mbedtls

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	32c28cebb4	Merge pull request #8715 from valeriosetti/issue7964 Remove all internal functions from public headers	2024-02-05 15:09:15 +00:00
Valerio Setti	25b282ebfe	x509: move internal functions declarations to a private header Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-19 09:07:35 +01:00
Valerio Setti	384fbde49a	library/tests: replace md_psa.h with psa_util.h as include file for MD conversion Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-02 13:27:32 +01:00
Dave Rodgman	e4a6f5a7ec	Use size_t cast for pointer subtractions Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-21 17:09:46 +00:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Gilles Peskine	d370f93898	Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's	2023-08-16 09:19:46 +00:00
Gilles Peskine	a79256472c	Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier Fixed x509 certificate generation to conform to RFCs when using ECC key	2023-08-07 19:14:54 +00:00
Andrzej Kurek	c508dc29f6	Unify csr and crt san writing functions Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-07-07 09:05:30 -04:00
Andrzej Kurek	1c8ecbef64	Add support for x509 SAN RCF822 and DirectoryName for csr generation Unify the code with the x509 crt counterpart. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-07-07 05:12:52 -04:00
Manuel Pégourié-Gonnard	2be8c63af7	Create psa_util_internal.h Most functions in psa_util.h are going to end up there (except those that can be static in one file), but I wanted to have separate commits for file creation and moving code around, so for now the new file's pretty empty but that will change in the next few commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-07-06 12:42:33 +02:00
Marek Jansta	8bde649c0b	Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate Signed-off-by: Marek Jansta <jansta@2n.cz>	2023-06-19 12:49:27 +02:00
Manuel Pégourié-Gonnard	02b10d8266	Add missing include Fix build failures with config full Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	6076f4124a	Remove hash_info.[ch] Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	2d6d993662	Use MD<->PSA functions from MD light As usual, just a search-and-replace plus: 1. Removing things from hash_info.[ch] 2. Adding new auto-enable MD_LIGHT in build-info.h 3. Including md_psa.h where needed Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	8857984b2f	Replace hash_info macro with MD macro Now the MD macro also accounts for PSA-only hashes. Just a search-and-replace, plus manually removing the definition in hash_info.h. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Andrzej Kurek	e773978e68	Remove unnecessary addition to buffer size estimation Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-02 09:42:44 -04:00
Andrzej Kurek	7c86974d6d	Fix overflow checks in x509write_crt Previous ones could still overflow. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-02 05:02:41 -04:00
Andrzej Kurek	63a6a267a4	Check for overflows when writing x509 SANs Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 15:23:56 -04:00
Andrzej Kurek	908716f097	Add missing RFC822_NAME case to SAN setting Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 15:23:56 -04:00
Andrzej Kurek	e488c454ea	Remove unnecessary zeroization Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 15:23:56 -04:00
Andrzej Kurek	dc22090671	Return an error on an unsupported SubjectAltName Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 15:23:56 -04:00
Andrzej Kurek	c6215b0ce1	Add braces to a switch case Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 15:23:56 -04:00
Andrzej Kurek	1bc7df2540	Add documentation and a changelog entry Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 15:23:56 -04:00
Andrzej Kurek	67fdb3307d	Add a possibility to write subject alt names in a certificate Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 11:45:36 -04:00
Manuel Pégourié-Gonnard	7224086ebc	Remove legacy_or_psa.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard	a946489efd	X.509: use MD_CAN macros Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	2cd751465c	Use MD, not low-level SHA1, in X.509 X.509 already depends on MD_C \|\| USE_PSA_CRYPTO, and this is for the !USE_PSA_CRYPTO branch, so we're free to use MD. This change supports our ability to use MBEDTLS_MD_CAN_xxx macros everywhere in the future, once they have been introduced. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-24 12:37:07 +01:00
Valerio Setti	af4815c6a4	x509: replace/fix name of new function for setting serial Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-26 17:43:09 +01:00
Valerio Setti	856cec45eb	test: x509: add more tests for checking certificate serial - added 2 new certificates: 1 for testing a serial which is full lenght and another one for a serial which starts with 0x80 - added also proper Makefile and openssl configuration file to generate these 2 new certificates Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-12 17:01:45 +01:00
Valerio Setti	4752aac11d	x509: enhancement and fixes - enhance mbedtls_x509write_crt_set_serial(): avoid use of useless temporary buffer - fix mbedtls_x509write_crt_der(): add an extra 0x00 byte at the beginning of serial if the MSb of serial is 1, as required from ASN.1 Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-12 17:01:44 +01:00
Valerio Setti	746def5ade	x509: renaming of buffer variables in new serial setting function Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-12 17:01:44 +01:00
Valerio Setti	acf12fb744	x509: fix endianness and input data format for x509write_crt_set_serial_new Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-12 17:01:44 +01:00
Valerio Setti	5d164c4e23	fix: add missing deprecation guards Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-12 17:01:44 +01:00
Valerio Setti	da0afcc2fb	x509: remove direct dependency from BIGNUM_C Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-12 17:01:44 +01:00
Gilles Peskine	449bd8303e	Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-11 14:50:10 +01:00
Dave Rodgman	55fd0b9fc1	Merge pull request #6121 from daverodgman/pr277 cert_write - add a way to set extended key usages - rebase	2022-10-31 13:27:49 +00:00
Manuel Pégourié-Gonnard	07018f97d2	Make legacy_or_psa.h public. As a public header, it should no longer include common.h, just use build_info.h which is what we actually need anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-16 12:02:48 +02:00
Przemek Stekiel	40afdd2791	Make use of MBEDTLS_MAX_HASH_SIZE macro Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-06 14:18:45 +02:00
Dave Rodgman	e2b772d1b6	Fix whitespace, missing const Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:25:45 +01:00
Dave Rodgman	5f3f0d06e6	Address minor review comments Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:25:45 +01:00
Nicholas Wilson	ca841d32db	Add test for mbedtls_x509write_crt_set_ext_key_usage, and fix reversed order Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:25:43 +01:00
Nicholas Wilson	8e5bdfbbcf	Improve programs/cert_write with a way to set extended key usages Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:08:43 +01:00
Przemek Stekiel	4146525ce9	Fix compilation guard (comment) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	76b753bbb7	Change the dependencies in pem.c to xxx_BASED_ON_USE_PSA and related files This is done to be able to bild test_psa_crypto_config_accel_hash component where MD5 is only available accelerated (PSA_WANT_ALG_MD5 is enabled and MBEDTLS_MD5_C is disabled) but MBEDTLS_USE_PSA_CRYPTO is disabled. So the build should not attempt to enable pem_pbkdf1. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	fd18366965	Adjust declared dependencies in library/x509* * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Manuel Pégourié-Gonnard	abac037a7b	Migrate from old inline to new actual function. This is mostly: sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \ library/.c tests/suites/.function This should be good for code size as the old inline function was used from 10 translation units inside the library, so we have 10 copies at least. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Werner Lewis	acd01e58a3	Use ASN1 UTC tags for dates before 2000 Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-01 16:24:28 +01:00
pespacek	b9ca22dead	Improving readability of x509_crt and x509write_crt for PR Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-03-07 13:59:44 +01:00
pespacek	d924e55944	Improving readability of x509_crt and x509write_crt Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-03-07 13:31:54 +01:00
pespacek	3015148ae6	Improving readability Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-17 16:08:23 +01:00

1 2 3

106 commits