Gilles Peskine
d598eaf212
Merge pull request #7106 from davidhorstmann-arm/parse-oid-from-string
...
Parse an OID from a string
2023-06-06 20:57:17 +02:00
David Horstmann
02127ab022
Allow subidentifiers of size UINT_MAX
...
Make overflow check more accurate and add testcases
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-02 15:51:17 +01:00
David Horstmann
9643575d92
Limit OIDs to 128 components
...
The longest OID known by oid-info.com is 34 components[1], so 128
should be plenty and will limit the potential for attacks.
[1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-04-26 11:50:14 +01:00
Manuel Pégourié-Gonnard
ebef58d301
OID + misc crypto: use MD_CAN and fix failures
...
After this, only PK, X.509 and TLS remain to be done.
Deterministic uses HMAC-DRBG which uses MD, so it needs crypto_init()
when using a driver-only hash.
Also, remove a special-purpose macro that's no longer needed.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Demi Marie Obenour
889534a4d2
Fix segfault in mbedtls_oid_get_numeric_string
...
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value. This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.
Also check that second and subsequent subidentifiers are terminated, and
add a test case for that. Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-03-16 01:06:41 -04:00
David Horstmann
e91cbcfb2c
Add negative test cases for OID parsing
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-22 18:27:59 +00:00
David Horstmann
0f852c9277
Add tests for OID parsing from string
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-22 18:27:58 +00:00
David Horstmann
5b5a0b618c
Change error codes to more appropriate codes
...
The more precise error codes are borrowed from the ASN1 module.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-20 14:24:12 +00:00
David Horstmann
895eb7c9b5
Add testcases for overlong encoding of OIDs
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 12:09:41 +00:00
David Horstmann
f01de145bd
Add tests for mbedtls_oid_get_numeric_string()
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 11:45:51 +00:00
Przemek Stekiel
2c70a0d9e0
test_suite_oid: Replace MBEDTLS_MD5_C and MBEDTLS_SHAxxx_C with the corresponding MBEDTLS_HAS_ALG_xxx_VIA_LOWLEVEL_OR_PSA
...
*** Comparing before-default -> after-default ***
x509parse: total 723; skipped 26 -> 26
x509write: total 41; skipped 8 -> 8
pem: total 13; skipped 0 -> 0
oid: total 28; skipped 0 -> 0
*** Comparing before-full -> after-full ***
x509parse: total 723; skipped 25 -> 25
x509write: total 41; skipped 0 -> 0
pem: total 13; skipped 0 -> 0
oid: total 28; skipped 0 -> 0
*** Comparing reference -> drivers ***
x509parse: total 723; skipped 89 -> 89
x509write: total 41; skipped 3 -> 3
pem: total 13; skipped 0 -> 0
oid: total 28; skipped 0 -> 0
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Mateusz Starzyk
6326a8dd37
Fix SHA definitions and their dependencies in library and test suites.
...
Rework SHA224 and SHA283 documentation.
Define MBEDTLS_SHAxxx_C options in alphabetic order.
Fix SHA224 and SHA384 dependencies in test suites.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-10 13:51:53 +02:00
Mateusz Starzyk
e3c48b4a88
Separate SHA224 from SHA256 config options.
...
These options are still dependant on each other.
This is an intermediate step.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Jack Lloyd
5ed7fff8ce
Add a test of the OID->MD map functions
2019-05-06 12:16:18 -04:00
Ron Eldor
e82341646a
Add certificate policy oid x509 extension
...
Add the `MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES` to the list
of supported x509 extensions, in `mbedtls_oid_get_x509_ext_type()`.
2019-04-16 13:26:54 +03:00
Ron Eldor
b6dc105456
Add Wisun Fan device extended key usage
...
Add the Wisun extended key usage oid and tests.
2019-04-03 13:48:50 +03:00
Ron Eldor
11ee07191f
Add certificate policy of type any policy id
...
Add a function for getting the certificate policy. Currently only
"Any Policy" is supported.
2019-03-26 14:41:07 +02:00