mbedtls

Author	SHA1	Message	Date
Jerry Yu	a3e249cb2b	change path of mbedtls_x509_csr_info input data - Copy data_files/server1.req.md5->data_files/parse_input/server1.req.md5 - Copy data_files/server1.req.sha1->data_files/parse_input/server1.req.sha1 - Copy data_files/server1.req.sha224->data_files/parse_input/server1.req.sha224 - Copy data_files/server1.req.sha256->data_files/parse_input/server1.req.sha256 - Copy data_files/server1.req.sha384->data_files/parse_input/server1.req.sha384 - Copy data_files/server1.req.sha512->data_files/parse_input/server1.req.sha512 - Move data_files/server1.req.commas.sha256->data_files/parse_input/server1.req.commas.sha256 - Move data_files/server5.req.sha1->data_files/parse_input/server5.req.sha1 - Move data_files/server5.req.sha224->data_files/parse_input/server5.req.sha224 - Move data_files/server5.req.sha256->data_files/parse_input/server5.req.sha256 - Move data_files/server5.req.sha384->data_files/parse_input/server5.req.sha384 - Move data_files/server5.req.sha512->data_files/parse_input/server5.req.sha512 - Move data_files/server9.req.sha1->data_files/parse_input/server9.req.sha1 - Move data_files/server9.req.sha224->data_files/parse_input/server9.req.sha224 - Move data_files/server9.req.sha256->data_files/parse_input/server9.req.sha256 - Move data_files/server9.req.sha384->data_files/parse_input/server9.req.sha384 - Move data_files/server9.req.sha512->data_files/parse_input/server9.req.sha512 - Move data_files/server1-ms.req.sha256->data_files/parse_input/server1-ms.req.sha256 - Move data_files/test_csr_v3_all.csr.der->data_files/parse_input/test_csr_v3_all.csr.der - Move data_files/test_csr_v3_nsCertType.csr.der->data_files/parse_input/test_csr_v3_nsCertType.csr.der - Move data_files/test_csr_v3_subjectAltName.csr.der->data_files/parse_input/test_csr_v3_subjectAltName.csr.der - Move data_files/test_csr_v3_keyUsage.csr.der->data_files/parse_input/test_csr_v3_keyUsage.csr.der Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-05-29 17:28:44 +08:00
Jerry Yu	e8e7bbb59d	change path of x509_parse_san input data - Move data_files/server5-othername.crt->data_files/parse_input/server5-othername.crt - Move data_files/server5-nonprintable_othername.crt->data_files/parse_input/server5-nonprintable_othername.crt - Move data_files/server5-directoryname.crt.der->data_files/parse_input/server5-directoryname.crt.der - Move data_files/server5-directoryname-seq-malformed.crt.der->data_files/parse_input/server5-directoryname-seq-malformed.crt.der - Move data_files/server5-second-directoryname-oid-malformed.crt.der->data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der - Copy data_files/cert_example_multi.crt->data_files/parse_input/cert_example_multi.crt - Move data_files/multiple_san.crt->data_files/parse_input/multiple_san.crt - Copy data_files/server4.crt->data_files/parse_input/server4.crt - Move data_files/server5-unsupported_othername.crt->data_files/parse_input/server5-unsupported_othername.crt - Move data_files/test_cert_rfc822name.crt.der->data_files/parse_input/test_cert_rfc822name.crt.der Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-05-29 17:28:43 +08:00
Jerry Yu	1c3cfb3ed6	change path of x509parse_crt_file input data - Move data_files/server1_pathlen_int_max.crt->data_files/parse_input/server1_pathlen_int_max.crt - Move data_files/server1_pathlen_int_max-1.crt->data_files/parse_input/server1_pathlen_int_max-1.crt - Copy data_files/server7_int-ca.crt->data_files/parse_input/server7_int-ca.crt - Move data_files/server7_pem_space.crt->data_files/parse_input/server7_pem_space.crt - Move data_files/server7_all_space.crt->data_files/parse_input/server7_all_space.crt - Move data_files/server7_trailing_space.crt->data_files/parse_input/server7_trailing_space.crt - Move data_files/cli-rsa-sha256-badalg.crt.der->data_files/parse_input/cli-rsa-sha256-badalg.crt.der Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-05-29 17:28:42 +08:00
Jerry Yu	85b0758b41	change path of x509_cert_info input data - Copy data_files/server1.crt->data_files/parse_input/server1.crt - Move data_files/server1.crt.der->data_files/parse_input/server1.crt.der - Copy data_files/server2.crt->data_files/parse_input/server2.crt - Copy data_files/server2.crt.der->data_files/parse_input/server2.crt.der - Copy data_files/test-ca.crt->data_files/parse_input/test-ca.crt - Move data_files/test-ca.crt.der->data_files/parse_input/test-ca.crt.der - Copy data_files/cert_md5.crt->data_files/parse_input/cert_md5.crt - Copy data_files/cert_sha1.crt->data_files/parse_input/cert_sha1.crt - Copy data_files/cert_sha224.crt->data_files/parse_input/cert_sha224.crt - Copy data_files/cert_sha256.crt->data_files/parse_input/cert_sha256.crt - Copy data_files/cert_sha384.crt->data_files/parse_input/cert_sha384.crt - Copy data_files/cert_sha512.crt->data_files/parse_input/cert_sha512.crt - Copy data_files/server9.crt->data_files/parse_input/server9.crt - Copy data_files/server9-sha224.crt->data_files/parse_input/server9-sha224.crt - Copy data_files/server9-sha256.crt->data_files/parse_input/server9-sha256.crt - Copy data_files/server9-sha384.crt->data_files/parse_input/server9-sha384.crt - Copy data_files/server9-sha512.crt->data_files/parse_input/server9-sha512.crt - Copy data_files/server5-sha1.crt->data_files/parse_input/server5-sha1.crt - Copy data_files/server5-sha224.crt->data_files/parse_input/server5-sha224.crt - Copy data_files/server5.crt->data_files/parse_input/server5.crt - Copy data_files/server5-sha384.crt->data_files/parse_input/server5-sha384.crt - Copy data_files/server5-sha512.crt->data_files/parse_input/server5-sha512.crt - Copy data_files/server5-othername.crt->data_files/parse_input/server5-othername.crt - Copy data_files/server5-nonprintable_othername.crt->data_files/parse_input/server5-nonprintable_othername.crt - Copy data_files/server5-directoryname.crt.der->data_files/parse_input/server5-directoryname.crt.der - Move data_files/server5-two-directorynames.crt.der->data_files/parse_input/server5-two-directorynames.crt.der - Move data_files/server5-fan.crt->data_files/parse_input/server5-fan.crt - Copy data_files/server1.cert_type.crt->data_files/parse_input/server1.cert_type.crt - Copy data_files/server1.key_usage.crt->data_files/parse_input/server1.key_usage.crt - Copy data_files/keyUsage.decipherOnly.crt->data_files/parse_input/keyUsage.decipherOnly.crt - Copy data_files/cert_example_multi.crt->data_files/parse_input/cert_example_multi.crt - Copy data_files/multiple_san.crt->data_files/parse_input/multiple_san.crt - Copy data_files/cert_example_multi_nocn.crt->data_files/parse_input/cert_example_multi_nocn.crt - Move data_files/rsa_single_san_uri.crt.der->data_files/parse_input/rsa_single_san_uri.crt.der - Move data_files/rsa_multiple_san_uri.crt.der->data_files/parse_input/rsa_multiple_san_uri.crt.der - Move data_files/test-ca-any_policy.crt->data_files/parse_input/test-ca-any_policy.crt - Move data_files/test-ca-any_policy_ec.crt->data_files/parse_input/test-ca-any_policy_ec.crt - Move data_files/test-ca-any_policy_with_qualifier.crt->data_files/parse_input/test-ca-any_policy_with_qualifier.crt - Move data_files/test-ca-any_policy_with_qualifier_ec.crt->data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt - Move data_files/test-ca-multi_policy.crt->data_files/parse_input/test-ca-multi_policy.crt - Move data_files/test-ca-multi_policy_ec.crt->data_files/parse_input/test-ca-multi_policy_ec.crt - Move data_files/test-ca-unsupported_policy.crt->data_files/parse_input/test-ca-unsupported_policy.crt - Move data_files/test-ca-unsupported_policy_ec.crt->data_files/parse_input/test-ca-unsupported_policy_ec.crt - Move data_files/server1.ext_ku.crt->data_files/parse_input/server1.ext_ku.crt - Copy data_files/server4.crt->data_files/parse_input/server4.crt - Copy data_files/server3.crt->data_files/parse_input/server3.crt - Move data_files/bitstring-in-dn.pem->data_files/parse_input/bitstring-in-dn.pem - Move data_files/non-ascii-string-in-issuer.crt->data_files/parse_input/non-ascii-string-in-issuer.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-05-29 17:28:42 +08:00
Jerry Yu	2d412c6b24	change path of mbedtls_x509_crl_info input data - Copy data_files/crl_expired.pem->data_files/parse_input/crl_expired.pem - Move data_files/crl_md5.pem->data_files/parse_input/crl_md5.pem - Move data_files/crl_sha1.pem->data_files/parse_input/crl_sha1.pem - Move data_files/crl_sha224.pem->data_files/parse_input/crl_sha224.pem - Copy data_files/crl_sha256.pem->data_files/parse_input/crl_sha256.pem - Move data_files/crl_sha384.pem->data_files/parse_input/crl_sha384.pem - Move data_files/crl_sha512.pem->data_files/parse_input/crl_sha512.pem - Copy data_files/crl-rsa-pss-sha1.pem->data_files/parse_input/crl-rsa-pss-sha1.pem - Copy data_files/crl-rsa-pss-sha224.pem->data_files/parse_input/crl-rsa-pss-sha224.pem - Copy data_files/crl-rsa-pss-sha256.pem->data_files/parse_input/crl-rsa-pss-sha256.pem - Copy data_files/crl-rsa-pss-sha384.pem->data_files/parse_input/crl-rsa-pss-sha384.pem - Copy data_files/crl-rsa-pss-sha512.pem->data_files/parse_input/crl-rsa-pss-sha512.pem - Copy data_files/crl-ec-sha1.pem->data_files/parse_input/crl-ec-sha1.pem - Move data_files/crl-ec-sha224.pem->data_files/parse_input/crl-ec-sha224.pem - Copy data_files/crl-ec-sha256.pem->data_files/parse_input/crl-ec-sha256.pem - Move data_files/crl-ec-sha384.pem->data_files/parse_input/crl-ec-sha384.pem - Move data_files/crl-ec-sha512.pem->data_files/parse_input/crl-ec-sha512.pem Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-05-29 17:28:40 +08:00
Andrzej Kurek	00d55988d9	Fix wrong makefile target Missing tab and a prerequisite that's not a file Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-22 09:37:55 -04:00
Andrzej Kurek	ccdd975286	Add a certificate exercising all supported SAN types This will be used for comparison in unit tests. Add a possibility to write certificates with SAN in cert_write. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 11:45:36 -04:00
Mukesh Bharsakle	4823d5ff0e	Merge branch 'Mbed-TLS:development' into update-pkparse-tests-to-use-AES	2023-05-10 12:35:19 +01:00
Jethro Beekman	0167244be4	Read and write X25519 and X448 private keys Signed-off-by: Jethro Beekman <jethro@fortanix.com> Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com> Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>	2023-05-04 13:01:47 +02:00
Valerio Setti	8820b57b6e	test: fix makefile for ec_pub.[der/pem] generation Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-02 15:45:39 +02:00
Valerio Setti	c8b7865612	test: align ec_pub public keyfile with its ec_prv.sec1 counterpart This change affects: - both PEM and DER files, since they contain the same public key only in different formats - "ec_pub.comp.pem" since it's the same as "ec_pub.pem" but in compressed format The makefile was also updated accordingly to reflect these dependencies. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-02 15:45:39 +02:00
Valerio Setti	547b3a4ab5	fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-24 10:24:37 +02:00
Valerio Setti	232a006a46	test: fix extension in DER test files Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-18 12:53:19 +02:00
Valerio Setti	8b7d4323da	test: add Makefile target for the generated DER files Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-18 11:08:44 +02:00
Valerio Setti	28567abf4f	test: add DER file format for pkwrite tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-17 18:43:55 +02:00
Mukesh Bharsakle	b17f6a211d	Updating makefile to document key generation Signed-off-by: Mukesh Bharsakle <bharsaklemukesh975@gmail.com>	2023-04-12 00:05:45 +01:00
Mukesh Bharsakle	1a4cc5e92c	updating test-ca.key to use AES instead of DES Signed-off-by: Mukesh Bharsakle <bharsaklemukesh975@gmail.com>	2023-04-10 14:05:42 +01:00
Andrzej Kurek	303704ef4a	Remove unnecessary tabs Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-29 11:41:34 -04:00
Andrzej Kurek	d90376ef46	Add a test for a malformed directoryname sequence Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-29 11:38:45 -04:00
Andrzej Kurek	d348632a6a	Switch from PEM to DER format for new x509 directoryname test This simplifies generating malformed data and doesn't require the PEM support for tests. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-29 11:03:01 -04:00
Andrzej Kurek	151d85d82c	Introduce a test for a malformed directoryname SAN Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-29 11:03:01 -04:00
Andrzej Kurek	4a4f1ec8e9	Add the original certificate to be malformed for x509 tests Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-29 11:03:01 -04:00
Andrzej Kurek	e12b01d31b	Add support for directoryName subjectAltName Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-29 11:03:01 -04:00
Paul Elliott	9f02a4177b	Merge pull request #7009 from mprse/csr_write_san Added ability to include the SubjectAltName extension to a CSR - v.2	2023-03-17 10:07:27 +00:00
Dave Rodgman	2e8442565a	Add PKCS #7 test files using expired cert Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-11 10:24:30 +00:00
Dave Rodgman	ca43e0d0ac	Fix test file extension Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-10 13:06:01 +00:00
Dave Rodgman	f2f2dbcfd7	Add test case for PKCS7 file with zero signers The test file was created by manually modifying tests/data_files/pkcs7_data_without_cert_signed.der, using ASN.1 JavaScript decoder https://lapo.it/asn1js/ Changes made: The SignerInfos set was truncated to zero length. All the parent sequences, sets, etc were then adjusted for their new reduced length. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-10 12:52:00 +00:00
Dave Rodgman	8657e3280a	Add corrupt PKCS #7 test files Generated by running "make <filename>" and commiting the result. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-09 15:59:15 +00:00
Xiaokang Qian	c96d2de569	Update corrupted char for pkcs7 corrupt signer info cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-03-07 10:35:47 +00:00
Xiaokang Qian	9c703d80ca	Add fuzz bad cases for signer info 1 and 2 Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-03-07 08:38:58 +00:00
Xiaokang Qian	8993a14567	Add unexpected tag cases for signer info 1 and 2 Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-03-07 08:38:58 +00:00
Xiaokang Qian	e8c696ffd1	Add invalid size test case for signer info[2](The third one) Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-03-07 08:38:58 +00:00
Xiaokang Qian	72b4bcac03	Add invalid size test case for signer info 1(the second one) Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-03-07 08:38:55 +00:00
Przemek Stekiel	8e83d3aaa9	Add tests for writting SAN to CSR Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-03 12:58:05 +01:00
Gilles Peskine	1eae11565d	Merge pull request #6949 from bensze01/replace_pkcs7_fuzzer_tests Replace fuzzer-generated PKCS #7 memory management tests	2023-03-01 10:46:22 +01:00
Bence Szépkúti	35d674a6ee	Replace usage of echo -e in pkcs7 data Makefile This use of the shell builtin is not portable. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-28 17:01:21 +01:00
Paul Elliott	ac2251dad1	Merge pull request #7076 from mprse/parse_RFC822_name Add parsing of x509 RFC822 name + test	2023-02-27 14:16:13 +00:00
Bence Szépkúti	248971348b	Replace fuzzer-generated PKCS7 regression tests This commit adds well-formed reproducers for the memory management issues fixed in the following commits: `290f01b3f5` `e7f8c616d0` `f7641544ea` Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-24 15:31:03 +01:00
Dave Rodgman	e42cedf256	Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased Pkcs7 fixes	2023-02-21 11:53:30 +00:00
Przemek Stekiel	608e3efc47	Add test for parsing SAN: rfc822Name Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-20 15:09:50 +01:00
Manuel Pégourié-Gonnard	718eb4f190	Merge pull request #7025 from AndrzejKurek/uri_san Add the uniformResourceIdentifier subtype for the subjectAltName	2023-02-20 11:29:59 +01:00
Dave Rodgman	c5874db5b0	Add test-case for signature over zero-length data Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-16 16:14:46 +00:00
Gilles Peskine	c5e2a4fe67	Merge pull request #6937 from valeriosetti/issue6886 Add test for PK parsing of keys using compressed points	2023-02-14 19:54:29 +01:00
Andrzej Kurek	570a0f808b	Move to DER certificates for new x509 tests Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-14 05:52:49 -05:00
Andrzej Kurek	7a05fab716	Added the uniformResourceIdentifier subtype for the subjectAltName. Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-13 10:03:07 -05:00
Dave Rodgman	a22749e749	Merge pull request #6816 from nick-child-ibm/pkcs7_coverage Pkcs7 coverage	2023-02-10 12:55:29 +00:00
Nick Child	3dafc6c3b3	pkcs7: Drop support for signature in contentInfo of signed data The contentInfo field of PKCS7 Signed Data structures can optionally contain the content of the signature. Per RFC 2315 it can also contain any of the PKCS7 data types. Add test and comments making it clear that the current implementation only supports the DATA content type and the data must be empty. Return codes should be clear whether content was invalid or unsupported. Identification and fix provided by: - Demi Marie Obenour <demiobenour@gmail.com> - Dave Rodgman <dave.rodgman@arm.com> Signed-off-by: Nick Child <nick.child@ibm.com>	2023-02-07 20:04:52 +00:00
Gilles Peskine	0cfb08ddf1	Merge pull request #6922 from mprse/csr_v3 Parsing v3 extensions from a CSR - v.2	2023-02-03 16:41:11 +01:00
Nick Child	a0c15d0fec	pkcs7/test: Add test cases for pkcs7 with 3 signers Previously, a loop in pkcs7_get_signers_info_set was not getting covered by tests. This was because when there are two or less signers, the loop will not execute. Therefore, add new data files for another signer and use three signers to generate a new pkcs7 DER file. Add a test case to make sure that verification is still successfula and use the test script to create ASN1 errors throoughout the stucture: ./generate_pkcs7_tests.py ../data_files/pkcs7_data_3_signed.der This results in the loop being executed. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-01-30 19:30:38 +00:00
Nick Child	e8a811650b	test/pkcs7: Add test for expired cert PKCS7 verification should fail if the signing cert is expired. Add test case for this condition. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-01-30 15:55:44 +00:00
Valerio Setti	18b9b035ad	test: add test for a full length serial of 0xFF Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-27 11:47:57 +01:00
Przemek Stekiel	d7992df529	Use input files to parse CSR instead of bytes Additionally fix the generation of test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der which was incorectly malformed. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-25 16:19:50 +01:00
Valerio Setti	de7bb5b361	test: add failing check for secp224r1 with compressed format The test is expected to fail, so we verify that this is really not suppported Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-25 14:02:03 +01:00
Przemek Stekiel	92cce3fe6d	Use extension .csr.der to indicate format Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-25 10:33:26 +01:00
Przemek Stekiel	160968586b	Add negative test cases and use DER format for CSRs Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:57:19 +01:00
Przemek Stekiel	e7fbbb3fbd	Generate csr files to test v3 extensions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:57:19 +01:00
Valerio Setti	ff15953a01	test: data: fix makefile error Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-16 17:34:53 +01:00
Valerio Setti	0c960160ae	test: extend makefile to generate keys with compressed points Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-16 16:56:30 +01:00
Valerio Setti	c60611b986	test: check pkparse with compressed ec Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-16 16:27:11 +01:00
Valerio Setti	856cec45eb	test: x509: add more tests for checking certificate serial - added 2 new certificates: 1 for testing a serial which is full lenght and another one for a serial which starts with 0x80 - added also proper Makefile and openssl configuration file to generate these 2 new certificates Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-12 17:01:45 +01:00
Gilles Peskine	72bffe02b7	Merge pull request #6663 from davidhorstmann-arm/fix-typo-unsupported Fix typo 'unsupoported' -> 'unsupported'	2022-11-29 21:44:27 +01:00
Gilles Peskine	4f01121f6e	Fix memory leak on error in pkcs7_get_signers_info_set mbedtls_x509_name allocates memory, which must be freed if there is a subsequent error. Credit to OSS-Fuzz (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53811). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-27 22:02:10 +01:00
Gilles Peskine	290f01b3f5	Fix dangling freed pointer on error in pkcs7_get_signers_info_set This fixes a use-after-free in PKCS#7 parsing when the signer data is malformed. Credit to OSS-Fuzz (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53798). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-27 21:55:29 +01:00
David Horstmann	119d7e2011	Fix typo 'unsupoported' -> 'unsupported' Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-11-25 15:50:30 +00:00
Bence Szépkúti	a17d038ee1	Merge branch 'development' into pr3431	2022-11-22 15:54:52 +01:00
Manuel Pégourié-Gonnard	edce0b42fb	Merge pull request #6454 from valeriosetti/issue4577 Adding unit test for mbedtls_x509write_csr_set_extension()	2022-11-15 09:39:07 +01:00
Valerio Setti	48e8fc737a	Adding unit test for mbedtls_x509write_csr_set_extension() The already existing "x509_csr_check()" function is extended in order to support/test also CSR's extensions. The test is performed by adding an extended key usage. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-14 13:32:07 +01:00
Dave Rodgman	f58172fe43	Merge remote-tracking branch 'origin/development' into pr3431	2022-11-10 09:54:49 +00:00
Gilles Peskine	4a480ac5a1	Merge pull request #6265 from Kabbah/x509-info-hwmodulename-hex `x509_info_subject_alt_name`: Render HardwareModuleName as hex	2022-11-08 17:11:07 +01:00
Nick Child	fc234b7b52	test/pkcs7: Add Windows CRLF EOF to data files Windows tests are failing pkcs7 verification due to differnt line endings. Therefore, add make instuctions for building the data files with Windows EOF instead. As a result, regenerate other data files so that verification works. Add these CRLF EOF files to the exception in check_files to ignore the line endings. Signed-off-by: Nick Child <nick.child@ibm.com>	2022-11-03 09:24:20 -05:00
Dave Rodgman	55fd0b9fc1	Merge pull request #6121 from daverodgman/pr277 cert_write - add a way to set extended key usages - rebase	2022-10-31 13:27:49 +00:00
Nick Child	73621ef0f0	pkcs7: Improve verify logic and rebuild test data Various responses to feedback regarding the pkcs7_verify_signed_data/hash functions. Mainly, merge these two functions into one to reduce redudant logic [1]. As a result, an identified bug about skipping over a signer is patched [2]. Additionally, add a conditional in the verify logic that checks if the given x509 validity period is expired [3]. During testing of this conditional, it turned out that all of the testing data was expired. So, rebuild all of the pkcs7 testing data to refresh timestamps. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r999652525 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r997090215 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967238206 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-10-28 11:24:25 -05:00
Ronald Cron	c9176a03a7	Merge pull request #6410 from gilles-peskine-arm/psa-pkparse-pkwrite-3.2 PSA with RSA requires PK_WRITE and PK_PARSE	2022-10-26 14:57:36 +02:00
Raef Coles	aa9d52bcdc	Rename LMS private key files to match library name Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 17:53:40 +01:00
Raef Coles	ce18e528ff	Rename LMS private key files And remove now-unnecessary modification to check_files.py Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 16:45:05 +01:00
Raef Coles	a6b47c0aac	Add LMS hsslms interop tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:55 +01:00
Raef Coles	90e13fc3c6	Add repro instructions for LMS test data Add more interop tests, and use real data for the negative tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:49 +01:00
Gilles Peskine	9624a5932e	Add mbedtls_dhm_parse_dhmfile test case with DER input dh.optlen.der is the result of converting dh.optlen.pem from PEM to DER. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-11 20:52:34 +02:00
Victor Barpp Gomes	d0225afcb6	Add a new test with a binary hwSerialNum Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>	2022-09-29 13:52:55 -03:00
XiaokangQian	335cfaadf9	Finalize client side code for psk Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-09-23 01:48:26 +00:00
Nick Child	45525d3768	pkcs7: Fix dependencies for pkcs7 tests Fixes include removing PEM dependency for greater coverage when PEM config is not set and defining test dependencies at the appropriate level. Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-01 19:45:41 -05:00
Manuel Pégourié-Gonnard	600bd30427	Avoid unwanted eol conversion of test data Also, text files don't need to be generated by the Makefile. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-01 19:45:41 -05:00
Nayna Jain	136c6aa467	mbedtls: add pkcs7 test data This commit adds the static test data generated by commands from Makefile. Signed-off-by: Nayna Jain <nayna@linux.ibm.com>	2022-09-01 19:45:41 -05:00
Nayna Jain	673a226698	pkcs7: add support for signed data OpenSSL provides APIs to generate only the signted data format PKCS7 i.e. without content type OID. This patch adds support to parse the data correctly even if formatted only as signed data Signed-off-by: Nayna Jain <nayna@linux.ibm.com>	2022-09-01 19:45:41 -05:00
Nayna Jain	c9deb184b0	mbedtls: add support for pkcs7 PKCS7 signing format is used by OpenPOWER Key Management, which is using mbedtls as its crypto library. This patch adds the limited support of pkcs7 parser and verification to the mbedtls. The limitations are: * Only signed data is supported. * CRLs are not currently handled. * Single signer is supported. Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Eric Richter <erichte@linux.ibm.com> Signed-off-by: Nayna Jain <nayna@linux.ibm.com>	2022-09-01 19:45:33 -05:00
Dave Rodgman	abdb0df91d	Fix test fails due to changes in cert generation Test certs were originally generated with an old version of Mbed TLS that used printableString where we now use utf8string (e.g., in the organizationName). Otherwise the certs are identical. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:25:45 +01:00
Nicholas Wilson	ca841d32db	Add test for mbedtls_x509write_crt_set_ext_key_usage, and fix reversed order Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:25:43 +01:00
Werner Lewis	f65a327111	Remove remaining bignum radix args Functions which are not covered by script, changes made to use radix 16. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-08-01 15:07:14 +01:00
Werner Lewis	b33dacdb50	Fix parsing of special chars in X509 DN values Use escape mechanism defined in RFC 1779 when parsing commas and other special characters in X509 DN values. Resolves failures when generating a certificate with a CSR containing a comma in subject value. Fixes #769. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 11:19:50 +01:00
Shaun Case	8b0ecbccf4	Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. Signed-off-by: Shaun Case <warmsocks@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-11 21:25:51 +01:00
Ronald Cron	64bff9f261	tests: data_files: Avoid symbolic links Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 15:09:57 +01:00
Jerry Yu	dda036d8e0	rename ecdsa_secpsha to ecdsa_secp* Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:20:43 +08:00
Jerry Yu	0f99af8c19	Add keys for tls13 compat tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:16:30 +08:00
TRodziewicz	f41dc7cb35	Removal of RC4 certs and fixes to docs and tests Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-21 13:27:29 +02:00
TRodziewicz	75628d51b3	Code review fixes Reverting some deleted tests and changing the deprecated algo Deleting deprecated headers from /alt-dummy dir Corrections to the comments Removal of deleted functions from compat-2.x.h Corrections to tests/data_files/Makefile Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-18 12:59:38 +02:00
TRodziewicz	10e8cf5fef	Remove MD2, MD4, RC4, Blowfish and XTEA Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-16 10:34:25 +02:00
Gilles Peskine	c6b0d96c31	More precise testing of dhm_min_len An SSL client can be configured to insist on a minimum size for the Diffie-Hellman (DHM) parameters sent by the server. Add several test cases where the server sends parameters with exactly the minimum size (must be accepted) or parameters that are one bit too short (must be rejected). Make sure that there are test cases both where the boundary is byte-aligned and where it isn't. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-04-01 14:18:31 +02:00
Dave Rodgman	6fbff5b557	Merge pull request #3698 from darrenkrahn/development Mark basic constraints critical as appropriate.	2021-01-17 18:06:18 +00:00
Darren Krahn	9c134cef35	Add build instructions for new test data. Signed-off-by: Darren Krahn <dkrahn@google.com>	2021-01-13 22:04:45 -08:00
Gilles Peskine	a282984c3d	Merge pull request #773 from paul-elliott-arm/discrepancy_cert Add missing tag check to signature check on certificate load	2020-12-03 12:19:39 +01:00

1 2 3 4 5 ...

351 commits