Dave Rodgman
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Gilles Peskine
62418dd20b
Merge pull request #8350 from waleed-elmelegy-arm/fix-null-dereference-in-x509-cert-write
...
Fix possible NULL dereference issue in X509 cert_write program
2023-10-18 10:03:36 +00:00
David Horstmann
9534dfd15b
Reword error message on format of SAN arguments
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-10-17 14:59:31 +01:00
David Horstmann
4a493b267f
Reword error message on format of SAN arguments
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-10-17 14:57:23 +01:00
Waleed Elmelegy
5867465e90
Fix code style issue in cert_write program
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-10-13 10:03:12 +01:00
Waleed Elmelegy
eade3fedb2
Fix code style issue in cert_req program
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-10-13 09:59:19 +01:00
Waleed Elmelegy
ac97af223e
Fix possible NULL dereference issue in X509 cert_req program
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-10-12 15:46:06 +01:00
Waleed Elmelegy
1444c0eb20
Add changelog entry for x509 cert_write null dereference fix
...
Also fix a typo in cert_write.c
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-10-12 14:31:06 +01:00
Waleed Elmelegy
476c1198e8
Fix possible NULL dereference issue in X509 cert_write program
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-10-12 14:19:25 +01:00
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01
...
Updating crt/crl files due to expiry before 2027-01-01
2023-08-17 15:38:35 +00:00
Andrzej Kurek
312b6df38a
Add a missing guard in cert_req.c
...
IP parsing requires x509_CRT_PARSE_C
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-10 08:45:30 -04:00
Andrzej Kurek
6bc7a38683
Support more SAN subtypes in cert_req.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-07 05:13:13 -04:00
Pengyu Lv
b078607f04
cert_write: Support write any for extended key usage
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Andrzej Kurek
0624e460fb
Add a guard for IP parsing in cert_req app
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:54:35 -04:00
Andrzej Kurek
cd17ecfe85
Use better IP parsing in x509 programs
...
Remove unnecessary duplicated code.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:50:05 -04:00
Andrzej Kurek
f994bc51ad
Refactor code in cert_write.c
...
This way is more robust.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-02 05:10:17 -04:00
Andrzej Kurek
5eebfb8fd0
Enable escaping ';' in cert_write.c SANs
...
This might get used in URIs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
446e53d401
Fix a code style issue
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
f70f460e5f
Fix temporary IP parsing error
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
ed557930bb
Update ip_string_to_bytes to cert_req version
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
5da1d751e9
Add missing memory deallocation
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
1bc7df2540
Add documentation and a changelog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
ccdd975286
Add a certificate exercising all supported SAN types
...
This will be used for comparison in unit tests.
Add a possibility to write certificates with SAN
in cert_write.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 11:45:36 -04:00
Przemek Stekiel
758aef60c5
Add guards for mbedtls_psa_crypto_free()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 08:10:01 +02:00
Przemek Stekiel
a8c560a799
Free psa crypto at the end of programs when initialized
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-19 10:15:26 +02:00
Przemek Stekiel
a0a1c1eab5
Move psa_crypto_init() after other init calls
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 11:10:05 +02:00
Przemek Stekiel
6260ee9cab
cert_app: init entropy unconditionally
...
When mbedtls_entropy_free() is called without mbedtls_entropy_init() entropy is uninitialized and contains garbage which may lead to segmentation fault.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-16 22:42:01 +02:00
Przemek Stekiel
89c636e6cf
Init PSA in ssl and x509 programs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-16 22:41:52 +02:00
Andrzej Kurek
0af32483f3
Change the format of md.h include comments
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-07 03:10:28 -04:00
Andrzej Kurek
316b7dd19c
Add a justification for early md.h include in programs
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-05 14:44:38 -04:00
Andrzej Kurek
eaea30d30e
Remove duplicated md.h includes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-05 14:36:51 -04:00
Andrzej Kurek
1b75e5f784
Add missing md.h includes
...
MBEDTLS_MD_CAN_SHAXXX are defined there.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-04 09:55:06 -04:00
Manuel Pégourié-Gonnard
93302422fd
Fix instances of old feature macros being used
...
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data
Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Przemek Stekiel
f86fe73d59
Fix error on Windows builds (conversion from 'unsigned long' to 'uint8_t')
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-14 09:55:29 +01:00
Przemek Stekiel
55ceff6d2f
Code optimization and style fixes
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 14:36:16 +01:00
Przemek Stekiel
68ca81c8fe
Change separator for SAN names to ';'
...
When ';' is used as a separator san names must be provided in quotation marks:
./cert_req filename=../../tests/data_files/server8.key subject_name=dannybackx.hopto.org san="URI:http://pki.example.com/;IP:127.1.1.0;DNS:example.com "
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 14:04:11 +01:00
Przemek Stekiel
6cb59c55c3
ip_string_to_bytes: remove status, add info about supported ip version
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-06 10:13:20 +01:00
Przemek Stekiel
5a49d3cce3
Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:11 +01:00
Przemek Stekiel
3a92593d1e
Adapt cert_req app to support SAN IP
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:11 +01:00
Hannes Tschofenig
6b108606fa
Added ability to include the SubjectAltName extension to a CSR
...
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
2023-02-21 13:42:39 +01:00
Dave Rodgman
94c9c96c94
Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage
...
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
2023-02-06 09:53:50 +00:00
Aditya Deshpande
644a5c0b2b
Fix bugs in example programs: change argc == 0 to argc < 2
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 16:48:13 +00:00
Valerio Setti
af4815c6a4
x509: replace/fix name of new function for setting serial
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:43:09 +01:00
Valerio Setti
48fdbb3940
programs: cert_write: fixed bug in parsing dec serial
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
791bbe629d
programs: improved cert_write serial management
...
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
acf12fb744
x509: fix endianness and input data format for x509write_crt_set_serial_new
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23
fix: add missing deprecation guards
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
da0afcc2fb
x509: remove direct dependency from BIGNUM_C
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Gilles Peskine
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Tom Cosgrove
1797b05602
Fix typos prior to release
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00