9c9880a63f
Explicitly exit IPv4 parsing on a fatal error
...
This makes the function flow more readable.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-05-03 05:06:47 -04:00
6f400a376e
Disallow leading zeroes when parsing IPv4 addresses
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-05-01 06:23:42 -04:00
f5b8f78ad7
authorityCertIssuer and authorityCertSerialNumber MUST both be present or absent
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-26 08:57:32 +02:00
f4194944e8
Use do-while(0) format in macros
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-24 09:52:17 +02:00
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
...
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
90117db5dc
Split a complex condition into separate ones
...
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-04-18 10:43:35 -04:00
8bc2cc92b5
Refactor IPv6 parsing
...
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-04-18 07:26:27 -04:00
ea3e71fa37
Further refactor IPv4 parsing
...
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-04-18 05:54:50 -04:00
9a7a725ee7
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-17 16:06:57 +02:00
6cbca6dd42
Rename a variable in ipv4 and ipv6 parsing
...
Character was too elaborate.
p is used in other x509 code to step through data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-04-13 09:25:00 -04:00
0d57896f7e
Refactor ipv6 parsing
...
Introduce new variables to make it more readable. Clarify the calculations a bit.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-04-13 09:20:31 -04:00
7f5a1a4525
Rename ipv6 parsing variables, introduce one new one
...
This way the names are more descriptive.
j was reused later on for calculation,
num_zero_groups is used instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-04-13 09:20:23 -04:00
06969fc3a0
Introduce a test for a sw implementation of inet_pton
...
Create a bypass define to simulate platforms
without AF_INET6.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-04-13 09:20:15 -04:00
13b8b780fe
Improve x509_inet_pton_ipv4 readability
...
Introduce descriptive variable names.
Drop the table of tens.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-04-13 09:19:50 -04:00
b255e21e48
Handle endianness in x509_inet_pton_ipv6()
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2023-04-11 08:29:43 -04:00
6f545acfaf
Add mbedtls_x509_crt_parse_cn_inet_pton() tests
...
Extended from https://github.com/Mbed-TLS/mbedtls/pull/2906
contributed by Eugene K <eugene.kobyakov@netfoundry.io >
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2023-04-11 08:29:42 -04:00
416c295078
x509 crt verify local implementation to parse IP
...
x509 crt verify local implementation to parse IP
if inet_pton() is not portably available
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2023-04-11 08:29:42 -04:00
c26bd76020
x509 crt verify SAN iPAddress
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2023-04-11 08:29:42 -04:00
d4a5d461de
library: add remaining changes for the new ECP_LIGHT symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-11 11:33:50 +02:00
725688b143
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-04 22:49:44 +02:00
294ec1274d
Remove redundant memory relase for authorityCertIssuer
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-04 17:48:28 +02:00
21903ec860
Fix after rebase
...
Handle manually functions that have been moved to different locations.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-04 17:48:28 +02:00
4f3e7b934e
Fix parsing of authorityCertIssuer
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-04 17:48:28 +02:00
75653b1df0
Add indication of extension error while parsing authority/subject key id
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-04 17:48:28 +02:00
6ec839a1f9
x509_get_authority_key_id: add length check + test
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-04 17:48:28 +02:00
3520fe6fda
Use MBEDTLS_ERROR_ADD() and tag macros
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-04 17:48:28 +02:00
8a13866f65
Remove parsing of rfc822Name
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-04 17:48:28 +02:00
a2939e8728
Remove duplicated function
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-04 17:48:28 +02:00
9a511c5bdf
Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-04 17:48:28 +02:00
62d8f84be2
Adapt mbedtls_x509_crt_free after rebase
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-04-04 17:48:28 +02:00
9232e0ad84
Adding some comments for easier understand
...
Signed-off-by: toth92g <toth92g@gmail.com >
2023-04-04 17:48:28 +02:00
8d435a0c8b
Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type.
...
Also updated the x509_get_general_names function to be able to parse rfc822Names
Test are also updated according these changes.
Signed-off-by: toth92g <toth92g@gmail.com >
2023-04-04 17:48:28 +02:00
d96027acd2
Correcting documentation issues:
...
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
to avoid malfunction in case of trailing garbage
Signed-off-by: toth92g <toth92g@gmail.com >
2023-04-04 17:48:27 +02:00
a41954d0cf
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId).
...
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.
Signed-off-by: toth92g <toth92g@gmail.com >
2023-04-04 17:48:27 +02:00
b96c309395
Don't use lstrlenW() on Windows
...
The lstrlenW() function isn't available to UWP apps, and isn't necessary, since
when given -1, WideCharToMultiByte() will process the terminating null character
itself (and the length returned by the function includes this character).
Resolves #2994
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-02-10 12:52:13 +00:00
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3
...
Parsing v3 extensions from a CSR - v.2
2023-02-03 16:41:11 +01:00
6dd757a8ba
Fix use of sizeof without brackets
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-02-02 12:40:50 +00:00
cf6ff0fb43
Move common functions for crt/csr parsing to x509.c
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-01-24 10:57:19 +01:00
db128f518c
Allow empty ns_cert_type, key_usage while parsing certificates
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-01-24 10:57:19 +01:00
21c37288e5
Adapt function names
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-01-24 10:57:19 +01:00
cbaf3167dd
mbedtls_x509_csr_info: Add parsing code for v3 csr extensions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-01-24 10:57:19 +01:00
2d9e359275
Parsing v3 extensions from a CSR
...
A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.
Author: Jens Alfke <jens@couchbase.com >
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-01-24 10:56:55 +01:00
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-01-11 14:50:10 +01:00
4a480ac5a1
Merge pull request #6265 from Kabbah/x509-info-hwmodulename-hex
...
`x509_info_subject_alt_name`: Render HardwareModuleName as hex
2022-11-08 17:11:07 +01:00
a4b4041219
Shared code to free x509 structs
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-10-28 12:51:35 -04:00
47c7a732d2
Print RFC 4108 hwSerialNum in hex format
...
Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com >
2022-09-29 11:34:23 -03:00
945b23c46f
Include platform.h unconditionally: automatic part
...
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-09-15 20:33:07 +02:00
5166954d14
Make more use of MBEDTLS_MAX_HASH_SIZE macro
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-13 12:57:05 +02:00
40afdd2791
Make use of MBEDTLS_MAX_HASH_SIZE macro
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-06 14:18:45 +02:00
b3edc1576c
Merge pull request #2602 from edsiper/crt-symlink
...
x509_crt: handle properly broken links when looking for certificates
2022-08-03 13:05:29 +02:00
