lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-24 13:32:59 +03:00
Code Activity
33,349 Commits 176 Branches 276 Tags
2584eaddf919af004f34e42f94589edb83f68ed4
Commit Graph

107 Commits

Author SHA1 Message Date
Gilles Peskine
cd4c0d7b00 Move OID string definitions back to mbedtls/oid.h 
Some code that parses or writes X.509 needs to know OID values. We provide a
convenient list. Don't remove this list from the public interface of the
library.

For user convenience, expose these values in the same header as before and
with the same name as before: `MBEDTLS_OID_xxx` in `<mbedtls/oid.h>`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-03 15:51:34 +02:00
Gilles Peskine
47f1d7be95 Replace MBEDTLS_ERR_OID_BUF_TOO_SMALL with PSA_ERROR_BUFFER_TOO_SMALL 
Remove the definition of `MBEDTLS_ERR_OID_BUF_TOO_SMALL` in `x509_oid.h`,
and use the corresponding PSA error instead.

```
git grep -l MBEDTLS_ERR_OID_BUF_TOO_SMALL | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_BUF_TOO_SMALL\b/PSA_ERROR_BUFFER_TOO_SMALL/p'
edit library/x509_oid.h
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-03 15:51:34 +02:00
Gilles Peskine
86a47f85fa Switch to "x509_oid.h" in code that uses OID functions 
Keep "mbedtls/oid.h" in code that only uses OID macros.

```
git grep -l mbedtls_oid_ '**/*.[hc]' tests/suites/*.function | xargs perl -i -pe 's!["<]mbedtls/oid\.h[">]!"x509_oid.h"!g'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-06-03 15:51:34 +02:00
Harry Ramsey
0f6bc41a22 Update includes for each library file 
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-10-09 11:18:50 +01:00
Harry Ramsey
3b71262750 Remove MBEDTLS_OID_C guard from static functions 
This commit removes the MBEDTLS_OID_C guard from the static functions in
the library/x509_create.c as this function is no longer included in the
oid.c file.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-09-26 11:38:25 +01:00
Sam Berry
3da783b468 Move static OID functions to x509.c 
This commit moves static functions that are necessary for
mbedtls_oid_get_numeric_string and mbedtls_oid_from_numeric_string from
oid.c to x509.c

Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-09-18 21:23:17 +01:00
Sam Berry
c71abc3fd3 Move mbedtls_oid_from_numeric_string to x509_create.c 
This commit moves the mbedtls_oid_from_numeric_string function
definition from oid.c to x509_create.c

Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-09-18 21:23:17 +01:00
Valerio Setti
25b282ebfe x509: move internal functions declarations to a private header 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-19 09:07:35 +01:00
Jonathan Winzig
5caf20ea80 Update fix to be more platform-independent 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 16:41:10 +01:00
Jonathan Winzig
05c722bfd0 Fix Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 15:20:03 +01:00
Dave Rodgman
e4a6f5a7ec Use size_t cast for pointer subtractions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-21 17:09:46 +00:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Dave Rodgman
515af1d80d Stop IAR warning about goto skipping variable definition 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 16:03:25 +01:00
Gilles Peskine
391dd7fe87 Fix propagation of return value from parse_attribute_value_hex_der_encoded 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
7f420faf03 parse_attribute_value_hex_der_encoded: clean up length validation 
Separate the fits-in-buffer check (*data_length <= data_size) from the
we-think-it's-a-sensible-size check (*data_length <=
MBEDTLS_X509_MAX_DN_NAME_SIZE).

This requires using an intermediate buffer for the DER data, since its
maximum sensible size has to be larger than the maximum sensible size for
the payload, due to the overhead of the ASN.1 tag+length.

Remove test cases focusing on the DER length since the implementation no
longer has a threshold for it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
7077781af5 Fix integer overflow with an input buffer larger than INT_MAX 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
25665781f6 Rewrite parse_attribute_value_hex_der_encoded() 
Rename the function from parse_attribute_value_der_encoded: the hex aspect
seems important.

There was a buffer overflow due to not validating that the intermediate data
fit in the stack buffer. The rewrite doesn't use this buffer, and takes care
not to overflow the buffer that it does use.

Document all that's going on.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Agathiyan Bragadeesh
a72ea814d8 Remove double blank line in x509_create.c 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-09-12 17:57:09 +01:00
Agathiyan Bragadeesh
706a1c3c3f Fix code style 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-09-08 12:04:41 +01:00
Agathiyan Bragadeesh
c34804dea2 Fix bug with checking max dn length with hexpairs 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-09-08 11:32:19 +01:00
Agathiyan Bragadeesh
fca0861e8e Add asn1 get tag and len to x509 create config 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-09-04 15:45:37 +01:00
Agathiyan Bragadeesh
a2423debcc Fix code style 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-30 16:24:31 +01:00
Agathiyan Bragadeesh
de02ee268e Refactor parse_attribute_value_string 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-30 16:12:57 +01:00
Agathiyan Bragadeesh
1aece47e8c Make hexpair_to_int take a char pointer 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-30 16:05:24 +01:00
Agathiyan Bragadeesh
e9d1c8e1eb Reword and reformat comments 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-30 15:55:31 +01:00
Agathiyan Bragadeesh
ef6abd4062 Add blank lines after variable declarations 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-30 15:55:12 +01:00
Agathiyan Bragadeesh
457ac84f01 Refactor previous fix 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-23 11:35:26 +01:00
Agathiyan Bragadeesh
4c7d7bf583 Add guard for empty AttributeValue 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-23 11:28:30 +01:00
Agathiyan Bragadeesh
15df01240d Fix code style 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 17:50:00 +01:00
Agathiyan Bragadeesh
4606bf3f38 Refactor reading AttributeValue in dn gets 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 17:29:18 +01:00
Agathiyan Bragadeesh
d9d79bb74b Rename parse_attribute_value_ber_encoded 
Now renamed to parse_attribute_value_der_encoded to be consistent with
names elsewhere

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 16:43:58 +01:00
Agathiyan Bragadeesh
ba386ec23e Remove magic number for null tag 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
12b9d7040e Remove x509_oid_from_numericoid 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
fb94702762 Add catch for alloc error x509_oid_from_numericoid 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
4294ccc608 Use mbedtls_calloc instead of calloc 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
55d93192b1 Fix oid memory leak 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
f826d1113e Reject null bytes in DER encoded values in DNs 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
eb55867520 Fix code style 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
9caaa6d967 Reject escaped null hexpairs in DNs 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
957ca0595d Accept short name/ber encoded data in DNs 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
17984874af Change error from unknown oid to invalid name 
Since the implementation no longer needs to know the oid, it makes more
sense for the error message to be an invalid name.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
f88bd5ac86 Accept any valid oid in string_to_names 
Instead of using x509_attrs, use generic oid conversion.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a7f9630925 Remove duplicate '+' in comparison string 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
e18a1789fd Use MBEDTLS_X509_MAX_DN_NAME_SIZE for buffer size 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
ee642d93a8 Format preprocessor conditionals 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
ed88eefe8e Rename in_tag to in_attr_type 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
97178f231f Fix code style in mbedtls_x509_string_to_names 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
7f639fc7ab Fix Windows x64 build errors with type conversions 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
39ba121d3a Fix memory leak in alternative code route 
If no oid is found, and x509_attr_descr_from_numericoid returns NULL,
previously the memory allocated for the oid wasn't freed.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
f818e01edb FIx memory leak in x509_attr_descr_from_numericoid; 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00