Commit graph

139 commits

Author SHA1 Message Date
Przemek Stekiel
bf01c64e9d oid.c: unify dependencies (VIA_MD_OR_PSA->VIA_LOWLEVEL_OR_PSA)
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing reference -> drivers ***
   x509parse: total 723; skipped  89 ->  89
   x509write: total  41; skipped   3 ->   3
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
de81028f00 Adjust dependencies in library/oid.c
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Manuel Pégourié-Gonnard
73692b7537 Rework macros expressing dependencies
Fix usage with sed:

s/MBEDTLS_OR_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_LOWLEVEL_OR_PSA/
s/MBEDTLS_USE_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_MD_OR_PSA_BASED_ON_USE_PSA/

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-21 12:11:53 +02:00
Manuel Pégourié-Gonnard
f88b1b5375 Introduce MBEDTLS_OR_PSA_WANT_xxx helper macros
Currently just replacing existing uses, but the real point of having
these conditions as a single macro is that we'll be able to use them in
tests case dependencies, see next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-15 12:08:14 +02:00
Manuel Pégourié-Gonnard
fe2b9b5397 Make mbedtls_oid_get_md_alg() always available
This is a step towards building with RSA PKCS#1v1.5 without MD.

Also loosen guards around oid data: the OID definitions clearly don't
depend on our software implementation.

We could simply have no dependency as this is just data. But for the
sake of code size, let's have some guards so that people who don't use
MD5, SHA1 or RIPEMD160 don't have to pay the price for them.

Note: this is used for RSA (PKCS#v1.5) signatures among other things, an
area that is not influenced by USE_PSA, so the guards should not depend
on it either.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00
Ronald Cron
c44a1d522a
Merge pull request #4507 from Venafi/userid-oid
Add OID for User ID
2021-05-28 10:43:41 +02:00
Mateusz Starzyk
c6d94aba50 Fix remaining SHA384 dependencies and ifdef blocks.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-19 16:23:47 +02:00
Mateusz Starzyk
4228f895c0 Merge branch 'development' into convert_NO_SHA384_to_positive
Conflicts:
* configs/config-psa-crypto.h: modified here, removed in development
* tests/suites/test_suite_x509parse.data: all conflicts are in depends_on
  lines where development made a change unrelated to MBEDTLS_SHAxxx and our
  branch either changed `MBEDTLS_SHA256_C` to `MBEDTLS_SHA224_C` or
  `MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384` to ``MBEDTLS_SHA384_C`, with
  no change to what the test does. Pick the other branch's dependency
  changes then apply our SHA dpeendency change.
2021-05-19 11:37:49 +02:00
Micah N Gorrell
21d4bdbb39 Add OID for User ID
Signed-off-by: Micah N Gorrell <micah.gorrell@venafi.com>
2021-05-12 17:46:56 -06:00
Mateusz Starzyk
6326a8dd37 Fix SHA definitions and their dependencies in library and test suites.
Rework SHA224 and SHA283 documentation.
Define MBEDTLS_SHAxxx_C options in alphabetic order.
Fix SHA224 and SHA384 dependencies in test suites.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-10 13:51:53 +02:00
Mateusz Starzyk
e3c48b4a88 Separate SHA224 from SHA256 config options.
These options are still dependant on each other.
This is an intermediate step.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Hanno Becker
88c2bf311a Minor style improvements
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
612a2f1504 Rename MBEDTLS_X509_INFO to !MBEDTLS_X509_REMOVE_INFO
The introduction of positive options to control the presence
of pre-existing functionality breaks the build for users of
handwritten configurations.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:18:52 +01:00
Peter Kolbus
9a969b66c1 Reduce code size when mbedtls_x509_*_info() unused
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:18:52 +01:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
Gilles Peskine
db09ef6d22 Include common.h instead of config.h in library source files
In library source files, include "common.h", which takes care of
including "mbedtls/config.h" (or the alternative MBEDTLS_CONFIG_FILE)
and other things that are used throughout the library.

FROM=$'#if !defined(MBEDTLS_CONFIG_FILE)\n#include "mbedtls/config.h"\n#else\n#include MBEDTLS_CONFIG_FILE\n#endif' perl -i -0777 -pe 's~\Q$ENV{FROM}~#include "common.h"~' library/*.c 3rdparty/*/library/*.c scripts/data_files/error.fmt scripts/data_files/version_features.fmt

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 11:26:57 +02:00
Kenneth Soerensen
518d435e7b Fix GCC format-signedness warnings
Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2020-04-22 16:01:48 +02:00
Janos Follath
24eed8d2d2 Initialise return values to an error
Initialising the return values to and error is best practice and makes
the library more robust.
2019-12-03 16:07:18 +00:00
Jack Lloyd
5d9c9636fa Add support for RSA PKCSv1.5 signatures using RIPEMD-160 2019-05-06 12:15:17 -04:00
Jaeden Amero
3956a847e6 Merge remote-tracking branch 'origin/pr/2092' into development
* origin/pr/2092:
  Add more missing parentheses around macro parameters
  Add further missing brackets around macro parameters
  Adapt ChangeLog
  Improve macro hygiene
2019-04-24 11:17:21 +01:00
Ron Eldor
e82341646a Add certificate policy oid x509 extension
Add the `MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES` to the list
of supported x509 extensions, in `mbedtls_oid_get_x509_ext_type()`.
2019-04-16 13:26:54 +03:00
Ron Eldor
b6dc105456 Add Wisun Fan device extended key usage
Add the Wisun extended key usage oid and tests.
2019-04-03 13:48:50 +03:00
Ron Eldor
11ee07191f Add certificate policy of type any policy id
Add a function for getting the certificate policy. Currently only
"Any Policy" is supported.
2019-03-26 14:41:07 +02:00
Hanno Becker
1eeca41472 Improve macro hygiene
This commit improves hygiene and formatting of macro definitions
throughout the library. Specifically:
- It adds brackets around parameters to avoid unintended
  interpretation of arguments, e.g. due to operator precedence.
- It adds uses of the `do { ... } while( 0 )` idiom for macros that
  can be used as commands.
2019-02-19 17:59:00 +00:00
Manuel Pégourié-Gonnard
430a66f19a Fix backwards config dependency on oid.c
The file oid.c had conditional inclusion of functions based on a config.h
define that belongs to X.509, which is backwards. For now, just include those
functions unconditionally and rely on the linker to garbage-collect them if
not used.

In the longer term X.509-specific functions are likely to be removed from
libmbedcrypto, but at this step the goal is to preserve the API (and even ABI)
of libmbedcrypto for as long as possible while separating the source trees of
Mbed Crypto and Mbed TLS.
2019-01-28 10:31:39 +01:00
Manuel Pégourié-Gonnard
c49ada41d4 Fix backwards include of x509.h in oid.h
As agreed during the workshop, temporarily move definitions to oid.h even if
they might not semantically belong here, as a short-term measure allowing to
build libmbecrypto on its own (without X.509 files present in the source tree)
but still provide all the things Mbed TLS currently expects, and more
specifically preserve the API and ABI exposed by libmbedtls.
2019-01-28 09:26:19 +01:00
Antonio Quartulli
12ccef2761
pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:15 +08:00
palaviv
a9f90f00aa Removing in compile time unused entries from oid_ecp_grp list 2016-09-04 15:14:38 +01:00
palaviv
06f1828fa2 Removing in compile time unused entries from oid_sig_alg list 2016-09-04 15:14:38 +01:00
palaviv
4636fc6b0d oid_x520_attr_type list is defined only when MBEDTLS_X509_USE_C or MBEDTLS_X509_CREATE_C 2016-09-04 15:14:38 +01:00
palaviv
5730320225 Removing in compile time unused entries from oid_md_alg list 2016-09-04 15:14:38 +01:00
Manuel Pégourié-Gonnard
66fc07362e Fix typo in an OID name
fixes #314
2015-10-21 16:40:29 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
9dbaf400ef Rationalize other snprintf() uses 2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
f78e4de6f4 Fix warnings from -pedantic 2015-05-29 10:52:14 +02:00
Manuel Pégourié-Gonnard
e6028c93f5 Fix some X509 macro names
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
26c9f90cae Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Add missing depends in x509 programs
  Simplify ifdef checks in programs/x509
  Fix thread safety issue in RSA operations
  Add test certificate for bitstring in DN
  Add support for X.520 uniqueIdentifier
  Accept bitstrings in X.509 names
2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard
9409e0cea2 Add support for X.520 uniqueIdentifier 2015-03-27 13:03:54 +01:00
Manuel Pégourié-Gonnard
7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Rich Evans
8f3a9436a9 modify oid.c to use polarssl_snprintf 2015-02-13 13:50:25 +00:00
Manuel Pégourié-Gonnard
a273371fc4 Fix "int vs enum" warnings from armcc v5
enumerated type mixed with another type
2015-02-10 17:34:48 +01:00
Rich Evans
00ab47026b cleanup library and some basic tests. Includes, add guards to includes 2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard
860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard
085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
0698f7c21a Rm duplicate entry in oid_md_alg 2014-07-08 14:20:26 +02:00
Paul Bakker
66d5d076f7 Fix formatting in various code to match spacing from coding style 2014-06-17 17:06:47 +02:00
Paul Bakker
d8bb82665e Fix code styling for return statements 2014-06-17 14:06:49 +02:00
Manuel Pégourié-Gonnard
59a75d5b9d Basic parsing of certs signed with RSASSA-PSS 2014-06-02 16:10:29 +02:00
Paul Bakker
9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Manuel Pégourié-Gonnard
cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker
6384440b13 Better support for the different Attribute Types from IETF PKIX (RFC 5280) 2014-04-30 15:34:12 +02:00
Manuel Pégourié-Gonnard
7afdb88216 Test and fix x509_oid functions 2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard
c9093085ed Revert "Merged RSA-PSS support in Certificate, CSR and CRL"
This reverts commit ab50d8d30c, reversing
changes made to e31b1d992a.
2014-02-12 09:39:59 +01:00
Manuel Pégourié-Gonnard
b1d4eb16e4 Basic parsing of certs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
9bcff3905b Add OIDs and TLS IDs for prime Koblitz curves 2014-01-10 18:32:31 +01:00
Paul Bakker
6edcd41c0a Addition conditions for UEFI environment under MSVC 2013-10-29 15:44:13 +01:00
Paul Bakker
7b0be68977 Support for serialNumber, postalAddress and postalCode in X509 names 2013-10-29 14:24:37 +01:00
Paul Bakker
fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Paul Bakker
45a2c8d99a Prevent possible alignment warnings on casting from char * to 'aligned *' 2013-10-28 12:57:08 +01:00
Manuel Pégourié-Gonnard
48ac3db551 Add OIDs for brainpool curves 2013-10-10 15:11:33 +02:00
Paul Bakker
7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker
2292d1fad0 Fixed warnings in case POLARSSL_X509_PARSE_C is not defined 2013-09-15 17:06:49 +02:00
Manuel Pégourié-Gonnard
edda9041fc Adapt asn1_write_algorithm_identifier() to params 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
3837daec9e Add EC support to x509write_pubkey 2013-09-12 11:57:01 +02:00
Paul Bakker
1c3853b953 oid_get_oid_by_*() now give back oid length as well 2013-09-10 11:43:44 +02:00
Manuel Pégourié-Gonnard
298aae4524 Adapt core OID functions to embeded null bytes 2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
14d8564402 Fix overflow check in oid_get_numeric_string()
(The fix in 791eed3 was wrong.)
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
1e60cd09b0 Expand oid_get_sig_alg() for ECDSA-based algs 2013-07-17 15:59:40 +02:00
Manuel Pégourié-Gonnard
791eed3f33 Fix portability issue in oid_get_numeric_string() 2013-07-09 16:42:35 +02:00
Manuel Pégourié-Gonnard
f0b30d0542 Add oid_get_ec_grp() and associated data 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
5a9b82e234 Make oid_get_pk_alg handle EC algorithms 2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
dffba8f63e Fix bug in oid_get_numeric_string()
Overflow check was done too early, causing many false positives.
2013-07-08 17:32:26 +02:00
Paul Bakker
ce6ae233cb Macro-ized the final internal OID functions 2013-06-29 18:35:40 +02:00
Paul Bakker
47fce02bd8 Defines around module-dependent OIDs 2013-06-29 18:35:40 +02:00
Paul Bakker
7749a22974 Moved PKCS#12 cipher layer based PBE detection to use OID database 2013-06-29 18:32:16 +02:00
Paul Bakker
dd1150e846 Macro-ized single and double attribute functions in OID database 2013-06-28 17:20:22 +02:00
Paul Bakker
bd51ad538d Re-ordered OID internals. Made macro for oid_XXX_from_asn1() functions 2013-06-28 16:54:23 +02:00
Paul Bakker
9b5e885611 PKCS#5 PBES2 now uses OID database for algorithm detection 2013-06-28 16:12:50 +02:00
Paul Bakker
b6c5d2e1a6 Cleanup up non-prototyped functions (static) and const-correctness
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
2013-06-25 16:25:17 +02:00
Paul Bakker
ed27a041e4 More granular define selections within code to allow for smaller code
sizes
2013-04-18 23:12:34 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00