mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-28 23:14:56 +03:00

Author	SHA1	Message	Date
Pengyu Lv	43ad9848db	Add rules to generate server10*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:35:10 +08:00
Pengyu Lv	4217429a46	Add rules to generate server8*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:30:10 +08:00
Pengyu Lv	30cd6b0964	Add rules to generate server7*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:27:20 +08:00
Jerry Yu	324a43b4ac	Add rules to generate server6.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-13 17:24:11 +08:00
Jerry Yu	fa4ef28c00	Add rules to generate server5-sha*.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-13 17:22:45 +08:00
Jerry Yu	c2d694e367	Add server5-der*crt generate command Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-13 17:20:01 +08:00
Jerry Yu	111f4353f7	Add rules to generate server5[-badsign].crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-13 17:08:45 +08:00
Pengyu Lv	be8faab205	Update server3.crt and server4.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:06:37 +08:00
Pengyu Lv	746e2d133d	Add rules to generate server4.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:05:10 +08:00
Pengyu Lv	a3d7bb8059	Add rules to generate server3.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 16:49:19 +08:00
Pengyu Lv	f287e2a528	Mark all_intermediate as intermediate files Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 16:45:11 +08:00
Jerry Yu	6df8f0ee8b	change path of mbedtls_x509_crl_parse input data - Move data_files/crl-malformed-trailing-spaces.pem->data_files/parse_input/crl-malformed-trailing-spaces.pem - Move data_files/crl-idp.pem->data_files/parse_input/crl-idp.pem - Move data_files/crl-idpnc.pem->data_files/parse_input/crl-idpnc.pem Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-01 13:30:08 +08:00
Jerry Yu	3020abb9a9	change path of mbedtls_x509_csr_info input data - Copy data_files/server1.req.md4->data_files/parse_input/server1.req.md4 - Copy data_files/server1.req.md5->data_files/parse_input/server1.req.md5 - Copy data_files/server1.req.sha1->data_files/parse_input/server1.req.sha1 - Copy data_files/server1.req.sha224->data_files/parse_input/server1.req.sha224 - Copy data_files/server1.req.sha256->data_files/parse_input/server1.req.sha256 - Copy data_files/server1.req.sha384->data_files/parse_input/server1.req.sha384 - Copy data_files/server1.req.sha512->data_files/parse_input/server1.req.sha512 - Move data_files/server1.req.commas.sha256->data_files/parse_input/server1.req.commas.sha256 - Move data_files/server5.req.sha1->data_files/parse_input/server5.req.sha1 - Move data_files/server5.req.sha224->data_files/parse_input/server5.req.sha224 - Move data_files/server5.req.sha256->data_files/parse_input/server5.req.sha256 - Move data_files/server5.req.sha384->data_files/parse_input/server5.req.sha384 - Move data_files/server5.req.sha512->data_files/parse_input/server5.req.sha512 - Move data_files/server9.req.sha1->data_files/parse_input/server9.req.sha1 - Move data_files/server9.req.sha224->data_files/parse_input/server9.req.sha224 - Move data_files/server9.req.sha256->data_files/parse_input/server9.req.sha256 - Move data_files/server9.req.sha384->data_files/parse_input/server9.req.sha384 - Move data_files/server9.req.sha512->data_files/parse_input/server9.req.sha512 - Move data_files/server1-ms.req.sha256->data_files/parse_input/server1-ms.req.sha256 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-01 13:30:08 +08:00
Jerry Yu	47dd840902	change path of x509_parse_san input data - Move data_files/server5-othername.crt->data_files/parse_input/server5-othername.crt - Move data_files/server5-nonprintable_othername.crt->data_files/parse_input/server5-nonprintable_othername.crt - Copy data_files/cert_example_multi.crt->data_files/parse_input/cert_example_multi.crt - Move data_files/multiple_san.crt->data_files/parse_input/multiple_san.crt - Copy data_files/server4.crt->data_files/parse_input/server4.crt - Move data_files/server5-unsupported_othername.crt->data_files/parse_input/server5-unsupported_othername.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-01 13:30:07 +08:00
Jerry Yu	19c0478c6e	change path of x509parse_crt_file input data - Move data_files/server1_pathlen_int_max.crt->data_files/parse_input/server1_pathlen_int_max.crt - Move data_files/server1_pathlen_int_max-1.crt->data_files/parse_input/server1_pathlen_int_max-1.crt - Copy data_files/server7_int-ca.crt->data_files/parse_input/server7_int-ca.crt - Move data_files/server7_pem_space.crt->data_files/parse_input/server7_pem_space.crt - Move data_files/server7_all_space.crt->data_files/parse_input/server7_all_space.crt - Move data_files/server7_trailing_space.crt->data_files/parse_input/server7_trailing_space.crt - Move data_files/cli-rsa-sha256-badalg.crt.der->data_files/parse_input/cli-rsa-sha256-badalg.crt.der Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-01 13:30:06 +08:00
Jerry Yu	e42257c660	change path of x509_cert_info input data - Copy data_files/server1.crt->data_files/parse_input/server1.crt - Move data_files/server1.crt.der->data_files/parse_input/server1.crt.der - Copy data_files/server2.crt->data_files/parse_input/server2.crt - Move data_files/server2.crt.der->data_files/parse_input/server2.crt.der - Copy data_files/test-ca.crt->data_files/parse_input/test-ca.crt - Move data_files/test-ca.crt.der->data_files/parse_input/test-ca.crt.der - Copy data_files/cert_md2.crt->data_files/parse_input/cert_md2.crt - Copy data_files/cert_md4.crt->data_files/parse_input/cert_md4.crt - Copy data_files/cert_md5.crt->data_files/parse_input/cert_md5.crt - Copy data_files/cert_sha1.crt->data_files/parse_input/cert_sha1.crt - Copy data_files/cert_sha224.crt->data_files/parse_input/cert_sha224.crt - Copy data_files/cert_sha256.crt->data_files/parse_input/cert_sha256.crt - Copy data_files/cert_sha384.crt->data_files/parse_input/cert_sha384.crt - Copy data_files/cert_sha512.crt->data_files/parse_input/cert_sha512.crt - Copy data_files/server9.crt->data_files/parse_input/server9.crt - Copy data_files/server9-sha224.crt->data_files/parse_input/server9-sha224.crt - Copy data_files/server9-sha256.crt->data_files/parse_input/server9-sha256.crt - Copy data_files/server9-sha384.crt->data_files/parse_input/server9-sha384.crt - Copy data_files/server9-sha512.crt->data_files/parse_input/server9-sha512.crt - Copy data_files/server5-sha1.crt->data_files/parse_input/server5-sha1.crt - Copy data_files/server5-sha224.crt->data_files/parse_input/server5-sha224.crt - Copy data_files/server5.crt->data_files/parse_input/server5.crt - Copy data_files/server5-sha384.crt->data_files/parse_input/server5-sha384.crt - Copy data_files/server5-sha512.crt->data_files/parse_input/server5-sha512.crt - Copy data_files/server5-othername.crt->data_files/parse_input/server5-othername.crt - Copy data_files/server5-nonprintable_othername.crt->data_files/parse_input/server5-nonprintable_othername.crt - Move data_files/server5-fan.crt->data_files/parse_input/server5-fan.crt - Copy data_files/server1.cert_type.crt->data_files/parse_input/server1.cert_type.crt - Copy data_files/server1.key_usage.crt->data_files/parse_input/server1.key_usage.crt - Copy data_files/keyUsage.decipherOnly.crt->data_files/parse_input/keyUsage.decipherOnly.crt - Copy data_files/cert_example_multi.crt->data_files/parse_input/cert_example_multi.crt - Copy data_files/multiple_san.crt->data_files/parse_input/multiple_san.crt - Copy data_files/cert_example_multi_nocn.crt->data_files/parse_input/cert_example_multi_nocn.crt - Move data_files/test-ca-any_policy.crt->data_files/parse_input/test-ca-any_policy.crt - Move data_files/test-ca-any_policy_ec.crt->data_files/parse_input/test-ca-any_policy_ec.crt - Move data_files/test-ca-any_policy_with_qualifier.crt->data_files/parse_input/test-ca-any_policy_with_qualifier.crt - Move data_files/test-ca-any_policy_with_qualifier_ec.crt->data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt - Move data_files/test-ca-multi_policy.crt->data_files/parse_input/test-ca-multi_policy.crt - Move data_files/test-ca-multi_policy_ec.crt->data_files/parse_input/test-ca-multi_policy_ec.crt - Move data_files/test-ca-unsupported_policy.crt->data_files/parse_input/test-ca-unsupported_policy.crt - Move data_files/test-ca-unsupported_policy_ec.crt->data_files/parse_input/test-ca-unsupported_policy_ec.crt - Move data_files/server1.ext_ku.crt->data_files/parse_input/server1.ext_ku.crt - Copy data_files/server4.crt->data_files/parse_input/server4.crt - Copy data_files/server3.crt->data_files/parse_input/server3.crt - Move data_files/bitstring-in-dn.pem->data_files/parse_input/bitstring-in-dn.pem - Move data_files/non-ascii-string-in-issuer.crt->data_files/parse_input/non-ascii-string-in-issuer.crt - Move data_files/cert_v1_with_ext.crt->data_files/parse_input/cert_v1_with_ext.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-01 13:30:06 +08:00
Jerry Yu	5d04321361	change path of mbedtls_x509_crl_info input data - Copy data_files/crl_expired.pem->data_files/parse_input/crl_expired.pem - Move data_files/crl_md2.pem->data_files/parse_input/crl_md2.pem - Move data_files/crl_md4.pem->data_files/parse_input/crl_md4.pem - Move data_files/crl_md5.pem->data_files/parse_input/crl_md5.pem - Move data_files/crl_sha1.pem->data_files/parse_input/crl_sha1.pem - Move data_files/crl_sha224.pem->data_files/parse_input/crl_sha224.pem - Copy data_files/crl_sha256.pem->data_files/parse_input/crl_sha256.pem - Move data_files/crl_sha384.pem->data_files/parse_input/crl_sha384.pem - Move data_files/crl_sha512.pem->data_files/parse_input/crl_sha512.pem - Copy data_files/crl-rsa-pss-sha1.pem->data_files/parse_input/crl-rsa-pss-sha1.pem - Copy data_files/crl-rsa-pss-sha224.pem->data_files/parse_input/crl-rsa-pss-sha224.pem - Copy data_files/crl-rsa-pss-sha256.pem->data_files/parse_input/crl-rsa-pss-sha256.pem - Copy data_files/crl-rsa-pss-sha384.pem->data_files/parse_input/crl-rsa-pss-sha384.pem - Copy data_files/crl-rsa-pss-sha512.pem->data_files/parse_input/crl-rsa-pss-sha512.pem - Copy data_files/crl-ec-sha1.pem->data_files/parse_input/crl-ec-sha1.pem - Move data_files/crl-ec-sha224.pem->data_files/parse_input/crl-ec-sha224.pem - Copy data_files/crl-ec-sha256.pem->data_files/parse_input/crl-ec-sha256.pem - Move data_files/crl-ec-sha384.pem->data_files/parse_input/crl-ec-sha384.pem - Move data_files/crl-ec-sha512.pem->data_files/parse_input/crl-ec-sha512.pem Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-01 13:30:03 +08:00
Andrzej Kurek	8985146f03	Fix wrong makefile target Missing tab and a prerequisite that's not a file Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-22 09:48:30 -04:00
Mukesh Bharsakle	2599a71c74	updating test-ca.key to use AES instead of DES	2023-05-10 12:12:40 +01:00
Valerio Setti	0eace4128b	pk: fixing backport issues Note: RSA is not supported in mbedtls-2.28 for opaque wrapping so it was removed from test_suite_pkwrite.data. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-02 16:38:57 +02:00
Valerio Setti	b4468c45ac	test: fix makefile for ec_pub.[der/pem] generation Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-02 16:04:46 +02:00
Valerio Setti	755582b297	fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-24 10:47:36 +02:00
Valerio Setti	f1477da185	test: pkwrite: backport of issue 7446 Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-18 16:58:22 +02:00
David Horstmann	f3fee1299e	Fix typo 'unsupoported' -> 'unsupported' Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-11-25 15:54:07 +00:00
Manuel Pégourié-Gonnard	8d8266468b	Merge pull request #6509 from valeriosetti/issue4577-backport Backport 2.28: Adding unit test for mbedtls_x509write_csr_set_extension	2022-11-15 09:39:11 +01:00
Valerio Setti	d3f7df4b8a	Adding unit test for mbedtls_x509write_csr_set_extension() The already existing "x509_csr_check()" function is extended in order to support/test also CSR's extensions. The test is performed by adding an extended key usage. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-14 13:32:48 +01:00
Gilles Peskine	cb492102bf	Merge pull request #6380 from Kabbah/backport2.28-x509-info-hwmodulename-hex [Backport 2.28] `x509_info_subject_alt_name`: Render HardwareModuleName as hex	2022-11-08 17:11:09 +01:00
Gilles Peskine	4e10fb2396	Add mbedtls_dhm_parse_dhmfile test case with DER input dh.optlen.der is the result of converting dh.optlen.pem from PEM to DER. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-25 20:07:49 +02:00
Victor Barpp Gomes	7e5426d696	Add a new test with a binary hwSerialNum Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>	2022-09-30 09:32:27 -03:00
Werner Lewis	3e005f3efc	Remove remaining bignum radix args Functions which are not covered by script, changes made to use radix 16. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-08-01 15:57:06 +01:00
Werner Lewis	02c9d3b9c2	Fix parsing of special chars in X509 DN values Use escape mechanism defined in RFC 1779 when parsing commas and other special characters in X509 DN values. Resolves failures when generating a certificate with a CSR containing a comma in subject value. Fixes #769. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-08 14:38:38 +01:00
Shaun Case	0e7791ff07	Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. Signed-off-by: Shaun Case <warmsocks@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-28 18:22:20 +01:00
Gilles Peskine	c6b0d96c31	More precise testing of dhm_min_len An SSL client can be configured to insist on a minimum size for the Diffie-Hellman (DHM) parameters sent by the server. Add several test cases where the server sends parameters with exactly the minimum size (must be accepted) or parameters that are one bit too short (must be rejected). Make sure that there are test cases both where the boundary is byte-aligned and where it isn't. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-04-01 14:18:31 +02:00
Dave Rodgman	6fbff5b557	Merge pull request #3698 from darrenkrahn/development Mark basic constraints critical as appropriate.	2021-01-17 18:06:18 +00:00
Darren Krahn	9c134cef35	Add build instructions for new test data. Signed-off-by: Darren Krahn <dkrahn@google.com>	2021-01-13 22:04:45 -08:00
Gilles Peskine	a282984c3d	Merge pull request #773 from paul-elliott-arm/discrepancy_cert Add missing tag check to signature check on certificate load	2020-12-03 12:19:39 +01:00
Paul Elliott	ca17ebfbc0	Add tag check to cert algorithm check Add missing tag check for algorithm parameters when comparing the signature in the description part of the cert against the actual signature whilst loading a certificate. This was found by a certificate (created by fuzzing) that openssl would not verify, but mbedtls would. Regression test added (one of the client certs modified accordingly) Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2020-11-26 16:34:16 +00:00
David Brown	3bea9f61e6	Add a context-info.sh test for 0xFF chars Add a non-regression test for ssl_context_info to ensure the base64 decoder doesn't stop processing when it encounters a 0xFF character. Signed-off-by: David Brown <david.brown@linaro.org>	2020-10-20 13:35:21 -06:00
Ronald Cron	8f24a8bb34	Merge pull request #3595 from gilles-peskine-arm/cert-gen-cleanup-202008-development Minor cleanups in certificate generation	2020-10-15 13:32:53 +02:00
Gilles Peskine	1803563572	Fix "make -C tests/data_files -f ..." The toplevel directory is actually just ../..: the makefile commands are executed in the subdirectory. $(PWD) earlier was wrong because it comes from the shell, not from make. Looking up $(MAKEFILE_LIST) is wrong because it indicates where the makefile is (make -f), not which directory to work in (make -C). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-09-24 16:36:04 +02:00
Darren Krahn	e560be3ab4	Mark basic constraints critical as appropriate. Per RFC 5280 4.2.1.9 if the 'cA' field is set to true, the extension must be marked critical. Signed-off-by: Darren Krahn <dkrahn@google.com>	2020-09-21 18:25:35 -07:00
Gilles Peskine	9e4d4387f0	Merge pull request #3433 from raoulstrackx/raoul/verify_crl_without_time Always revoke certificate on CRL	2020-08-26 12:56:11 +02:00
Manuel Pégourié-Gonnard	6edfe60e0d	Merge pull request #2182 from hanno-arm/key_pwd Add support for password protected key files to ssl_server2 and ssl_client2	2020-08-24 09:42:38 +02:00
Gilles Peskine	0f38590edf	Commit the intermediate files cert_md.csr They are used to generate cert_md.crt. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-08-21 20:47:52 +02:00
Gilles Peskine	d1ff7579c8	Fix "make -C tests/data_files" It wasn't working when invoking programs/x509/cert_write or programs/x509/cert_req due to relying on the current directory rather than the location of the makefile. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-08-21 20:43:32 +02:00
Bence Szépkúti	1e14827beb	Update copyright notices to use Linux Foundation guidance As a result, the copyright of contributors other than Arm is now acknowledged, and the years of publishing are no longer tracked in the source files. Also remove the now-redundant lines declaring that the files are part of MbedTLS. This commit was generated using the following script: # ======================== #!/bin/sh # Find files find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print \| xargs sed -bi ' # Replace copyright attribution line s/Copyright.Arm./Copyright The Mbed TLS Contributors/I # Remove redundant declaration and the preceding line $!N /This file is part of Mbed TLS/Id P D ' # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2020-08-19 10:35:41 +02:00
Hanno Becker	226eedb5f3	Add password protected version of key for data_files/server{2,5}.key Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2020-08-17 12:14:00 +01:00
Raoul Strackx	a4e86141f1	Always revoke certificate on CRL RFC5280 does not state that the `revocationDate` should be checked. In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all. https://tools.ietf.org/html/rfc5280 Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>	2020-08-17 09:05:03 +02:00
Manuel Pégourié-Gonnard	7d2a4d873f	Add test: DNS names should not match IP addresses Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2020-08-11 10:23:52 +02:00
Bence Szépkúti	c7da1fe381	Add Apache-2.0 headers to all scripts This commit was generated using the following script: # ======================== #!/bin/sh # Find scripts find -path './.git' -prune -o '(' -name '.gdb' -o -name '.pl' -o -name '.py' -o -name '.sh' ')' -print \| xargs sed -i ' # Remove Mbed TLS declaration if it occurs before the copyright line 1,/Copyright.Arm/I { /This file is part of/,$ { /Copyright.Arm/I! d } } # Convert non-standard header in scripts/abi_check.py to the format used in the other scripts /"""/,/"""/ { # Cut copyright declaration /Copyright.Arm/I { h N d } # Paste copyright declaration /"""/ { x /./ { s/^/# / # Add # x # Replace orignal buffer with Copyright declaration p # Print original buffer, insert newline i\ s/.// # Clear original buffer } x } } /Copyright.*Arm/I { # Print copyright declaration p # Read the two lines immediately following the copyright declaration N N # Insert Apache header if it is missing /SPDX/! { i\ # SPDX-License-Identifier: Apache-2.0\ #\ # Licensed under the Apache License, Version 2.0 (the "License"); you may\ # not use this file except in compliance with the License.\ # You may obtain a copy of the License at\ #\ # http://www.apache.org/licenses/LICENSE-2.0\ #\ # Unless required by applicable law or agreed to in writing, software\ # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\ # See the License for the specific language governing permissions and\ # limitations under the License. # Insert Mbed TLS declaration if it is missing /This file is part of/! i\ #\ # This file is part of Mbed TLS (https://tls.mbed.org) } # Clear copyright declaration from buffer D } ' # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2020-06-15 12:05:47 +02:00

1 2 3 4 5

237 Commits