1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-26 00:37:41 +03:00
Commit Graph

235 Commits

Author SHA1 Message Date
Ben Taylor
7573321f61 Fix style issues
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-08-07 08:25:52 +01:00
Ben Taylor
b2eecc621d switch to mbedtls_pk_sigalg_t
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-08-07 08:25:52 +01:00
Gilles Peskine
1819a915bc Include limits.h where needed
This will be needed when TF-PSA-Crypto's `build_info.h` stops including
`limits.h`, which it currently does by accident because it includes
`check_config.h` which wants `limits.h` to check `CHAR_BIT`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-28 15:45:12 +02:00
Gilles Peskine
cd4c0d7b00 Move OID string definitions back to mbedtls/oid.h
Some code that parses or writes X.509 needs to know OID values. We provide a
convenient list. Don't remove this list from the public interface of the
library.

For user convenience, expose these values in the same header as before and
with the same name as before: `MBEDTLS_OID_xxx` in `<mbedtls/oid.h>`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-06-03 15:51:34 +02:00
Gilles Peskine
4c83221320 Replace MBEDTLS_ERR_OID_NOT_FOUND with MBEDTLS_ERR_X509_UNKNOWN_OID
Replace the non-X.509-named error code `MBEDTLS_ERR_OID_NOT_FOUND` with
`MBEDTLS_ERR_X509_UNKNOWN_OID`, which already exists and is currently not
used for anything.

Public functions in X.509 propagate this error code, so it needs to have a
public name.

Remove the definition of `MBEDTLS_ERR_OID_NOT_FOUND` in `x509_oid.h`, then

```
git grep -l MBEDTLS_ERR_OID_NOT_FOUND | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_NOT_FOUND\b/MBEDTLS_ERR_X509_UNKNOWN_OID/g'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-06-03 15:51:34 +02:00
Gilles Peskine
47f1d7be95 Replace MBEDTLS_ERR_OID_BUF_TOO_SMALL with PSA_ERROR_BUFFER_TOO_SMALL
Remove the definition of `MBEDTLS_ERR_OID_BUF_TOO_SMALL` in `x509_oid.h`,
and use the corresponding PSA error instead.

```
git grep -l MBEDTLS_ERR_OID_BUF_TOO_SMALL | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_BUF_TOO_SMALL\b/PSA_ERROR_BUFFER_TOO_SMALL/p'
edit library/x509_oid.h
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-06-03 15:51:34 +02:00
Gilles Peskine
532e3ee104 Switch library and tests to the x509_oid module
```
git grep -l -P 'mbedtls_oid_get_(?!numeric_string\b)' | xargs perl -i -pe 's/\bmbedtls_oid_get_(?!numeric_string\b)/mbedtls_x509_oid_get_/'
./framework/scripts/code_style.py --since HEAD~1 --fix
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-06-03 15:51:34 +02:00
Gilles Peskine
86a47f85fa Switch to "x509_oid.h" in code that uses OID functions
Keep "mbedtls/oid.h" in code that only uses OID macros.

```
git grep -l mbedtls_oid_ '**/*.[hc]' tests/suites/*.function | xargs perl -i -pe 's!["<]mbedtls/oid\.h[">]!"x509_oid.h"!g'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-06-03 15:51:34 +02:00
Valerio Setti
d24dfad7af library: x509: remove sig_opts from mbedtls_x509_sig_alg_gets()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-05-07 09:06:52 +02:00
Valerio Setti
68878ccdd0 library: x509: simplify RSA-PSS management
- Do not store RSA-PSS signature options in CRL/CRT/CSR structures;
- During the parsing phase, just ensure that MGF1 hash alg is the same
  as the one used for the message.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-05-07 09:06:52 +02:00
Harry Ramsey
0f6bc41a22 Update includes for each library file
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-10-09 11:18:50 +01:00
Sam Berry
4f76194eaf Move function mbedtls_oid_get_numeric_string to x509.c
This commit moves the mbedtls_oid_get_numeric_string function definition
from oid.c to x509.c.

Signed-off-by: Sam Berry <sam.berry@arm.com>
2024-09-18 21:23:17 +01:00
Elena Uziunaite
9fc5be09cb Replace MBEDTLS_MD_CAN_SHA1 with PSA_WANT_ALG_SHA_1
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-09-04 18:12:59 +01:00
Gabor Mezei
c15ef93aa5 Replace MBEDTLS_MD_CAN_SHA512 with PSA_WANT_ALG_SHA_512
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-08-28 18:20:25 +02:00
Elena Uziunaite
b66a991f04 Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-18 14:31:59 +03:00
Elena Uziunaite
0916cd702f Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-11 11:13:35 +03:00
Ronald Cron
2cf41a273e Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
2024-07-04 08:56:52 +00:00
Ronald Cron
45aa4d50de Merge pull request #9125 from eleuzi01/replace-mbedtls-md-can-ripemd160
Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160
2024-07-04 08:38:40 +00:00
Elena Uziunaite
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-03 10:20:41 +01:00
Elena Uziunaite
fcc9afaf9d Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-02 11:08:04 +01:00
Elena Uziunaite
1b6fb219e9 Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-06-20 16:35:29 +01:00
Valerio Setti
25b282ebfe x509: move internal functions declarations to a private header
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-19 09:07:35 +01:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Gilles Peskine
3cea3efc25 Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509
Accept numericoid hexstring x509
2023-09-13 08:54:33 +00:00
Agathiyan Bragadeesh
c7959b22c6 Remove magic number in x509.c
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-09-12 17:56:58 +01:00
Agathiyan Bragadeesh
86dc08599b Add asn1 write tag and len to x509 use c config
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-09-04 15:40:41 +01:00
Agathiyan Bragadeesh
15df01240d Fix code style
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 17:50:00 +01:00
Agathiyan Bragadeesh
022f86f108 Prevent output of escaped null characters dn gets
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 16:56:04 +01:00
Agathiyan Bragadeesh
8aa74ab6a9 Add return for buffer too small when reading OIDs
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 16:42:27 +01:00
Agathiyan Bragadeesh
f3b9724dcd Remove questionable use of macro.
MBEDTLS_X509_SAFE_SNPRINTF was used after mbedtls_oid_get_numeric_string
so instead we have expanded the macro and kept the relevant code.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 16:37:11 +01:00
Agathiyan Bragadeesh
07f472a88b Add corruption detected return when writing asn1
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 16:29:39 +01:00
Agathiyan Bragadeesh
eb55867520 Fix code style
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
af70c7dce7 Write numeric oid directly to buffer
mbedtls_oid_get_numeric_string now points to output buffer in dn_gets

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a7f9630925 Remove duplicate '+' in comparison string
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
5adffb2488 Refactor dn_gets use library function to write tag
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
2bf09a61a3 Fix style on left shift operations
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
ee642d93a8 Format preprocessor conditionals
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
7f639fc7ab Fix Windows x64 build errors with type conversions
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a1f5c2d06f Move declaration of variables in dn_gets to top
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
0a4b6d88d0 Alter conditions on hexstring output dn_gets
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
4987c8fcb0 Fix code style on x509.c and x509_create.c
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
c9d74f3109 Refactor AttributeType in mbedtls_x509_dn_gets
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
0eb6673a80 Add preprocessor config guards
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
ddc720d209 Add mbedtls_x509_dn_gets hexstring output
If the data is a bitstring or an octet string, instead use the hexstring
of the BER encoding (RFC 4514 Section 2.4)

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
f0e1ac59d8 Rewrite nibble_to_hex_digit for readability
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
9d2507c81d Rename x509_int_to_hexdigit to nibble_to_hex_digit
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
ef2decbe4a Escape hexpairs characters RFC 4514
Converts none ascii to escaped hexpairs in mbedtls_x509_dn_gets and
interprets hexpairs in mbedtls_x509_string_to_names.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:38:16 +01:00
Agathiyan Bragadeesh
48513b8639 Escape special characters RFC 4514
This escapes special characters according to RFC 4514 in
mbedtls_x509_dn_gets and de-escapes in mbedtls_x509_string_to_names.
This commit does not handle hexpairs.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:38:16 +01:00
David Horstmann
cfae6a1ae9 Fix incorrect detection of HardwareModuleName
The hardware module name otherName SAN contains 2 OIDs:

 OtherName ::= SEQUENCE {
      type-id    OBJECT IDENTIFIER,
      value      [0] EXPLICIT ANY DEFINED BY type-id }

 HardwareModuleName ::= SEQUENCE {
                           hwType OBJECT IDENTIFIER,
                           hwSerialNum OCTET STRING }

The first, type-id, is the one that identifies the otherName as a
HardwareModuleName. The second, hwType, identifies the type of hardware.

This change fixes 2 issues:

1. We were erroneously trying to identify HardwareModuleNames by looking
at hwType, not type-id.
2. We accidentally inverted the check so that we were checking that
hwType did NOT match HardwareModuleName.

This fix ensures that type-id is correctly checked to make sure that it
matches the OID for HardwareModuleName.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-18 19:31:39 +01:00
David Horstmann
2ea44d28de Fix: Set type_id in x509_get_other_name()
When parsing a subject alternative name of type otherName, retain the
type-id field of the otherName. Previously this was not copied to the
mbedtls_x509_san_other_name struct when it should have been.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-18 18:36:02 +01:00