452 Commits

Author	SHA1	Message	Date
Andrzej Kurek	199eab97e7	Add partial support for URI SubjectAltNames ... Only exact matching without normalization is supported. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-10 09:57:19 -04:00
Gilles Peskine	97edeb4fb8	Merge pull request #6866 from mprse/extract-key-ids ... Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2	2023-05-08 20:38:29 +02:00
Przemek Stekiel	61aed064c5	Code optimization ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-05-08 11:15:59 +02:00
Przemek Stekiel	ed9fb78739	Fix parsing of KeyIdentifier (tag length error case) + test ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-05-08 11:15:54 +02:00
Przemek Stekiel	8194285cf1	Fix parsing of authorityCertSerialNumber (use valid tags) ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-05-03 16:19:16 +02:00
Andrzej Kurek	9c9880a63f	Explicitly exit IPv4 parsing on a fatal error ... This makes the function flow more readable. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-03 05:06:47 -04:00
Andrzej Kurek	6f400a376e	Disallow leading zeroes when parsing IPv4 addresses ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-01 06:23:42 -04:00
Przemek Stekiel	f5b8f78ad7	authorityCertIssuer and authorityCertSerialNumber MUST both be present or absent ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-26 08:57:32 +02:00
Przemek Stekiel	f4194944e8	Use do-while(0) format in macros ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-24 09:52:17 +02:00
Gilles Peskine	935a987b2b	Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip ... x509 SAN IP parsing	2023-04-21 22:00:58 +02:00
Andrzej Kurek	90117db5dc	Split a complex condition into separate ones ... Make it more readable Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-04-18 10:43:35 -04:00
Andrzej Kurek	8bc2cc92b5	Refactor IPv6 parsing ... Make it more readable Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-04-18 07:26:27 -04:00
Andrzej Kurek	ea3e71fa37	Further refactor IPv4 parsing ... Make it more readable Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-04-18 05:54:50 -04:00
Przemek Stekiel	9a7a725ee7	Fix code style ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-17 16:06:57 +02:00
Andrzej Kurek	6cbca6dd42	Rename a variable in ipv4 and ipv6 parsing ... Character was too elaborate. p is used in other x509 code to step through data. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-04-13 09:25:00 -04:00
Andrzej Kurek	0d57896f7e	Refactor ipv6 parsing ... Introduce new variables to make it more readable. Clarify the calculations a bit. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-04-13 09:20:31 -04:00
Andrzej Kurek	7f5a1a4525	Rename ipv6 parsing variables, introduce one new one ... This way the names are more descriptive. j was reused later on for calculation, num_zero_groups is used instead. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-04-13 09:20:23 -04:00
Andrzej Kurek	06969fc3a0	Introduce a test for a sw implementation of inet_pton ... Create a bypass define to simulate platforms without AF_INET6. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-04-13 09:20:15 -04:00
Andrzej Kurek	13b8b780fe	Improve x509_inet_pton_ipv4 readability ... Introduce descriptive variable names. Drop the table of tens. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-04-13 09:19:50 -04:00
Glenn Strauss	b255e21e48	Handle endianness in x509_inet_pton_ipv6() ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2023-04-11 08:29:43 -04:00
Glenn Strauss	6f545acfaf	Add mbedtls_x509_crt_parse_cn_inet_pton() tests ... Extended from https://github.com/Mbed-TLS/mbedtls/pull/2906 contributed by Eugene K <eugene.kobyakov@netfoundry.io> Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2023-04-11 08:29:42 -04:00
Glenn Strauss	416c295078	x509 crt verify local implementation to parse IP ... x509 crt verify local implementation to parse IP if inet_pton() is not portably available Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2023-04-11 08:29:42 -04:00
Glenn Strauss	c26bd76020	x509 crt verify SAN iPAddress ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2023-04-11 08:29:42 -04:00
Valerio Setti	d4a5d461de	library: add remaining changes for the new ECP_LIGHT symbol ... Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 11:33:50 +02:00
Przemek Stekiel	725688b143	Fix code style ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 22:49:44 +02:00
Przemek Stekiel	294ec1274d	Remove redundant memory relase for authorityCertIssuer ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	21903ec860	Fix after rebase ... Handle manually functions that have been moved to different locations. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	4f3e7b934e	Fix parsing of authorityCertIssuer ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	75653b1df0	Add indication of extension error while parsing authority/subject key id ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	6ec839a1f9	x509_get_authority_key_id: add length check + test ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	3520fe6fda	Use MBEDTLS_ERROR_ADD() and tag macros ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	8a13866f65	Remove parsing of rfc822Name ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	a2939e8728	Remove duplicated function ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	9a511c5bdf	Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	62d8f84be2	Adapt mbedtls_x509_crt_free after rebase ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
toth92g	9232e0ad84	Adding some comments for easier understand ... Signed-off-by: toth92g <toth92g@gmail.com>	2023-04-04 17:48:28 +02:00
toth92g	8d435a0c8b	Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type. ... Also updated the x509_get_general_names function to be able to parse rfc822Names Test are also updated according these changes. Signed-off-by: toth92g <toth92g@gmail.com>	2023-04-04 17:48:28 +02:00
toth92g	d96027acd2	Correcting documentation issues: ... - Changelog entry is Feature instead of API Change - Correcting whitespaces around braces - Also adding defensive mechanism to x509_get_subject_key_id to avoid malfunction in case of trailing garbage Signed-off-by: toth92g <toth92g@gmail.com>	2023-04-04 17:48:27 +02:00
toth92g	a41954d0cf	Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId). ... A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags. Signed-off-by: toth92g <toth92g@gmail.com>	2023-04-04 17:48:27 +02:00
Tom Cosgrove	b96c309395	Don't use lstrlenW() on Windows ... The lstrlenW() function isn't available to UWP apps, and isn't necessary, since when given -1, WideCharToMultiByte() will process the terminating null character itself (and the length returned by the function includes this character). Resolves #2994 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-02-10 12:52:13 +00:00
Gilles Peskine	0cfb08ddf1	Merge pull request #6922 from mprse/csr_v3 ... Parsing v3 extensions from a CSR - v.2	2023-02-03 16:41:11 +01:00
Dave Rodgman	6dd757a8ba	Fix use of sizeof without brackets ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-02 12:40:50 +00:00
Przemek Stekiel	cf6ff0fb43	Move common functions for crt/csr parsing to x509.c ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:57:19 +01:00
Przemek Stekiel	db128f518c	Allow empty ns_cert_type, key_usage while parsing certificates ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:57:19 +01:00
Przemek Stekiel	21c37288e5	Adapt function names ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:57:19 +01:00
Przemek Stekiel	cbaf3167dd	mbedtls_x509_csr_info: Add parsing code for v3 csr extensions ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:57:19 +01:00
Jens Alfke	2d9e359275	Parsing v3 extensions from a CSR ... A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the X.509v3 extensions included in the CSR -- the key usage, Netscape cert-type, and Subject Alternative Names. Author: Jens Alfke <jens@couchbase.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:56:55 +01:00
Gilles Peskine	449bd8303e	Switch to the new code style ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-11 14:50:10 +01:00
Gilles Peskine	4a480ac5a1	Merge pull request #6265 from Kabbah/x509-info-hwmodulename-hex ... `x509_info_subject_alt_name`: Render HardwareModuleName as hex	2022-11-08 17:11:07 +01:00
Glenn Strauss	a4b4041219	Shared code to free x509 structs ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-10-28 12:51:35 -04:00