr8I2xz8l7+H9G2TbueSqLLH9ecMRfey70W0D/nX5k3B+SmpTSqQ3zvk
+k+pM9bWevlc=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der
new file mode 100644
index 0000000..6d654f4
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem
new file mode 100644
index 0000000..28008ad
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem
@@ -0,0 +1,53 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJajAcBgoqhkiG9w0BDAEEMA4ECPkUjozrjcILAgIIAASCCUh6qXN1usH9xFF1
+BGJOOudiy+TSxZXhEFx5BBhUo7QgeixZ8evDOsjiKXeFCaLszkdN6q0+a26G37Vz
+Pq6umDbE4lmwt4WSfvwTPEKmb1Z0e3EKiqJunjigvCASaxsnU6YebzvGAcCqiCHx
+PvHLME/5zWhrBWvsPapGZMIOplXuZneQz1wwtLeUtHdRE3DNbbBj43BhRtNu0HA/
+S3WtwBVn+pzeNuAt4c1skQzp4Vi5wZtVxbw4UZPesK5K3v3rw3irl3zI5MWb/Oav
+T8ZDcsGmOEnDJQCVD7LnKcXXwSCsvkFOAZ32UikX0g+htY0AX1691Dtjga5cNhnW
+Vo6kdAO9JzrYTPgzacldbUg9DdOB+Jf2fcUnFtQEG/t8jN1IroswiTkySQ8FEn4b
+ch9CFvMJmR9yQ/Xtb2E30CzIJZ8gcfbR+kIxtJaowSB7N9YEFcCehfxH+stFifU/
+O1MW1k6H+KQ4OFMChRJr4ZDQxGj6yK341G6sJn8KV1/YN6mAdjh0oYkWO1WTKIMs
+MEdVyrP6RU8r6tWppS8J3C91qHBp5Uq7QQ+S5cgYLB4C9Y11UuRCePdGx4rx//aA
+ibPWNvnI/0Y9+76KpWos+QgcRvkd1xUWN6lc2p8W6BNW5a7xGf0TggNaGy4PQ5Zu
+oQc9T6c1OKB00Z4CKXkLV31whq7UPcC3bi0VT3hRr0WBI8L128QhV00WqwKpyRsW
+HZb7tnkm3fU6hirLrSb/nmh/fQ8E2wTju5LvRqXNdjk7u69Tfs30qgYlDXUtGd4v
+MzM3Xpw6he1QirK2jYKGX0aNcarc5eWHm0hc4HelJO83cQCaWv+CHcNl96hix5Zs
+i+ME5L/C3nJ+5xRfsMdceIggwWL4ZRaH/8zMid9petOqmkYausQgbBZfdW6jvNxA
+BPjV+rJDD+o0SC82ZXBK2TDNRVPJ0TYGSjh4fUp4yRpM0I3UZV0eOl2tTu9xwBJu
+ErcklEDfu0Do2uD+w2dV9fU3fI5kZJQWNfhgMqUumbAl/pNpOAaU/WxX6GynaX6x
+NgntoNIO2m8hzev5ORdxcRm90cdrtc1gBqkX+cKfepDE0tr21/8J1cRcgGc+M5tX
+jpHCJWl3wgnfQUfJam8KRPYEzVFQg+NHHa0YnWLihAi/UwUegjekZbF8LNmqftEh
+OU+PfluF/kOecEFiXPlzejlnzZtgpDh9oev0fJQVkH+1zDCMJDmTAyYa/RofpVNh
+yslPPMVMvbrarrZUR13EcdHgq3h76+wrgr5afnQMkCduVuTrZv0UbJ87Bj8L1Q9l
+AcwCtuP9ADijvOGtyv3/TVFxVkwLhjMJrxd7rr5pZZ70O/zaZK7zponJ/ieaeu8Q
+YanLTkLKDXk8HXBcBV3J4FJ5s19JKMLOWFde/jE3/+FN6drUz4D/oKAKNzzAYmKA
+6TWmB1ICmyXubc/oPiwNFLc/KiNcIL6k30d0ezPOVCQ+Wvu4mM4vOCKm8hxg5rFm
+yn+KO3wLYi3T/iT6nUYGUpjTvEUGjvn5dwRcPIA2TgQNxJy+KswIpz0P9GbjRVLJ
++Wb/c+wbzLzM9KgmM6IYz1+Bzhmz/45iFhZBjGAILxu8G3hOmdoQJFePwqkehHgT
+6L49fJ9niPkc3cUsRCMiY3zoflV0mtiworxNgaHEq+J6bRcSSp4sRNH/AGrG6FHa
+dI/9FNgZwSE6rMvE3IxVCwlkF836DzRvlcELosS12KW69pNZokbONc/NZBsyuWq2
+g/rjVN7Iyx5TYt4DUgF38OtZexgJzgaZeKJh8q7nvThpZo0MzbfL1ony1uslmmpx
+sMjKqGIPtU/Gcj9eSAQqBY5cWbNOUXyC39Akoe+YVNg2BS46s1Oj+IU0d8yyMtGs
+SKGlsO7EuT0Ndn6ZrIXMhWvJzy4XuAGmhdpgeDkDHh6iwLEHZAqGZ8qbgO+UW+cb
+pn2o5PHyCiMjkX9M04GzVSKQ36ULapXlqEH6PP/rXz2aZftvMtWZjaygh3240gOH
+bZNkYKwe/yQMprb05wvMU+g4pKmz8g6GZ9/ddvSBxDuFc39iwiukZTUA/lfER+kS
+c1vC2Qo0/aPXUWXDPF2OMwPYzHdvRgZtd3y4no6lzl+Mmsx8v0l53+ErBWFvxX+b
+2jRwxJroalyZox9HD3XIb2nl5ZBDdGQ7C8WpSwlJvYDV7FsOh7ijz6UM9iQ8RKJv
+6HYoWLAZ6Tjx1KJQ7j51wUMMWtmy5ktPCCphLYlHTyhLGNAuYY1/y4dSVPHtsjqn
+bA5WGNwBILDvi8tJqSOgbkqQCd4zwZG4LgLp1yfrITX9Lq2spFnivRug0LySuTOd
+/htruYm7ArA1GX6xzihD03DiVnWU1IawzOmDhujFwkwlrI+zMFuVsoObocQkEPTr
+7Z1dQhafMQhHZ4LI4t9camcB3ytCEsGsURFnATqYsJGc83a5NhSoqSP4b4AWlMye
+vOILcaoOW+UpjMah7+MIahz0NOr9YKpCNvgM4WybKcsWVjer4fKh8GiWowoHEQKS
++RR9OqfGhIzcSoYE3yxURE5zUB7dbvRtWhIIP+NW03eL+kCLbKK8QY/jsTm8kKS/
+tKZIv63xaA+BX0o0Uchgf9bvf0Nra5+CLGb6Q8NWeCnw4YmwkANiv13eeOzepuYQ
+YldTRYAxxjGLJqxBDPb9MCVBB0G6cXvk7MUNL3MChG5bGZqlY/UkV7Yyp5nLiFRo
+1a/LQKGHtlbSaNgyGUwof72qfNQZshbPvT+v72YXF53NkzxZzjA/fxp6qUd/Xhoa
+HEXILcDRpUNEbdp1adnv8WMJh2q9X/D2qHiCxMJXsQZZEXjuILtZzjqj4cuVoPxZ
+qfzGHtaBZJymol95iqcYXpYW3OYDYUJDMby7mEENfyoYA+mYx/7qlVaLBPScWZwx
+NTOrntNRYrhLcabHsG6iT8jGYfpAw5Li7YlCMIzXo289fFKMxTUB5ynpPkRRxHeT
+AW1itLT3AOsg/E7CMF/4ePe8T7bx/2Mj6YlovE0L2n9lu3AIKZAkdlst4qS1gy0K
+2pYFJn6qIwBKVXC8RwQxX+nBOMFxTbrF0AxZ3Ff2IF1x0+JimljBFNr+ZN9I78sQ
+lJUtQrgooNSYZJ3wLAZ8DrHb11dg6EsT8B5dtt3EsnZZZ1IHFbedAP0JxVxTTe0+
+7+0jri5fFGtpGIDCl70=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der
new file mode 100644
index 0000000..b6c8249
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem
new file mode 100644
index 0000000..e4333e4
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem
@@ -0,0 +1,53 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJajAcBgoqhkiG9w0BDAEDMA4ECLM+ZvfOIzTqAgIIAASCCUjfmUnY9iRw1tT8
+WER9PHxdcq3hHQwc1NE31oae0fgzT7SDLrcQaoFsiieBa5DpCszjxErG3xlCOspm
+XPHD2zGdGu3tKfmf0ZhezMPfREg3OhQNDn82TIKEbs9bxvDkSuKjuDGGohWGNu1k
+8eE5MfkrWUwcz2mGhPjgM0vyBJkMeMioZLzoccwgSti6AAwo4f6ITnUjbUR65VQo
+l8Aj/JuuYmnWm7v/eh+I+4fkXHE/DpFRaIPrhzY4+EhgTLSHvkoEEnMGACS6AyQw
++n6IZ8Un3SkDPv8laZTUZIRRJVFmC1e6B2KW/Ky25EhnahDNvGALTanYdsvUFTXb
++dr7HAZjAQdWZGazifUNiqGBuSTXy81zK2NJBcztsAqaELWEufvGfBNngcXwgqN9
+vw4XHkK6mbAVCiVdIO5gx3z30LVdQLeXQE//pn4Cx0cmwXcoCw+5pIaTHQe5HMWe
+4+pqQ7igwr8zFAFi5ClEfQP0L2DlBI/Wg4mFEP6ROW9FxGg5+9Sy+l3A7ke3lh5d
+Ed3N0iqMAU0Ra9QXnqlArxwimuzLLleV0nMOL5jtG0qDWQhx5Aqb8QPkN4LGrZWI
+VG7LFfPxFXFe8LlwI2n68CXOwYWAS2v+8Z1m4Xe+0ZfNMk0UUWhigXDmgXihRkoY
+cDfVQxR+LBDoYcTXTVawP+YDyIeVz5X+EaRkN0m6bC8zG7/tYBEafdqjytUrtnZw
+za+CfYRNPT5DZfURL32yKOSJ25PXUGfMt+shITmVCJakkIpI5WzhOoXbFVSNrNDt
+3jhzgcSVOge0RCiS3iXQLOzhqLJHc7BkOkgRBw+HR3HIpmiXNm+GJJdVTxJYsdf4
+REIW3tGzC+77BXdgmI8bvOXTvOkA4aEYskNGzoslqpoIvcHVjliHbHcjQLkOc9uE
+B6TB2qebX3GUFw6PtaazBcCs/WmFooprn1k99+Tp1ZSNXdfXMaq4IAkrixJn2MRS
+T4vhzF7rrNQz/x3ky8QnFTvVKg+Ruo7bgJ83J3vuPTDZFO9RPTADjETA5FEHZTtP
+Fj9vcPDawNwl2ww0eeqhiM3Lx/nGzz0+8DRykWAX7TPQdHmSEF+F19nhMrdls1F2
+b//ULjF5z3eV/qE+Rvjl8u7SkylXPvKbtVl1MV0us4tbwEz9pOViKk8sViISj1Gg
+RzydfhpuCq5cFExDvHbUy0EvOZN6tq/FcuQa02jqVWybmqmQtVUhUX2Cgn9EVE5B
+KYGj2od5eRyx+1Nb9uaYz7WO9hX5U/zpGvZweGgz7+/vdt+Yb/zTvP6beyKbJVhy
+7gvBiuQcSV29bSUu6wn0IAN+34eMqkbhcS7F7e9/QVTNKaKF6Wx5jtoTUDp9iUlN
+C702/MghLNKp4g33MkxryxYgVTbD8YuLalwQqzmytE7AnWX/f6Z+px1Z5aPGEfPl
+R+DgvWWAptmb6NtcwYkue76dxy5PBdBsaq4K++W2CxdU0c0yj6I3X3ukzlPWz59R
+T6q1ArHXv4dkMfa6bV0db83nldsypXN05qP6CsMrycGQlYQHKlVRjCav9W2hCKyp
+nJvL3WTelGyDrC5cRNTZ3N8peMmWVazF49LhMZPpOyRKrvtynmRyB+oIQPe1ncOJ
+8VOszefTLpzaIvJsFcygDq8ukZQsLxhyZghC0rKltaeVNYrbf+c1yZc7Xc3CTigY
+YCZPNgIb2CVBwxCV+BhfpYAjCZ5h2lJqt32JwxJcc+c9+ZXO9hvYXY54Sv/ccK5D
+O5TRDlFmS+PPg6H96LoyOYKy8BGACgTAIQFSNpOQq+LCDLcdxpsUxtfdLTfHyu4k
+0+vNterIJ7NW5dZAU1rs5s2Kv/bIglMrYMUPV8gsewQTeHL4OwtcWgMWjgeASTdy
+PQZCHw0l7NZBugUYwlMh7JiYerLhiAn8CoqLay6SKpI0OFhSjFwc5AIsSsBPOX+o
+Y1kPWqzIBeaHOJYHyl/y4fvCz/8XC6nKD2wEem0i50RUMfZqAX/JHmEe2jxkECgI
+XDIWPPLjP4xmb30qTIO7zsOPCc6RUCcPfjaTWKdvlL6GE4mUeS8+U4P6KrwY0KzA
+yNKaGvm+QsET8f4YYma9h8Qtjmm9obr6eHIAOhw//qd4gniau/4xo8cROYJXOYzY
+WMinLRNwO2U8k2hIzzH4c2G6GQ2+4PBlJwjpDj3OX4wG2O86IlTgWC9R/qoWDVLr
+6uuzCtfc3hOQvBhscOBuwQdRH1h5Q8aznHzafovJhyuUi/HywcC+EQjuVnlEUDOH
+LQdPczisyByRn7tgZVflKsgsKGRWu38LiCYJTWNSgFTgS0r7vPXf9sGFEsyezHhK
+FFpUMga0NbQ+TgRv+7jDgjnmXu5fUrl/LdhuXEp8porhLd0QXNdfyd4xssNnHDAq
+nN9SlG/VXqZNe/FX8Nbg2dvaXAm2Xqnfss8NYSpHdlWQvMPAjzyqictqjP8lKCK2
+BQ+ryu3Shq9jP1LoKbxjR9A1gZUcDe6YIcAUn4vu/7ehmCvbZIMhDwGCbdrabtrk
+Y6V0/74a6lih0BoIAn5eF5em1wFlXxGVl+F/5O8IZv6FvpaH3DZTIwqUVRc08eai
+2zm5OPNLlBiapfLD4jOYi/RLWOEn0TVOjZCPLK+Ij9+I4zhKR14kGtjuwQf77Owh
+8t1pNW2kuxqtAR6XniQNlrzraeOA33TagSaBmFT0SuM3Mt6w5iwPTZ0GMnSAKCxg
+93Qi/g7GlNgNRbWEV7yW5BJcVuem9Zzq/nvUPHQ35MRhAb3LVf4JDX78ipKM5nuN
+nb1si+4lhxll3JK7HmTG9vW5VgRCdslfYmgLjVGGQizyoCsd/H3++7AUskDsptOG
+c9iJtXE2RbW/VW8e+4TvqNwDCrtXGbLtw3GGyRoPdrAYOpABkuFoP0yYtvwM16dp
+2kAvaIntN1aZbGVblJVNILv9SfmARchemI5Gl86RfyX9XyPAZ2Gma2QTXgm0f6An
+BOYpqHE/7E4tEL69cyzkJjtjES0KqZ2BH3UXQNtuewo0bx4u9FSt5GP1qdx5v0+I
+stI1KFTS4Pd97LdssbynNJsCex1ns6zXE60JlppXkTFInlor4bMi76PfjKYepQtJ
+qIw+cDvt/u1KVQh8KJv+c1xQuABJk18RERYC0os5tTR81UaBAiqNwttJ4vjcC7Ku
+yIu5YIqzVqms9uKNYNw=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der
new file mode 100644
index 0000000..f3bda63
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
new file mode 100644
index 0000000..53867ac
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
@@ -0,0 +1,53 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJaDAcBgoqhkiG9w0BDAEBMA4ECOJxEWpN/HEEAgIIAASCCUYouEt15A4DUZoG
+aJvr19vCKfGPErYDkh1fI9u04hDEKCdb+Z7oxaqXQ34rr0H1t8/SPdhpvqms9Bsz
+3nMIlgzEPnppyiRLCa4Ycev0jtA66xkxgGGXnA5uxZQcTOFsGDR4gpTn2hi7//BO
+gHhKVDbCd6nShZkNgNUe++tclNg65Fmazm2pwpnCPfY9TGnou8bynMrJrau0CPB+
+v+pI3NR39yxDcq6MNII542Ma8bZWE++WmqmSXjsnXyEV850Dw4j7khbevXlKIh3C
+fsf1mb1/lUc+8HtsjFLgBS3Iag2D/AfAbCDCY3wWG5KcMJk2CtNayOAmMetL7P1t
+S+i/zTmqAeNVaUF/6ciwY8JNA9YHnjV/0LH04I1Dn1emQVltcqKJahDSoxwGeLD0
+lv0EMQ9CBRHqdKKVaDjBJSqLkwQzLuiqye6ZREnoeIL2cYXDqWoxZzjtxr5t261F
+jl+gGBvAX5RRKz3+Vj7hb8y4n7npYJYXk+CanrsTblsBhOMaFhgup+Vd+UhHGQku
+FqHR28bHlJzxgUvlhYV/WdMUtHlGHvpax1Zo57ToC0JxlX/o+lPHiZvvpGZegYOe
+Mta5f4xI8PcfVrVbfpHaEnt+ffZPtDVZUfhfZwlMniUKX/kJgKGdtpnrgm0wefUR
+ymKmn4af2tY/nT828+pOBcRY8WV5G5EPthkA/EemXTor04bb9mglX9ZJ78vrv0n9
+XaOXkMGYuj698Rqkx5BtaVX8EjWKnknHn/GOLSINu38UelRDV+xf5GQyDQREHsuu
+Mkj6AcygD5eP0p4AZZaHw9H6nytoZ9SX/vhUmRTk2vbrgnAPwRBFnZy6S4mipfFc
+m82EyC4RHklbIriMRRY7EHamBrUTg+8axCqBWY1jtSvTXwm40ybpigsiphtbcaCN
+9hT13VfVkglyQIbmxvxeoo9McgKv2BoP+0i5xIdmstu63bcHxO/DaMXw9WPOGgdm
+kyFU4MwJZhvk57H4HwleIPXXJd93OJ0NNunDgBWxh3mnKqnM9hpit6ljjl8y41RC
+QvJTO5cR3cKuzPpzTqfpC8eYeXiYChuFDgXKXubGE/PSSzSmU7cnKUrHAOyrXlD0
+EdCZkQBFF0gnLksVSjaF/owORlc1KualcD9ahOgWoaup4MqlyW7A+BHJ+f3Iz22z
+oezU/B/FGPTcRc+kEpPyIHG+98nNeh2N5nmY1+piXkJCsq0WdcjB13t8MHLLGqQ8
+shUpiKtkwtO45DIP3xVykntZsPb2gHuj2JoHjXYnxmZ7MRVbTe+s1F3xpITNa+G2
+2Yorp0zqVrhNfvtsLG1i0XdOwockHo5k+dAFkNngJvQVTwsBUw/gqcDwgkoG0yKZ
+NZTZDRJDv3yfopbIvGxmXBj723/OcR0prKLHUc5qaCvK5y0rvM7G+Dg2/W1rzRGx
+9IjCOyZzkUVwE9vKZO+mdsa1zeVja1DtU1sjh3k3+Lw6P2+LcVZKWI7IjJ7vcNxt
+XRI6+jlaR3/ht++3+ADgBpZUVAzBwiKeaneanFoiu0kbXv+G74bVDXvKLTXXbynv
+0mabkp8cszm2wMehp9WuqnBKtAot5Q6sPg4i6E0si3LrdDzKgENgMAF8+ShG5r4w
+ULHQBwMpvNS6LnrY69TqAQp7MNS5JoCCHnQqXSgUQN53Zmcnmaz9qysHvbJLK/On
+Rp0akU5A+WHFNPvGqkF8ou5OZRrN9XQMk75RRgi1YYY+UddiaBAsxqFQBKq5ooxN
+0sE65WM76WU2/v10va4iCNPTFjB0MhGLrq08sgSNfHhePpBK+WANuzjWDUWS+ekC
+VCTNBAARzlPoxuF0YsUUhwYxqFw/VC4PW9WeT0kx8pvaIwhf7Xk++4TKbdayQehK
+ImH5vmvpeWxNa1O7nVyvaJfNvSoj49X1zNg4PKDAOm+kEAjGvWeWKEOiHTLIXbzu
+HztTw/pjNJ5NaCNVWeThYYduFuRZaqap5khpqP4s07zvDvkTyKiJj3MSFel/K7UV
+uy1e0HPymTFToeinLW0x3YaJnLcOKDmF0DSJB1gVwl55B3rEYb8tODF6BLjz149J
+BT91EXgj/Futj3YpPTcIjJXsBDElP/KaBtB6uZGkmXgnz8OvRgg7wJR3n1uHU6r+
+S+19ugY5I5hAFFMLAIg+zO2IqSXW1B+CiE94tr5z96VTyIckO2Ov6p5fcGpI1VkB
+KtcuXGUVuF9pqFRKkFChu90OiqxdcdKYqgjHy1z1jovuYm2pfCB4kvPLn57XVsmB
+T0ZcdHFBf+SwxuKdr8KsK2k4er5c4jTTIflWWktrD9JLcWLc1WUecL18lFByOOWh
+5fF7zX+NNsbMBES3F6TG+06NfgC6z24/h29zfnps75usEExBc7YHJsmWl3Aef6bF
+vcoS2ug8ZXaiefhlFkyx/frGpRnD57ZOvLCi/TUVf2G0cynEKvfsb21LN50eMKD2
+HiIBGoNj9f3vJdIhLTDFurf42ocY5EQzLGleIQ0Zpv6285LqwqKKl5v28o+A4qnp
+Xhkt/3pqZ6aJeSCNQd9Zg5tOd1tXpcTdzl/BmFIvmE+SIsYydLxrX1UEWfJfEL41
+J6qXTzebh7N16bGfxU09OT7puztuK+/vAHEvCGINddDaOJFayVdEaMVUux9nDkoz
+b1U/5UxzpzFdNUZBHg1JjkUWK8oTGmkJTlI1aKJKKA1RfmnzwOd4PeHI1hIuT8YQ
+8qwKY72mCCb4Sr+Xiw43CqJ9NgWCxYr0ua+hqm2xv43QMhSCNd7v1Dg0bi3ZgOi8
+1eSns5VZFww2JkYo7rrKz21EiFXjhZ4u8MF45M5/cbDqbaPVb6FMx7MqaKmnkpQ8
+xT4BC2M4xCiXnYrrjhugw2/FMkMchIN9jG47IQiACQ8pNqoTd2tLFCFpTZeeRCaP
+Dgd8rvaMXjY/Uu9zB+LgRlQ/c01hGL+/d8cNEFzTU9jajOLobi3pKQqLdvlo40Dl
+qH6eLTnYusrZnZySBuZD5c57BBW4GMuetvtqr2l8iV4BJnMvLZ9tB69eA1PhKXwq
+tHY7a0YkhLUUqKFyPvYcnHjU9Bvg9PnciXnoDFMP1Obkou27vpI6NVmIFKMX1OxQ
+A2IJ5YWaN6h8nJOV/THzKjMDmPbXLmtQDuaDPpDaNE+oDwto/UlSQPV8KtW/MR+s
+k3rLyN3KXoVl95gT
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
new file mode 100644
index 0000000..4f860bc
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
new file mode 100644
index 0000000..c7cf185
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIERyXk+8ULCgCAggA
+MBQGCCqGSIb3DQMHBAhUeao9yOi6uwSCAoDMyMGii0I2y8CvM8SrY9tRx+Zt8WsP
+vhEWhI1kbzWpZUdS1URWGZZz6oS33GnvUDmN1fZC3V/k9OcknZvfv8UtHj6RhK3a
+dBgLVjEkFfqz2/4cOfha9FrRUJXXwW5JmnNhn3e8WZTvbtEt0e89n4jZWjWnkeoJ
+rySKWuPn9SKzwFdPh7ur8N2BfjvwxdAZ1uShnj/Umik8o5wJZUz/7w0nd7JpcsOE
+r9wC446li8t3owkm81z5jFTQW9SYZmT0ecICF1CRJgsp060TQzBeAKAM2skiOZXr
+ldQBUqZBrYV2ZZ3+bepLrmsgobxDzhiNrRXjs+8lO3TGerc6ZD496Xv5XSJF3QuF
+aUjWnaW2YX46nRWY60Bq3IhAbuAGF3YGvk4O/+n90Y4NUXj8mwLq8sFMlXKMyxLy
+fHBfWKpwTFgtdBO4nSPrn310+xiPSxU61WGMZkBlgv5X75xiX5ZYktUxVlktvr1Z
++ZPeIMRzuoeK8J8iwzx1ADbOVPCAGnPuYbvUalGoGQkjCUEdL08XauaUdK0eDMTh
+5gh1amQg+PTb/ZmYAhaDjHsuzIIgfWtsfL+Xk9AsTimK/qwP6mQLT6Kb+PowX3mQ
+Tr4SkJH31Jp6mTxueoCtqPEC1BxhuDlqlTvmPdgIPCf4dbFtsEsSGbWRUYuZXgwg
+Qmhp6TC3YNPVtLusoCMwjXkUSxRhScAzb6RpEGJwL94grF1UvTfleTGfOppKxZdG
+yjzbJcUlcSCuw844HZDwHVzORQT3zxaguKuu/XcgINd5mU2STOopz3AkHhKLSFej
+UANon6Dke8NLp96JvX/NN8zqvauRHg/r7RgcSHQWRZpbAzX4bgsEX2Mc
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der
new file mode 100644
index 0000000..6f1eac2
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
new file mode 100644
index 0000000..9ffa511
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIn5qnCAJVLccCAggA
+MBEGBSsOAwIHBAi4cuNF2wB86gSCAoCiwf84D3eyaesCJsiUCgk7bakku/Y10456
+CzrvLgneXNCbksRuCb8iFtYtiHQJcUkAko9B4uVh/3u+L9dNMnBAEEfdW8E+40WM
+tJZcX2f+FMZPaXNnGkS6mGRJc12tRmg+1wZTlKWrk1hHzEom3SpPHsIvz+aWlXUO
+Vq0mYp+CQIRC311E+lxCT2acamfgyxrNHZpafUq2GwK3NjS55jBg5DYcp5uhMOvd
+sPTh72+ZXZq8qn6dqu//RD3L13px9GGsdFPcwT0BPdpKYLkJfdAXRY002DpjAU9R
+k3LVxl0O9Z9VDzjnwyJ1qSjmo+Ejz4WsDfwT2oLGrn+6UenTsHxAE2MXmC+mm4r1
+CJ6vdkgw4PTJGxgwVoXaskfzCyz5LjW3oyEQAQn0DHZ1kVS1s+pFSQo05S7wfjjR
+KcYwfkMjiTHzWQ5LQmt8/a7GdKSJNEi1I9cs3M/HjlUa3U/KOYrdYlQGp1eD7N5p
+mFqc16EdWaPjtVEZWWgprjLFA1SmqAnBtah9xSOHCOmqxbiUiUa1tQExglVYJfTT
+cy6HRMBEP4yflxPrONYiHFLigBrb+Er0IRx93BjxGXWOriPytiYWG/idjP10Rmmy
+3michch8jBYL+fGNiZs/sbK6+UVfHbAv5lMNvNVuntlnnCJkobBTdUww2YJKAamb
+m/URTp8k1xKenzCfc/oqj2zl0j/vxr5jsv30JL8ryHzsUKYnhy3aoFNpknyM6Kid
+UAaQtYX11+5tvnI+uKxzjW4AYi45PmLTul+bN4Zb/CysfGbWPtv5fiyM1mvSlyj/
+fI98jOK5GM2bALc1cj/ThK6RNtsRwCGohp6RO3wSlmfBdYye7OLk
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
new file mode 100644
index 0000000..eda37aa
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
new file mode 100644
index 0000000..27cfe33
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIZdITGAo/50oCAggA
+MBQGCCqGSIb3DQMHBAjfWCAUwMOuFQSCBMg/StIx8CULnYk9CXeG/+Eg19XVKIko
+tb3HTIgC09NBXDMPZw1C47MOSo1i7PDuwD/i5QduKpWPDQMWck3sjf43k6Q2daRz
+7+dYLU5loKNRZ7HiYuODSL15/nhzwFmhsuPFm03/SCQqWfp6FtZvSDDXHtzPG4LG
+v+OaVo5X5N/AqvP5cdB2g4q2l/MDtY+/m19XqzAAWvmvZjZxOJ+xLk1jzK+uSi0B
+X/E+TdESGIseVWu8FXm+4WNkvwO4pFjJByzcskazUqvWVgmErMUv2lTLnZVsjjT3
+oM1wY55zsgg4YDpv8tBj3X8A6EmM9Bx9C3qxerZH3Xw2quNOcRUx3VmZ50p46nNh
+Og9v0OQKZiD7Z++L9quZ8PSmjcgq959Cwh8r/EFxDHM78gSTxA68UJfNxPjmvxmh
+9GkI3lQSp8ZD4dFUUujUtI0QmB4xNU95FHLRQmg+L6i+6vEH6FaqyE1UB11y+lks
+1it70NkMZx+aR0yd1UgE7RVZxXolNLaq5hMXcS32P57dqzIcluKGMcpAmOM1uaGh
+Bwk3rNX8CFSX/QJ6QdZjy6k0+WxmQD1dJ5bc0+WMeuT8rpGpqSvwXyeaikagU6sH
+JFgaLmWewd5xY9/+WCe0nPKJ9UqSCQ6Hod0+2BiiDgnfDWeBD/E0gPcVV9sdMeWi
+aaiIGd/a2YxB5yW0oAIBBFnm5koTWeKW/K+LDWOE67S2qSxIfr1goFxIDbe1Y2Mv
+tDfWzTVp/GxTpIxKxobCiEBWrk4e8vUMp25Jjne4fW1+/bwIZBjirpgBO9w/fIXU
+LuEEZgEyczGgGulij/7P9XhyMFEPmr43LpOo0poFpRHjvBCFKZuxw/+PbxRhSqC1
+Ov0d32XlNzOqtklQv4XZc13AOKJGdRqw/h5GXud1a05sgUuwQqX09kDjQuJ6hm9Z
+ftWihbzSUxRg6UMz8ZPAAzl56pKYREfVV/UNJ9u1PFDg0peQDdl0pl7ql+Di1v76
+wGjf3JQ7Yy+zGkWfnvSHOWJs5Kyyj3Dkl8fJA/AwYUvsd1JdfXHYVR1vxg4vIyWr
+d6YU6ZmEtYE7EeYEkD0xeKOtkeEwgFcIAuv39J71Er3CDwsMKJapD7ZWPG0u6Ni0
+CF2a9igYN+mPAostcVm4wBIXam/wZgDxTYX4eXtuVVc3VIr+XU3G3WeS3KCgigSU
+FtluJri02JsoSsTvTxGfa7pjYgr2IXrSeQYPZ03ikGDa+wGNSJliNhE4LLbbOKFp
+SStTO7yEXaWpYH4mVWK6rulw8AHQC45t8XHtW3UU+o3eE4XL+dzCvqlEjBwJAQ2J
+2yymxc4GArd32dDEuHZEEYwpm22cX0aQ3yJw+rhGa0h72fpZEaOrCN0cdw6m1UaN
+porEH2oYOeR6SE5qdu6+PyHwqVNgdxby+dqbn1D3NfsBWg9BnqOgBWUgIGKmRKHD
+rmD03c/2yqInzEEzmSzlQPS0CP49o0A8pIAP/43GwflT1wtDw80DsGmgqIRiyWfp
+u5n0Ocu6UrKxLdlpv9hLHTMbvUZMiLOef7IK+K+Bxc5dXttPe7rtBNhzJp00by8q
+CxJc5tYWb1yjznACC6hOsoLyGAbF7S0iKzjea3KcqnJC27oB4iCFpHITFRtwG2R1
++IQ=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der
new file mode 100644
index 0000000..c7c4c8d
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
new file mode 100644
index 0000000..50337f4
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIS9yo58mAF2wCAggA
+MBEGBSsOAwIHBAic2lQFfsyAzQSCBMgy5+fLYS4AjX8ayw5sJGpf75L+R8/AN0kK
++nr9nJUz2agr+XWGvNBkjA6XOhcsSNRym7j72g3uRNoqVjdVWI4mn4wEo9f9gWgo
+asGoPKvar3WkxgBvADSPyK5u2hD81ebel2maPwkpn2kDEfsXyWTDWxqnAUFthOCB
+2cWNzjij1g3l6RI9ADSf6X5IbgTfdNiDfQw/D+pneJVMc2L0vCGk1yZiu9pva8M5
+pLSp8sUGgzDDe3cX/h87JL4vb9De8zFgZ7hCfFXmr53BnULPzKrBgRyD6YD+UOSe
+XFMYGNR6yCYTCJiOEJTn5i0FzoFor40lzF7aigSqh7YVl8tFLPEzH51yGBIGlfMJ
+rruY5CA+T7RGP/kIUGw7LftVOs46vNjyNjvt4yXby9Jk18+0EV7Drk+bNJR7ACpm
+ViLWVIvnNF30gqCBJdXa+gU1/yDjsprVy7QfT47iZ5cQ5zUzSJpjRDxt8c8aEgOv
+48TWjtbBiWo0UiEnF48rf8VN47gS/FUxsQ3x9payA0KZnMQfqqLn2QfvBG6TW4ku
+MIOQuCHrFxEEk+XRQ7PLcKctzCwm+Au2vR21pdgQSTupiFnOalAbazsKOYweMPds
+ScvwZpfBnKIE8O7vi//hOsIilw3T8S1RCogvqJcWBAjHSrfKsLqhTR+vsLqYZkGY
+tkdoy29he7uHd2tFoTo5E5zRR1cNjCmt4dEmVR2HZOQ+6FIvk1c/ry14KJEZPUyJ
+YrVeyH2h3sija4snUMlB76UsYDka6QS6P62StxR/T922gbJqmEC9yA3QeMvn1x14
+p8tZxy2+ClzjrieyX+B+8DYFQ3dhvX72eFm5X0pQxK5XIZFOHzEdrff2169/++B7
+C3smjwPfrkajiAbWQixwrBZiSh2KwPMuAPFohfTXE9O2fNYN8I2iLnoRho4MuG7B
+3jTy1b4aySyMnS3I0T4nQKJyIFxRjRg9ovPcUlsu5xmFXRiXI5NqMwboDVk8pZxv
+ChMH+EL9hNmatf5Mth3GzOSC1CIE/rg/+2SkPK3BrNGwFD49JuP2b+4mocVYCjrm
+L2yoZkNq+mOUkpnXI4O3uR1rtQfALBQm3PDroqtKQHn4tCpav5BKgzuLIFyrr67D
+B2vN3KAIIBrVp8luI4/Jf77hrFTF8DMWSN801ig4pg+T5pKKYyVZe1C57UMk94Jp
+RjEzrASBSnEZof3hMvciudp/u4EsxrGKwSUx+Vy3vztQ/F3HpisuodKSErDkO0Sy
+8ycWmR8q4eNRMYyTOhT3c/650msdRbZB2lelwTl+fqg9oIUJNX4Z6FmBVfAPRM0S
+QTSEJu1i28qpVYiRSmnAGLvGETNWJnwXXKaOtoIpmX5kneEDOQ8ZCJHcigYENB25
+9SVdOP22DMJzivmwWdRvKqG4XHKgOT6t0oJ1LUNm/fB4KMoABMzfLjrslzJWSCDV
+CMNYSuZE0oMRVpj2VaDZxet8DQ0+rTJ+BszVJXXsaV3DLWXg8Iv9in/X3bQvZJLf
+ZHSEanldcmtrOY0K8jufh8Fk8XjD494a6t+vI8G/8oGWY4rDkBFG+seBNsnG9hDz
+wOBw/2fpHqwNz1FPDfwn/SBfIAuyLUsxe/w+KpOb91jXi48ifx64fzb4jr0Jm98=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
new file mode 100644
index 0000000..bca2ff8
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
new file mode 100644
index 0000000..c5113e7
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIRkUpAqxZvr4CAggA
+MBQGCCqGSIb3DQMHBAjFyO62L4EIxwSCCUgDa+4NxmT4wXuKjxhe0+FV2qY41npE
+e6jBLdDQuqtSlB4M9A+AVtKWi1sncYzV8FLtPofX25HCciByddYaxsYFtVdmaY1p
+ckl9kBU2JIEZ9kvfBxcuHEVeesbvws4hJMO3ADf5CPS+vivEpYt4W6VUANZJTGwD
+jA3QBIjSdJlC4ievdcxOn0mUc8Y7X+RMmAhEV778vQoTMaoYKOpAa5aQsL5eN392
+GRexE5rzhI+jSctBnGL1t8IhUbceBnLjAIDRyNrQFnDypzAMrV/Wqtvf3H8o7m/G
+3YGSuGa4LbR32PAkT9MrZLIoaKBGxPu64UvxfBFm5RIubtrIgpQXHo5m84Jpwef4
+fD/0argZoh1DSlP/LMJ2s/Rhz6fM4bXohtpPJCqo55FLxjhfBrA180SNXwOWbUtp
+wsR5qIhy78REHGHjm7ClQBvy7zr20yFJn0+XGFF58W2+GTKstOg6o+L64Ad5byei
+VE0SxPhFUamiY2HGmLpBdbl7Rb5El57GJY6cDl9JRgLPoVZf0eYzScv58n1oLT4p
+jHkLZgi7RkoLf9SAyR+Pq8dg+j7b7KLVy3fgIPJxmqERm8kqU4KKs1G5oSmD0wI3
+YVWCB9knPTU7VFnvBvDxmD+02uY5lcKCHIllLSZNWJFjtsYU6MJcLC+6dBDHokF5
+76/h5g7oe++YJjut759NqxeKWpXyJLbHgPT9W0+Q2bODItERHF2d3abGDuo4oY/I
+28+ihesssWEfkRx4s7wY8KkbsT6FCXfR4uTxuYYeygsmN7F6rQhM97ErGeH9LtmW
+JNq6A/RCZaA4rYiAUzpIFZ8x61EhoQtuSgs8EBJo2W7JSJc35zaMFb6oL0Qqkq3w
+rMHlBXlTlf0phppJQxrEPqfCPfqdtAJVLk1SxpfW2RgQH0Gbl/VYbK3Fdu2kdnYA
+my3uuOqT5k5vG2rdBkvIZWMqB97CWQNBZmiV8hUYjqIJ4HipCY3ZTtnXIipQVS8M
+lnVFc+7nSTkzAQ5/RrTBAguiD+b4CvY0H+CVIp5FgaMuo2BaviqqLN8Nx2fUvCGl
+7KsXhWjztJgKPbLubUu2UcmOh4QaTrFQ7Lb+/yt3HHzaUWLV/I4hdOgH3VNdTDbh
+Y6+55ayW/gXzODhI21bDWRBa6RCyffRtYx+4fccpAz4mz58ho7QyvOoKnVzb6Len
+EAAAPJctuwMbY+thu2mBOICn+fni/AMTqTggY37Mk4BAi0641F/6RkujGlz9/2FA
+GFifDO/VSWO9OprlmYCr0HuuGdMaHB+VTEj5j+cwpJ5imUhQHaN1Q3masJmD+sdH
+27Du/O164hIdblbvUsS+9v3l+EgMbHqC61RQbBuNzs/1slxTz7uO61a5Snu8XYWP
+pibxyCaGznvyunCZGTiWuHNYR8OnEJAM4O/wU4ThCzb+fxKDMchs1LG0ptw54L/B
+86oMiScXlkCbdl9fjPRuHTuWBqFDm0Lz77POyXzJFpre2XDbQeSQyTzZFeAOFeGy
+P4mrLDMvxsrUU8U3EGeQtTvdiFjNS3Ba6k/VN7qjkBcETQHEmmOnO7EVDn9csybm
+q+voR7JpokjD2YKCp2MwUUO+rjuTl8LYxUPrmpofY0yH2c+0OqHA6txszkEXgGbz
+oXrgFKZqSM+kFGpaRCIPjkulCdC6IB9i0Qu8w1hCMVUPIN5HFoCkP+JC5jzdz08p
+s8m2ZgkVmcZQCmtq0IaRQH2nPS1n2V2dbEd12r4exfxXiiU7GZ42jszfopEhF2wl
+GCIjc/joTLGZ2M28tGVFDIg+kuCLiB/C97Uf3WGDTmDfqOY2aBfHcJ97rCHIyxpH
+ZVnn94IBvanuoA1DZvEs8tmG4dG/QPhstTVcYZg9wALzOURXZix2zRJca937sEoO
+PpVXOj5509lrQwOtbizl3zUcJNT9GJBYWQTpceNVY/1JhB6EKfnZ+Am+qVD8/rjg
+1ei/jndWOmX628CGuqhCPT7VUnC/0H4oIvYnf+QJlNqv6sbhStw/VPNpMzDiOhnN
+Kl/1aGktHth+IFdzTpmqFbRIxLkvvrAzjxLRGfOnH2N5V+sWBudq6PsQ38QbpdEd
+WlF37Xdq74wpQKmX165eE10hd42DJkDORPUycpVTr3y0zDVUjnu5Bo2xi2AZqBoH
+aylv9hae26ZYLzp2RmAQFkEFxcpuqUvuJq4MtCxmvXivttrBRqaFmBKojxJyOOon
+JQQo6aiof1Zd3inx7Prao/aWI77R/vdaS/j1IWqyOFu5BMi3tkdL7yAxLq/e5cbX
+KF+bJAvKvdjV48cPyMQ4i+SiJQtFBEj5l7ynrJ2XaOCh2jhxwyLJHG9/qGU5dF0M
+YuD4OY8gTxZDpi1jTU5Q6WUqaQBTUrLQqWXEhDLhyHe+f1mqb6IfAfrW8X/Kbp19
+KeOmyOESPIrfz75yG/nQ3IpEk4ufOmNwA9kXYveZOYtFNfZJcjYMIlC37ypg8+Ly
+dzvLpx8xuOplz8aMHtNLojkKKoKpc4KYZ+QZzj9FOB6r0mvc9Sqj2A3xFgntnZal
+soJwZmaonKT3kRQxDZ3woU+JDfw2Sdg0Fb0jWvoyPcYdnQoExR7uF9Q9O262oAPg
+r8g5UNtcKXpGz1x2/IfVNUQwIQfmz1Slty61ed7l+qNcd51jK9RAW8HGbx8Blukn
+izE152He9hrM6XhO3h3WaSw7qx7//5n+VNV0yqp3rQnQDr6V+zcfjgRiNWITXkHg
+a2Xvju81h5zT/RJD9jon3PBg88effiBF01UD+DxENNsJ2WKtc70HvhRgZoI6/e5b
+04YX6HBLSwdbUCLoiXFbXDFtRE0Krmba0tU/i0eRgzUipPDrQQUNt/6x3a7Ks48A
+OC3/EDfcCYzu12W9h0TR09YlfiNJnalxGSU2CgzdxWhXvqxu5lfswIgj6c759RnD
+v6676NRTlS6J+wn4S0ShNon1D/9siAGkLbhRKBc9TjRhxSGwHLRFYSbRD0ql0RLZ
+/8kIlsKSmX/wJo1k9g3MwEN+SddRkbFZwjgZy4vgTQhrH6r4WQzCUXcO9F1i4Acw
+rnMmV9fUJ/IZ22snbGny6yaBa5T9RcvPpCW81PXeFBZo0cK9xrs0t5eRqwmyKTpF
+FpldzwRoyFRjDnGVACMo/X1eaCwvew+1M8fcSs1p+qrBfrfRiI4tg8bNrYdL/0u1
+RoE=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der
new file mode 100644
index 0000000..f40c9c9
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
new file mode 100644
index 0000000..d4b6933
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
@@ -0,0 +1,53 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJizA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQI8DHSrAxFTFACAggA
+MBEGBSsOAwIHBAi4/Xl5t4O13QSCCUgq3P508tXVUz0IuJ6CV41vd02FUQl6IxWU
+gk97TENxKooQ1EBuUYDWtiuSICJ/RTKt/y3JoYcYBpdjeEnkJG2L14DfgS+sdKfC
+18v1EDDiAssre//n9sZfUKBWHs8SqcPyNJvBWMLUW7QNtMhoMj1VEQzTH76v1ZvO
+ojy8akuZ+rqE+EnOPtuEOdJiDYW6yRRp4Y/MqUyx6PZPAHfIk/JJV6yulfGSEFLc
++gGI/CUfEfsi2JVIva7JpvfO3N5O1fyC3cx0BsT3gousOkacxcRb8pqgHbMY49Ss
+eR4XCQHwOItpc/tHtNOnZUWQzNxZ3d40vxVV+KuvKiT1nzB3sx/4GacS+ZWkCE8y
+qYvbtvi6XqCpGeZc0iZN2ER9hBucGPU14aNoB4ujFx0u8x01sWf9ARLICIAMAsck
+pMdLwTZ684NkyK7haFnS06f3AOn+LRI4G7mo5wlD6YeXg9dIk/OYUCjFI35uMB6H
+RGOdEqAncx92tPaQYMBBWbX+arqaNEsdrBnovItsnlMTCvoIxGQas3LNZPhYmS78
+bwhlXnZwjnifvRHVFM8c5JuOmvYkPgE6RYPaLMwbZkIhxbbOyQi+gkYJhJgZLrjD
+I9BDUEYReSCmWH8hwCDe6BHrUL40C27tL075hz4x8EBySJrG4udZ6RCwnUiM6bQO
+26nJ7gGjsuBcCN9GVcGsCJ+bfltOvsLUPjS3Ypus1RXKsoe2RL2NbGAVh3gLb4kY
+Lm5agI23g66yI7An+9YA4s1LbgeiE9M1pOgZgJ4MWSVjRjIoxC9aSiNfz+cyaNCK
+sd4l9CuH/pXid9aEluvZKDdu5fVC00ZuMRUzcC8CzVJ6tDq5a7ASqxC624bJYF2J
+nf1OYo4ctY3ExVdAyc0cohlIrarqO+cgdVxdQ9FOgKjZC9Z2xxZigetfQLFVROm2
+XMrD35iIFEi7wYRsUBCyy+ClSHtty2/r17PeE4jvLbNv5vvh1CEe6GD/J+vd3WXp
+meGPmSsYTTnlnM0861tBtfgqBmyKCeiKrPlzqNTsfppLoL4FtRF8WvxmbKvahDwN
+lQOnMhNKF5JoyYREGNAySljaWQaoliFMwO4ZhUR1OMqhC5jEmwp35dz2nZCaweMn
+t9+iuxOygOB7k8w8xRQ/p87/lVDDYLRg5dpCqyn0a+THOkCepD7yFi4+4CG7Qbso
+D1KYvoBe+QXheW/eqJQlGQaxhXB5pOwXfNbcYoByuClqyQ24WLBk6c6R+3qBSnzC
+uTarp5ne6vi8cAK3N4Ho9AOqgqb1NZmSQbu73InKKPDbn16pkFQlTa8g1f0+ktPd
+u+U71s2VtJKSGOGDD8yav9BrSYNXcJ4P2UROIdhQwuEh/9p4AcJWElMVufWDhOn0
+m65t1QB3emjVwHzcHweAuJZwBfap9SKduV3DbFd+BVLROlWT0H7/++p6FXcsZaFJ
+6rQBlSqWHBCHDB1UuNTLo6Pv9HfhxiS792L24LRqQkI2/1zcdT8jlQt91qtIwv23
+F7mGpBPGU05oKDVEPUFTI9K7NNx5CUUnQqVs8fDk/ihQlTQd03LSC3UWOB/gpaa9
+/NSw9qugLNAL6KTQVBJ3ZYfZc7VOJCz6g82Ys9wRmS3eJMacya+djtt0jW/rVlJp
+/VeuDGgrsWMVx9SuXqzoSMaQbfXUkWCMNlpbHJhxz3UQMKvvQrWN3Oz+Nm1azptD
+Gq0xQ+/L25Gax0x9Ks3HE6TKD81AKXmn4HO/g/kvMJxLXJzwyqEk0KpFUlFRXNQp
+PNfNxCz6HytdagFp/1IB9AmdLVznS0tD3hEDijm137pHY4XJwNWLn5/AlGzIRljn
+6iNubxNvJJXGayBrzQS7O9+OvWuqaIY5VeO+ZtNIVO3I2wice2NosHPj+JdtabG6
+z9oj6Of3B3clgudcbDVJ540JoBZa3VMG1qpsg5XOw1K/PUUr9+ky8erRwjUN66L0
+YXCfvi6u7Y85gwm7H+w3k99Q2KW3J2H9nmnRbLHzHDBIHNqcIAm1/idSm45hNBwZ
+P+NuaMuEPB1B7ST69JZfe/puGPnqpj33cZYejxwkdmK4MnqCUfe77rac/bxllp/k
+eGVZtlEVwdA4dpx3jFZll183uZxRH8D/gZAy7px8X8pskrdEq18JLlcnsgDGf/EB
+PDGjSLsBXWA1z3QS1Sp+elVqqsZj4RbzdrIKunq68wEBcVSccNZhR4dMMv9qL1FP
+YnCsnpOV9JuRtViEWgN0LYSJaqwPaf6CQBypmmC38S7Yk9gzjQ1Gj/oGPF89YHQZ
+F8mCIZOTT7MIvdPwDkiYC6zKw+oJU0l6Qc9jcB/JXwNajb2Z0jJ6L7GM5jScp+rU
+w7CYIHtHOPU7PF+ArZsLuSMRGptp+tPybzvoMg9zxG/uBJ1al5+OI+5Ok5xCNDT+
+FkuJboihFK5yTpLhzjvA7YsQMFLy1zU449gRK5DWqUrYw+YKS26mgzzB3fkS/yhD
+G4/Y96xIn76639uEPhGtQh7OCg0gu7/+mP1ZboeLY/vCqLgV/RzLAMqGH6934avR
+EXUuba75LQrqwZbPD4oB32yTjfapKO0uGCubnDRq620221h48dqejCqljKu95Jvh
+W3up/DAJRWnZ9JfNWubW8hzVZoF6BySTlACjXbU9rFPJuARchcXmM6RKrrSBPYlo
+vrF97Ym6RGUo7ozTgRDFTH0IUz5bGjtylR1qtzpvNsvD+254dYDfIKSCyrgOdnvB
+ZCNNS6OluegQbFr6Lu0Qd9F2PAtKer2djXDb1UDiceY2XXnPehAmlnkI27ljij5K
+0vo1j21E0ISc8VVeC5PwJ66yVqkQyPFq6OTHUCrOrnDvjqDGMqPj+dwIYGJPBAqS
+jDTpVlgB8OrvE7z23KOMrthdr7t4wWeTiu/9PEvfP5lODYZ6fLAko27O5W1i6az+
+2rPE/q9Ek25z/UaBr5xcUa9S/I+B3+gvJpg8/O72xHd1LV6fQu7LbWSUSmVw3NQo
+MNVQgyJ4oRrFA70QSLwpUIyD/Lac4RNPIIDnnPy4wZO74NdBkKkqBC0BOG0zAVNy
+650rSYn3/RexpTZV7HfFwBViO+s6l3UgRrE0UD6vK3BAkvZKMb19I34DUfYQdGB4
+YRyQzIsolhoy27ZxW6aSAvU4W5idjPJG9aWuHPB4qnhJyI9Y1+D2exGSa/WIanM=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/server1.cert_type.crt.openssl.v3_ext b/tests/data_files/server1.cert_type.crt.openssl.v3_ext
new file mode 100644
index 0000000..bd225ff
--- /dev/null
+++ b/tests/data_files/server1.cert_type.crt.openssl.v3_ext
@@ -0,0 +1,5 @@
+[v3_ext]
+basicConstraints = CA:false
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+nsCertType=server
diff --git a/tests/data_files/server1.cert_type_noauthid.crt b/tests/data_files/server1.cert_type_noauthid.crt
new file mode 100644
index 0000000..ed8b80b
--- /dev/null
+++ b/tests/data_files/server1.cert_type_noauthid.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR
+BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBABNT+r+6vvlpjtyz
+mewrGOKPt5iwb8w2aReJ0AWuyQzTiduN26MhXq93cXHV0pHj2rD7MfiBEwBSWnf9
+FcxkE0g77GVyM9Vs9Uy/MspIqOce7JD0c36G4EI8lYce2TYwQLE9CGNl+LDxqkLy
+prijXBl/FaD+IO/SNMr3VVnfFEZqPUxg+BSTaGgD+52Z7B4nPP0xGPjlW367RGDv
+9dIkr1thve2WOeC9ixxl9K/864I7/0GdbgKSf77xl3/5vnQUOY7kugRvkvxWIgHS
+HNVnmEN2I2Nb0M8lQNF1sFDbpFwVbh9CkBF5LJNesy0VWd67Ho6EntPEb7vBFF/x
+jz0b2l4=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.crt.openssl.v3_ext b/tests/data_files/server1.crt.openssl.v3_ext
new file mode 100644
index 0000000..239d56a
--- /dev/null
+++ b/tests/data_files/server1.crt.openssl.v3_ext
@@ -0,0 +1,4 @@
+[v3_ext]
+basicConstraints = CA:false
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
diff --git a/tests/data_files/server1.csr b/tests/data_files/server1.csr
new file mode 100644
index 0000000..804c4a5
--- /dev/null
+++ b/tests/data_files/server1.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
+GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA
+A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb
++OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr
+eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19
+3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm
+TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF
+ox+ATHKxQ/XpRQP+2OTb9sw1kM59
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1.key_usage.crt.openssl.v3_ext b/tests/data_files/server1.key_usage.crt.openssl.v3_ext
new file mode 100644
index 0000000..e255027
--- /dev/null
+++ b/tests/data_files/server1.key_usage.crt.openssl.v3_ext
@@ -0,0 +1,5 @@
+[v3_ext]
+basicConstraints = CA:false
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
+keyUsage=critical, digitalSignature, nonRepudiation, keyEncipherment
diff --git a/tests/data_files/server1.key_usage_noauthid.crt b/tests/data_files/server1.key_usage_noauthid.crt
new file mode 100644
index 0000000..d66e515
--- /dev/null
+++ b/tests/data_files/server1.key_usage_noauthid.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLjCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO
+BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBAJZRIISo4+rDvHXXaS43
+shfSkyJyur588mNJFzty1WVfhaIkwjMIGHeGlHS29fwgPsBUgelZ3Qv3J7wsm42+
+3BwQet0l36FIBIJtFhcrTGlaCFUo/5bZJUPGgiOFB9ec/8lOszVlX8cH34UimWqg
+q2wXRGoXWPbuRnUWlJhI2bAv5ri9Mt7Rs4nK4wyS1ZjC8ByXMn4tk3yMjkUEqu0o
+37zoQiF+FJApu0eTKK5goA2hisyfCX9eJMppAbcyvJwoj/AmiBkXW8J3kEMJtLmZ
+VoxXYknnXumxBLxUrGuamR/3cmbaJHIHE1Dqox7hB+9miyp4lue1/uXHCocGAIeF
+JTo=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.noauthid.crt b/tests/data_files/server1.noauthid.crt
new file mode 100644
index 0000000..99c004f
--- /dev/null
+++ b/tests/data_files/server1.noauthid.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHjCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+oywwKjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAN
+BgkqhkiG9w0BAQUFAAOCAQEAUMDKviuchRc4ICoVwi9LFyfQjxFQLgjnX1UYSqc5
+UptiJsDpbJ+TMbOhNBs7YRV7ju61J33ax1fqgcFWkc2M2Vsqzz9+3zJlQoQuOLxH
+5C6v5/rhUEV9HMy3K5SIa/BVem9osWvMwDnB8g5k3wCZAnOuFcT6ttvzRqz6Oh9d
+avozrYHsATzPXBal41Gf95cNVcJ1pn/JgE4EOijMqmAPldVbCqfXLl6TB0nJS6dm
+q9z73DGrVQlOwmCVI+qD2POJI67LuQ0g6Y0WVMxsWilMppt+UrEknMzk4O4qOaUs
+1B20vI/bN4XPDnw58psazdoBxFL+fAk5MbTNKETNHjBsIg==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.v1.crt b/tests/data_files/server1.v1.crt
index 0a4b2a5..b13be43 100644
--- a/tests/data_files/server1.v1.crt
+++ b/tests/data_files/server1.v1.crt
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIC9DCCAdygAwIBAAIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
-uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
-d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
-CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
-lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
-bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
-owIwADANBgkqhkiG9w0BAQUFAAOCAQEAoZVuVi7bIslKgMJhejSFXiO+ICMz1fmK
-b0tPN68mRYhI/gsjRT0cmX6GUNrg+U5mcBWhMwHgyvx1CARU4YToKZxcXGNL0DPd
-Z1hF8nCrJCZBQvNuWE7s0ufw92xz5ZfuKkVxi94RYR529F6gzgl4rpX8UQVu2ym/
-9pTlHKr4MKi9LNppyJMS89uRcb2FJFMdhAKbhNtbIjI9qGZ7x//0belAaWhq389u
-6XWFnZt35PU6Zz6YbAQ5pjZYsTaohuufgrpOlFPUuc4uR+RfGHIQ6id12lZaQC2m
-OFIBDcU0x1cFfPfMgVdBLf6klPt/v/tD77mwx0eztSp28NIf+ACw8A==
+MIIC6zCCAdMCAQEwDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UEBhMCTkwxETAPBgNV
+BAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4XDTExMDIx
+MjE0NDQwNloXDTIxMDIxMjE0NDQwNlowPDELMAkGA1UEBhMCTkwxETAPBgNVBAoT
+CFBvbGFyU1NMMRowGAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb
+7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJ
+BEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8Yw
+fhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5B
+Xhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1Y
+ieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAATANBgkq
+hkiG9w0BAQUFAAOCAQEAPMRfR9ql7b06b5DdNyJhD96lBzuVSUOW2MgVHT2Vs7NB
+tk5L1htpA5N4uaIeyt6YM0xU0nHdHUKaywNcDiXcnzvRoctGWiWdpcEvdA0rYRF5
+T4MGPpjEuLJcG3aTU8mV8wUEbrY6IEnSpC1G9iasjhkwAF7pb/Ic8+/riwmPD/Fh
+zBrRfBCgi5VXbX9IvY+yQHRVRal8y+n4eh9/hFxBKDbvuidFropGzcuparEwCIRi
+U7L/7aZ3A5wsQp9GPDliSjpeYCf5tok/bvjG4xU041pGQ7yVNpu2mEIoqDz9v+Ay
+IKqsWradEnFG/1ov78a2RB+2+iIPE4iCDtmKUkgPjQ==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server1_csr.opensslconf b/tests/data_files/server1_csr.opensslconf
new file mode 100644
index 0000000..6e7075e
--- /dev/null
+++ b/tests/data_files/server1_csr.opensslconf
@@ -0,0 +1,10 @@
+[ req ]
+distinguished_name = req_distinguished_name
+prompt = no
+# Restrict to non-UTF8 PrintableStrings.
+string_mask = nombstr
+
+[ req_distinguished_name ]
+C = NL
+O = PolarSSL
+CN = PolarSSL Server 1
diff --git a/tests/data_files/test-ca.server1.opensslconf b/tests/data_files/test-ca.server1.opensslconf
new file mode 100644
index 0000000..4a5072e
--- /dev/null
+++ b/tests/data_files/test-ca.server1.opensslconf
@@ -0,0 +1,18 @@
+ [ ca ]
+ default_ca = test-ca
+
+ [ test-ca ]
+ certificate = test-ca.crt
+ private_key = test-ca.key
+ serial = test-ca.server1.serial
+ default_md = sha1
+ default_startdate = 110212144406Z
+ default_enddate = 210212144406Z
+ new_certs_dir = ./
+ database = ./test-ca.server1.db
+ policy = policy_match
+
+ [policy_match]
+ countryName = supplied
+ organizationName = supplied
+ commonName = supplied
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index c768bdd..838b541 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -426,6 +426,16 @@
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' make lib
+msg "build: default config except MFL extension (ASan build)" # ~ 30s
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+make
+
+msg "test: ssl-opt.sh, MFL-related tests"
+tests/ssl-opt.sh -f "Max fragment length"
+
msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
@@ -641,4 +651,3 @@
msg "Done, cleaning up"
cleanup
-
diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
index a486319..e489a00 100755
--- a/tests/scripts/generate_code.pl
+++ b/tests/scripts/generate_code.pl
@@ -333,7 +333,7 @@
# and make check code
my $dep_check_code;
-my @res = $test_data =~ /^depends_on:([\w:]+)/msg;
+my @res = $test_data =~ /^depends_on:([!:\w]+)/msg;
my %case_deps;
foreach my $deps (@res)
{
@@ -344,7 +344,23 @@
}
while( my ($key, $value) = each(%case_deps) )
{
- $dep_check_code .= << "END";
+ if( substr($key, 0, 1) eq "!" )
+ {
+ my $key = substr($key, 1);
+ $dep_check_code .= << "END";
+ if( strcmp( str, "!$key" ) == 0 )
+ {
+#if !defined($key)
+ return( DEPENDENCY_SUPPORTED );
+#else
+ return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+ }
+END
+ }
+ else
+ {
+ $dep_check_code .= << "END";
if( strcmp( str, "$key" ) == 0 )
{
#if defined($key)
@@ -354,6 +370,7 @@
#endif
}
END
+ }
}
# Make mapping code
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 6c33604..326dcad 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1348,7 +1348,23 @@
# Tests for Max Fragment Length extension
-run_test "Max fragment length: not used, reference" \
+MAX_CONTENT_LEN_EXPECT='16384'
+MAX_CONTENT_LEN_CONFIG=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN)
+
+if [ -n "$MAX_CONTENT_LEN_CONFIG" ] && [ "$MAX_CONTENT_LEN_CONFIG" -ne "$MAX_CONTENT_LEN_EXPECT" ]; then
+ printf "The ${CONFIG_H} file contains a value for the configuration of\n"
+ printf "MBEDTLS_SSL_MAX_CONTENT_LEN that is different from the script’s\n"
+ printf "test value of ${MAX_CONTENT_LEN_EXPECT}. \n"
+ printf "\n"
+ printf "The tests assume this value and if it changes, the tests in this\n"
+ printf "script should also be adjusted.\n"
+ printf "\n"
+
+ exit 1
+fi
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: enabled, default" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
0 \
@@ -1359,6 +1375,55 @@
-S "server hello, max_fragment_length extension" \
-C "found max_fragment_length extension"
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: enabled, default, larger message" \
+ "$P_SRV debug_level=3" \
+ "$P_CLI debug_level=3 request_size=16385" \
+ 0 \
+ -c "Maximum fragment length is 16384" \
+ -s "Maximum fragment length is 16384" \
+ -C "client hello, adding max_fragment_length extension" \
+ -S "found max fragment length extension" \
+ -S "server hello, max_fragment_length extension" \
+ -C "found max_fragment_length extension" \
+ -c "16385 bytes written in 2 fragments" \
+ -s "16384 bytes read" \
+ -s "1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length, DTLS: enabled, default, larger message" \
+ "$P_SRV debug_level=3 dtls=1" \
+ "$P_CLI debug_level=3 dtls=1 request_size=16385" \
+ 1 \
+ -c "Maximum fragment length is 16384" \
+ -s "Maximum fragment length is 16384" \
+ -C "client hello, adding max_fragment_length extension" \
+ -S "found max fragment length extension" \
+ -S "server hello, max_fragment_length extension" \
+ -C "found max_fragment_length extension" \
+ -c "fragment larger than.*maximum "
+
+requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length: disabled, larger message" \
+ "$P_SRV debug_level=3" \
+ "$P_CLI debug_level=3 request_size=16385" \
+ 0 \
+ -C "Maximum fragment length is 16384" \
+ -S "Maximum fragment length is 16384" \
+ -c "16385 bytes written in 2 fragments" \
+ -s "16384 bytes read" \
+ -s "1 bytes read"
+
+requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test "Max fragment length DTLS: disabled, larger message" \
+ "$P_SRV debug_level=3 dtls=1" \
+ "$P_CLI debug_level=3 dtls=1 request_size=16385" \
+ 1 \
+ -C "Maximum fragment length is 16384" \
+ -S "Maximum fragment length is 16384" \
+ -c "fragment larger than.*maximum "
+
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: used by client" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
@@ -1370,6 +1435,7 @@
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: used by server" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
@@ -1381,6 +1447,7 @@
-S "server hello, max_fragment_length extension" \
-C "found max_fragment_length extension"
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_gnutls
run_test "Max fragment length: gnutls server" \
"$G_SRV" \
@@ -1390,6 +1457,7 @@
-c "client hello, adding max_fragment_length extension" \
-c "found max_fragment_length extension"
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client, message just fits" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
@@ -1403,6 +1471,7 @@
-c "2048 bytes written in 1 fragments" \
-s "2048 bytes read"
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: client, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
@@ -1417,6 +1486,7 @@
-s "2048 bytes read" \
-s "297 bytes read"
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
run_test "Max fragment length: DTLS client, larger message" \
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
@@ -3444,6 +3514,7 @@
"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
@@ -3452,6 +3523,7 @@
"$P_CLI request_size=16384 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 BlockCipher" \
@@ -3459,6 +3531,7 @@
"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
@@ -3467,6 +3540,7 @@
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
@@ -3475,6 +3549,7 @@
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 BlockCipher" \
@@ -3482,6 +3557,7 @@
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher" \
@@ -3489,6 +3565,7 @@
"$P_CLI request_size=16384 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \
@@ -3497,6 +3574,7 @@
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
@@ -3505,6 +3583,7 @@
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 BlockCipher" \
@@ -3512,6 +3591,7 @@
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
@@ -3519,6 +3599,7 @@
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \
@@ -3527,6 +3608,7 @@
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
trunc_hmac=1" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 StreamCipher" \
@@ -3534,6 +3616,7 @@
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
@@ -3542,6 +3625,7 @@
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 AEAD" \
@@ -3549,6 +3633,7 @@
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
run_test "Large packet TLS 1.2 AEAD shorter tag" \
@@ -3556,6 +3641,7 @@
"$P_CLI request_size=16384 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
0 \
+ -c "16384 bytes written in 1 fragments" \
-s "Read from client: 16384 bytes read"
# Tests for DTLS HelloVerifyRequest
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index cac104a..eef41c7 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -111,6 +111,21 @@
/*----------------------------------------------------------------------------*/
+/* Helper flags for complex dependencies */
+
+/* Indicates whether we expect mbedtls_entropy_init
+ * to initialize some strong entropy source. */
+#if defined(MBEDTLS_TEST_NULL_ENTROPY) || \
+ ( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \
+ ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \
+ defined(MBEDTLS_HAVEGE_C) || \
+ defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
+ defined(ENTROPY_NV_SEED) ) )
+#define ENTROPY_HAVE_STRONG
+#endif
+
+
+/*----------------------------------------------------------------------------*/
/* Helper Functions */
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
@@ -408,4 +423,3 @@
test_info.line_no = line_no;
test_info.filename = filename;
}
-
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 120247e..042085f 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -448,24 +448,24 @@
if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE )
{
total_skipped++;
- mbedtls_fprintf( stdout, "----\n" );
+ mbedtls_fprintf( stdout, "----" );
if( 1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE )
{
- mbedtls_fprintf( stdout, " Test Suite not enabled" );
+ mbedtls_fprintf( stdout, "\n Test Suite not enabled" );
}
if( 1 == option_verbose && unmet_dep_count > 0 )
{
- mbedtls_fprintf( stdout, " Unmet dependencies: " );
+ mbedtls_fprintf( stdout, "\n Unmet dependencies: " );
for( i = 0; i < unmet_dep_count; i++ )
{
mbedtls_fprintf(stdout, "%s ",
unmet_dependencies[i]);
free(unmet_dependencies[i]);
}
- mbedtls_fprintf( stdout, "\n" );
}
+ mbedtls_fprintf( stdout, "\n" );
fflush( stdout );
unmet_dep_count = 0;
@@ -489,22 +489,22 @@
else if( ret == DISPATCH_INVALID_TEST_DATA )
{
mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" );
- fclose(file);
+ fclose( file );
mbedtls_exit( 2 );
}
else
total_errors++;
- if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
+ if( ( ret = get_line( file, buf, sizeof( buf ) ) ) != 0 )
break;
- if( strlen(buf) != 0 )
+ if( strlen( buf ) != 0 )
{
mbedtls_fprintf( stderr, "Should be empty %d\n",
- (int) strlen(buf) );
+ (int) strlen( buf ) );
return( 1 );
}
}
- fclose(file);
+ fclose( file );
/* In case we encounter early end of file */
for( i = 0; i < unmet_dep_count; i++ )
@@ -535,4 +535,3 @@
return( total_errors != 0 );
}
-
diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data
index e0dfae3..5cff399 100644
--- a/tests/suites/test_suite_entropy.data
+++ b/tests/suites/test_suite_entropy.data
@@ -34,10 +34,10 @@
Entropy threshold #2
entropy_threshold:32:1:32
-Entropy thershold #3
+Entropy threshold #3
entropy_threshold:16:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
-Entropy thershold #4
+Entropy threshold #4
entropy_threshold:1024:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Check NV seed standard IO
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 97a21bc..2bab796 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -163,7 +163,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG */
void entropy_func_len( int len, int ret )
{
mbedtls_entropy_context ctx;
@@ -224,7 +224,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG */
void entropy_threshold( int threshold, int chunk_size, int result )
{
mbedtls_entropy_context ctx;
@@ -377,7 +377,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
+/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG:MBEDTLS_SELF_TEST */
void entropy_selftest( int result )
{
TEST_ASSERT( mbedtls_entropy_self_test( 1 ) == result );
diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data
index 065e4a2..77546c5 100644
--- a/tests/suites/test_suite_pem.data
+++ b/tests/suites/test_suite_pem.data
@@ -17,11 +17,22 @@
mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n"
PEM read (DES-EDE3-CBC + invalid iv)
-mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV
PEM read (DES-CBC + invalid iv)
-mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV
PEM read (unknown encryption algorithm)
-mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
+PEM read (malformed PEM DES-CBC)
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+
+PEM read (malformed PEM DES-EDE3-CBC)
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
+mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+
+PEM read (malformed PEM AES-128-CBC)
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index 5e02210..c24595d 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -1,6 +1,8 @@
/* BEGIN_HEADER */
#include "mbedtls/base64.h"
#include "mbedtls/pem.h"
+#include "mbedtls/des.h"
+#include "mbedtls/aes.h"
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
@@ -35,16 +37,19 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_AES_C:MBEDTLS_DES_C:MBEDTLS_MD5_C:MBEDTLS_CIPHER_MODE_CBC */
-void mbedtls_pem_read_buffer( char *header, char *footer, char *data, int ret )
+void mbedtls_pem_read_buffer( char *header, char *footer, char *data,
+ char *pwd, int res )
{
mbedtls_pem_context ctx;
+ int ret;
size_t use_len = 0;
+ size_t pwd_len = strlen( pwd );
mbedtls_pem_init( &ctx );
- TEST_ASSERT( mbedtls_pem_read_buffer( &ctx, header, footer,
- (const unsigned char *)data, NULL, 0,
- &use_len ) == ret );
+ ret = mbedtls_pem_read_buffer( &ctx, header, footer, (unsigned char *)data,
+ (unsigned char *)pwd, pwd_len, &use_len );
+ TEST_ASSERT( ret == res );
exit:
mbedtls_pem_free( &ctx );
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 9c0edbb..df7c140 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -12,95 +12,355 @@
Parse RSA Key #4 (DES Encrypted)
depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/keyfile.des":"testkey":0
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_des.pem":"testkey":0
Parse RSA Key #5 (3DES Encrypted)
depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/keyfile.3des":"testkey":0
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_3des.pem":"testkey":0
Parse RSA Key #6 (AES-128 Encrypted)
depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/keyfile.aes128":"testkey":0
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_aes128.pem":"testkey":0
Parse RSA Key #7 (AES-192 Encrypted)
depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/keyfile.aes192":"testkey":0
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_aes192.pem":"testkey":0
Parse RSA Key #8 (AES-256 Encrypted)
depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/keyfile.aes256":"testkey":0
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_aes256.pem":"testkey":0
-Parse RSA Key #9 (PKCS#8 wrapped)
+Parse RSA Key #9 (2048-bit, DES Encrypted)
+depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_des.pem":"testkey":0
+
+Parse RSA Key #10 (2048-bit, 3DES Encrypted)
+depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_3des.pem":"testkey":0
+
+Parse RSA Key #11 (2048-bit, AES-128 Encrypted)
+depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_aes128.pem":"testkey":0
+
+Parse RSA Key #12 (2048-bit, AES-192 Encrypted)
+depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_aes192.pem":"testkey":0
+
+Parse RSA Key #13 (2048-bit, AES-256 Encrypted)
+depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_aes256.pem":"testkey":0
+
+Parse RSA Key #14 (4096-bit, DES Encrypted)
+depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_des.pem":"testkey":0
+
+Parse RSA Key #15 (4096-bit, 3DES Encrypted)
+depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_3des.pem":"testkey":0
+
+Parse RSA Key #16 (4096-bit, AES-128 Encrypted)
+depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_aes128.pem":"testkey":0
+
+Parse RSA Key #17 (4096-bit, AES-192 Encrypted)
+depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_aes192.pem":"testkey":0
+
+Parse RSA Key #18 (4096-bit, AES-256 Encrypted)
+depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_aes256.pem":"testkey":0
+
+Parse RSA Key #19 (PKCS#8 wrapped)
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C
pk_parse_keyfile_rsa:"data_files/format_gen.key":"":0
-Parse RSA Key #10 (PKCS#8 encrypted SHA1-3DES)
+Parse RSA Key #20 (PKCS#8 encrypted SHA1-3DES)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTest":0
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem":"PolarSSLTest":0
-Parse RSA Key #10.1 (PKCS#8 encrypted SHA1-3DES, wrong PW)
+Parse RSA Key #20.1 (PKCS#8 encrypted SHA1-3DES, wrong PW)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
-Parse RSA Key #10.2 (PKCS#8 encrypted SHA1-3DES, no PW)
+Parse RSA Key #20.2 (PKCS#8 encrypted SHA1-3DES, no PW)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
-Parse RSA Key #11 (PKCS#8 encrypted SHA1-3DES DER)
+Parse RSA Key #21 (PKCS#8 encrypted SHA1-3DES, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"PolarSSLTest":0
+
+Parse RSA Key #21.1 (PKCS#8 encrypted SHA1-3DES, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #21.2 (PKCS#8 encrypted SHA1-3DES, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTest":0
+
+Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.der":"PolarSSLTest":0
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_3des.der":"PolarSSLTest":0
-Parse RSA Key #12 (PKCS#8 encrypted SHA1-2DES)
+Parse RSA Key #24 (PKCS#8 encrypted SHA1-3DES DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_3des.der":"PolarSSLTest":0
+
+Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_3des.der":"PolarSSLTest":0
+
+Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSSLTest":0
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem":"PolarSSLTest":0
-Parse RSA Key #12.1 (PKCS#8 encrypted SHA1-2DES, wrong PW)
+Parse RSA Key #26.1 (PKCS#8 encrypted SHA1-2DES, wrong PW)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
-Parse RSA Key #12.2 (PKCS#8 encrypted SHA1-2DES, no PW)
+Parse RSA Key #26.2 (PKCS#8 encrypted SHA1-2DES, no PW)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
-Parse RSA Key #13 (PKCS#8 encrypted SHA1-RC4-128)
+Parse RSA Key #27 (PKCS#8 encrypted SHA1-2DES, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"PolarSSLTest":0
+
+Parse RSA Key #27.1 (PKCS#8 encrypted SHA1-2DES, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #27.2 (PKCS#8 encrypted SHA1-2DES, 2048-bit no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSSLTest":0
+
+Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_2des.der":"PolarSSLTest":0
+
+Parse RSA Key #30 (PKCS#8 encrypted SHA1-2DES DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_2des.der":"PolarSSLTest":0
+
+Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0
+
+Parse RSA Key #32 (PKCS#8 encrypted SHA1-RC4-128)
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTest":0
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem":"PolarSSLTest":0
-Parse RSA Key #13.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW)
+Parse RSA Key #32.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW)
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
-Parse RSA Key #13.2 (PKCS#8 encrypted SHA1-RC4-128, no PW)
+Parse RSA Key #32.2 (PKCS#8 encrypted SHA1-RC4-128, no PW)
depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
-Parse RSA Key #14 (PKCS#8 encrypted v2 PBDFK2 3DES)
+Parse RSA Key #33 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit)
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem":"PolarSSLTest":0
+
+Parse RSA Key #33.1 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, wrong PW)
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #33.2 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, no PW)
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #34 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit)
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"PolarSSLTest":0
+
+Parse RSA Key #34.1 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, wrong PW)
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #34.2 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, no PW)
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #35 (PKCS#8 encrypted SHA1-RC4-128 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der":"PolarSSLTest":0
+
+Parse RSA Key #36 (PKCS#8 encrypted SHA1-RC4-128 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der":"PolarSSLTest":0
+
+Parse RSA Key #37 (PKCS#8 encrypted SHA1-RC4-128 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der":"PolarSSLTest":0
+
+Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTest":0
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTest":0
-Parse RSA Key #15 (PKCS#8 encrypted v2 PBDFK2 3DES, wrong PW)
+Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBKDF2 3DES, wrong PW)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
-Parse RSA Key #16 (PKCS#8 encrypted v2 PBDFK2 3DES, no PW)
+Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBKDF2 3DES, no PW)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
-Parse RSA Key #17 (PKCS#8 encrypted v2 PBDFK2 3DES DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTest":0
-
-Parse RSA Key #18 (PKCS#8 encrypted v2 PBDFK2 3DES DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
-
-Parse RSA Key #19 (PKCS#8 encrypted v2 PBDFK2 3DES DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Parse RSA Key #20 (PKCS#8 encrypted v2 PBDFK2 DES)
+Parse RSA Key #39 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit)
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
-pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTest":0
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"PolarSSLTest":0
+
+Parse RSA Key #39.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #39.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0
+
+Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"PolarSSLTest":0
+
+Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #42 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"PolarSSLTest":0
+
+Parse RSA Key #42.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #42.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0
+
+Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"PolarSSLTest":0
+
+Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBKDF2 DES, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBKDF2 DES, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #45 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"PolarSSLTest":0
+
+Parse RSA Key #45.1 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #45.2 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0
+
+Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"PolarSSLTest":0
+
+Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #48 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"PolarSSLTest":0
+
+Parse RSA Key #48.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #48.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0
+
+Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse Public RSA Key #1 (PKCS#8 wrapped)
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index d48bc85..270e2d9 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -8,6 +8,7 @@
#include "mbedtls/sha512.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -658,7 +659,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
+/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
{
mbedtls_rsa_context ctx;
@@ -667,13 +668,12 @@
const char *pers = "test_suite_rsa";
mbedtls_ctr_drbg_init( &ctr_drbg );
-
mbedtls_entropy_init( &entropy );
+ mbedtls_rsa_init ( &ctx, 0, 0 );
+
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers, strlen( pers ) ) == 0 );
- mbedtls_rsa_init( &ctx, 0, 0 );
-
TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result );
if( result == 0 )
{
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index b8c902e..d4cc11a 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1670,3 +1670,18 @@
depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
+X509 Get time (Generalized Time, year multiple of 100 but not 400 is not a leap year)
+depends_on:MBEDTLS_X509_USE_C
+x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
+
+X509 Get time (Generalized Time, year multiple of 4 but not 100 is a leap year)
+depends_on:MBEDTLS_X509_USE_C
+x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0
+
+X509 Get time (Generalized Time, year multiple of 400 is a leap year)
+depends_on:MBEDTLS_X509_USE_C
+x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0
+
+X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400)
+depends_on:MBEDTLS_X509_USE_C
+x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index d4d2a98..5b54d85 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -44,19 +44,35 @@
Certificate write check Server1 SHA1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:-1:"data_files/server1.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0
Certificate write check Server1 SHA1, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0
Certificate write check Server1 SHA1, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0
Certificate write check Server1 SHA1, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
+
+Certificate write check Server1 SHA1, RSA_ALT
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":1
+
+Certificate write check Server1 SHA1, RSA_ALT, key_usage
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
+
+Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":1
+
+Certificate write check Server1 SHA1, RSA_ALT, version 1
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
X509 String to Names #1
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 89be31f..ca76e86 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -3,6 +3,30 @@
#include "mbedtls/x509_csr.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
+#include "mbedtls/rsa.h"
+
+#if defined(MBEDTLS_RSA_C)
+int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
+ const unsigned char *input, unsigned char *output,
+ size_t output_max_len )
+{
+ return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
+ input, output, output_max_len ) );
+}
+int mbedtls_rsa_sign_func( void *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+ int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
+ const unsigned char *hash, unsigned char *sig )
+{
+ return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
+ md_alg, hashlen, hash, sig ) );
+}
+size_t mbedtls_rsa_key_len_func( void *ctx )
+{
+ return( ((const mbedtls_rsa_context *) ctx)->len );
+}
+#endif /* MBEDTLS_RSA_C */
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -39,7 +63,7 @@
if( cert_type != 0 )
TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
- ret = mbedtls_x509write_csr_pem( &req, buf, sizeof(buf),
+ ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == 0 );
@@ -75,10 +99,12 @@
char *subject_name, char *issuer_key_file,
char *issuer_pwd, char *issuer_name,
char *serial_str, char *not_before, char *not_after,
- int md_type, int key_usage, int cert_type, int ver,
- char *cert_check_file )
+ int md_type, int key_usage, int cert_type, int auth_ident,
+ int ver, char *cert_check_file, int rsa_alt )
{
- mbedtls_pk_context subject_key, issuer_key;
+ mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
+ mbedtls_pk_context *key = &issuer_key;
+
mbedtls_x509write_cert crt;
unsigned char buf[4096];
unsigned char check_buf[5000];
@@ -91,68 +117,89 @@
memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
mbedtls_mpi_init( &serial );
+
mbedtls_pk_init( &subject_key );
- mbedtls_pk_init( &issuer_key );
+ mbedtls_pk_init( &issuer_key );
+ mbedtls_pk_init( &issuer_key_alt );
+
+ mbedtls_x509write_crt_init( &crt );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
subject_pwd ) == 0 );
+
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
issuer_pwd ) == 0 );
+
+ /* For RSA PK contexts, create a copy as an alternative RSA context. */
+ if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
+ {
+ TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt,
+ mbedtls_pk_rsa( issuer_key ),
+ mbedtls_rsa_decrypt_func,
+ mbedtls_rsa_sign_func,
+ mbedtls_rsa_key_len_func ) == 0 );
+
+ key = &issuer_key_alt;
+ }
+
TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 );
- mbedtls_x509write_crt_init( &crt );
if( ver != -1 )
mbedtls_x509write_crt_set_version( &crt, ver );
+
TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 );
TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before,
- not_after ) == 0 );
+ not_after ) == 0 );
mbedtls_x509write_crt_set_md_alg( &crt, md_type );
TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
mbedtls_x509write_crt_set_subject_key( &crt, &subject_key );
- mbedtls_x509write_crt_set_issuer_key( &crt, &issuer_key );
+
+ mbedtls_x509write_crt_set_issuer_key( &crt, key );
if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 )
{
TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
- TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
+ if( auth_ident )
+ TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
if( key_usage != 0 )
TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
if( cert_type != 0 )
TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
}
- ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof(buf),
- rnd_pseudo_rand, &rnd_info );
+ ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ),
+ rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == 0 );
pem_len = strlen( (char *) buf );
f = fopen( cert_check_file, "r" );
TEST_ASSERT( f != NULL );
- olen = fread( check_buf, 1, sizeof(check_buf), f );
+ olen = fread( check_buf, 1, sizeof( check_buf ), f );
fclose( f );
- TEST_ASSERT( olen < sizeof(check_buf) );
+ TEST_ASSERT( olen < sizeof( check_buf ) );
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ),
- rnd_pseudo_rand, &rnd_info );
+ rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( der_len >= 0 );
if( der_len == 0 )
goto exit;
ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
- rnd_pseudo_rand, &rnd_info );
+ rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
exit:
mbedtls_x509write_crt_free( &crt );
- mbedtls_pk_free( &issuer_key );
+ mbedtls_pk_free( &issuer_key_alt );
mbedtls_pk_free( &subject_key );
+ mbedtls_pk_free( &issuer_key );
mbedtls_mpi_free( &serial );
}
/* END_CASE */
