lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00
Code Activity
31,892 Commits 176 Branches 276 Tags
08ccf6ac9b9ed1fae9f2f29c89a9374be2f6fee7
Commit Graph

450 Commits

Author SHA1 Message Date
Przemek Stekiel
61aed064c5 Code optimization 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-05-08 11:15:59 +02:00
Przemek Stekiel
ed9fb78739 Fix parsing of KeyIdentifier (tag length error case) + test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-05-08 11:15:54 +02:00
Przemek Stekiel
8194285cf1 Fix parsing of authorityCertSerialNumber (use valid tags) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-05-03 16:19:16 +02:00
Andrzej Kurek
9c9880a63f Explicitly exit IPv4 parsing on a fatal error 
This makes the function flow more readable.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-03 05:06:47 -04:00
Andrzej Kurek
6f400a376e Disallow leading zeroes when parsing IPv4 addresses 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-01 06:23:42 -04:00
Przemek Stekiel
f5b8f78ad7 authorityCertIssuer and authorityCertSerialNumber MUST both be present or absent 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-26 08:57:32 +02:00
Przemek Stekiel
f4194944e8 Use do-while(0) format in macros 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-24 09:52:17 +02:00
Gilles Peskine
935a987b2b Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip 
x509 SAN IP parsing
 2023-04-21 22:00:58 +02:00
Andrzej Kurek
90117db5dc Split a complex condition into separate ones 
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-18 10:43:35 -04:00
Andrzej Kurek
8bc2cc92b5 Refactor IPv6 parsing 
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-18 07:26:27 -04:00
Andrzej Kurek
ea3e71fa37 Further refactor IPv4 parsing 
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-18 05:54:50 -04:00
Przemek Stekiel
9a7a725ee7 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-17 16:06:57 +02:00
Andrzej Kurek
6cbca6dd42 Rename a variable in ipv4 and ipv6 parsing 
Character was too elaborate.
p is used in other x509 code to step through data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:25:00 -04:00
Andrzej Kurek
0d57896f7e Refactor ipv6 parsing 
Introduce new variables to make it more readable. Clarify the calculations a bit.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:20:31 -04:00
Andrzej Kurek
7f5a1a4525 Rename ipv6 parsing variables, introduce one new one 
This way the names are more descriptive.
j was reused later on for calculation, 
num_zero_groups is used instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:20:23 -04:00
Andrzej Kurek
06969fc3a0 Introduce a test for a sw implementation of inet_pton 
Create a bypass define to simulate platforms
without AF_INET6.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:20:15 -04:00
Andrzej Kurek
13b8b780fe Improve x509_inet_pton_ipv4 readability 
Introduce descriptive variable names.
Drop the table of tens.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:19:50 -04:00
Glenn Strauss
b255e21e48 Handle endianness in x509_inet_pton_ipv6() 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:43 -04:00
Glenn Strauss
6f545acfaf Add mbedtls_x509_crt_parse_cn_inet_pton() tests 
Extended from https://github.com/Mbed-TLS/mbedtls/pull/2906
contributed by Eugene K <eugene.kobyakov@netfoundry.io>

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:42 -04:00
Glenn Strauss
416c295078 x509 crt verify local implementation to parse IP 
x509 crt verify local implementation to parse IP
if inet_pton() is not portably available

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:42 -04:00
Glenn Strauss
c26bd76020 x509 crt verify SAN iPAddress 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:42 -04:00
Valerio Setti
d4a5d461de library: add remaining changes for the new ECP_LIGHT symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Przemek Stekiel
725688b143 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 22:49:44 +02:00
Przemek Stekiel
294ec1274d Remove redundant memory relase for authorityCertIssuer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel
21903ec860 Fix after rebase 
Handle manually functions that have been moved to different locations.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel
4f3e7b934e Fix parsing of authorityCertIssuer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel
75653b1df0 Add indication of extension error while parsing authority/subject key id 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel
6ec839a1f9 x509_get_authority_key_id: add length check + test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel
3520fe6fda Use MBEDTLS_ERROR_ADD() and tag macros 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel
8a13866f65 Remove parsing of rfc822Name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel
a2939e8728 Remove duplicated function 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel
9a511c5bdf Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel
62d8f84be2 Adapt mbedtls_x509_crt_free after rebase 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
toth92g
9232e0ad84 Adding some comments for easier understand 
Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:28 +02:00
toth92g
8d435a0c8b Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type. 
Also updated the x509_get_general_names function to be able to parse rfc822Names

Test are also updated according these changes.

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:28 +02:00
toth92g
d96027acd2 Correcting documentation issues: 
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
  to avoid malfunction in case of trailing garbage

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g
a41954d0cf Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId). 
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
Tom Cosgrove
b96c309395 Don't use lstrlenW() on Windows 
The lstrlenW() function isn't available to UWP apps, and isn't necessary, since
when given -1, WideCharToMultiByte() will process the terminating null character
itself (and the length returned by the function includes this character).

Resolves #2994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-02-10 12:52:13 +00:00
Gilles Peskine
0cfb08ddf1 Merge pull request #6922 from mprse/csr_v3 
Parsing v3 extensions from a CSR - v.2
 2023-02-03 16:41:11 +01:00
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 12:40:50 +00:00
Przemek Stekiel
cf6ff0fb43 Move common functions for crt/csr parsing to x509.c 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Przemek Stekiel
db128f518c Allow empty ns_cert_type, key_usage while parsing certificates 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Przemek Stekiel
21c37288e5 Adapt function names 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Przemek Stekiel
cbaf3167dd mbedtls_x509_csr_info: Add parsing code for v3 csr extensions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Jens Alfke
2d9e359275 Parsing v3 extensions from a CSR 
A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.

Author: Jens Alfke <jens@couchbase.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:56:55 +01:00
Gilles Peskine
449bd8303e Switch to the new code style 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:50:10 +01:00
Gilles Peskine
4a480ac5a1 Merge pull request #6265 from Kabbah/x509-info-hwmodulename-hex 
`x509_info_subject_alt_name`: Render HardwareModuleName as hex
 2022-11-08 17:11:07 +01:00
Glenn Strauss
a4b4041219 Shared code to free x509 structs 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-10-28 12:51:35 -04:00
Victor Barpp Gomes
47c7a732d2 Print RFC 4108 hwSerialNum in hex format 
Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
 2022-09-29 11:34:23 -03:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part 
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-15 20:33:07 +02:00