mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-27 14:41:22 +01:00

Author	SHA1	Message	Date
Gilles Peskine	bd26a8de92	More spelling corrections Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-12 19:22:08 +02:00
Gilles Peskine	64dbdc06fa	Merge pull request #7768 from lpy4105/backport-2.28/issue/renew_cert_2027-01-01 Backport 2.28: Updating crt/crl files due to expiry before 2027-01-01	2023-08-17 18:55:42 +00:00
Pengyu Lv	e453f9df10	Add description for invalid commands Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-08-17 16:32:34 +08:00
Pengyu Lv	96d0ef4f08	Fix invalid generation commands `serial_hex` option is not supported by `cert_write` in 2.28, use `serial` option instead. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-08-16 11:43:51 +08:00
Marek Jansta	0a6743b2de	Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate Signed-off-by: Marek Jansta <jansta@2n.cz>	2023-07-31 17:33:23 +02:00
Pengyu Lv	343ff1200d	Fix typo and long line format Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-19 11:41:12 +08:00
Jerry Yu	a69934f249	upgrade server9-bad-saltlen.crt Upgrade scripts ```python import subprocess from asn1crypto import pem, x509,core output_filename="server9-bad-saltlen.crt" tmp_filename="server9-bad-saltlen.crt.tmp" tmp1_filename="server9-bad-saltlen.crt.tmp1" subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \ -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \ -set_serial 24 -days 3650 \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \ -sigopt rsa_mgf1_md:sha256 -sha256 \ -in server9.csr -out {output_filename} ''',shell=True) with open(output_filename,'rb') as f: _,_,der_bytes=pem.unarmor(f.read()) target_certificate=x509.Certificate.load(der_bytes) with open(tmp_filename,'wb') as f: f.write(target_certificate['tbs_certificate'].dump()) subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \ -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}', shell=True) with open(tmp1_filename,'rb') as f: signature_value= core.OctetBitString(f.read()) with open(output_filename,'wb') as f: target_certificate['signature_value']=signature_value f.write(pem.armor('CERTIFICATE',target_certificate.dump())) ``` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-19 11:41:12 +08:00
Pengyu Lv	3ed1653df4	Add server9-bad-{mgfhash,saltlen}.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-19 11:41:12 +08:00
Pengyu Lv	4ac61a92cc	Add rules to generate server9*.crt Except for server9-bad-saltlen.crt and server9-bad-mgfhash.crt. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-19 11:41:12 +08:00
Jerry Yu	7d7b735514	Update server1-nospace.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-19 11:41:12 +08:00
Jerry Yu	4e573497d7	Update v1 crt files Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-19 11:41:12 +08:00
Pengyu Lv	5539dcb2d4	Add rules to generate cert_example_multi_nocn.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-19 11:41:12 +08:00
Pengyu Lv	0158966a73	Add rules to generate server5.[e]ku-*.crt Since cert_write in mbedtls-2.28 doesn't support write ext_key_usage extension, the commands are added just for alignment with development. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-19 11:41:12 +08:00
Pengyu Lv	4b7447cf45	Add rules to generate server2.ku-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-19 11:41:12 +08:00
Pengyu Lv	6acdd5c624	Add rule for server2-badsign.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-19 11:41:12 +08:00
Jerry Yu	233c93b44d	Update test-ca2.ku-*.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-19 11:41:12 +08:00
Pengyu Lv	34cfc35ce9	Fix the rule for server5-ss-forgeca.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-19 11:41:12 +08:00
Jerry Yu	8e0cc70e38	Add the rule and update server6-ss-child.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-19 11:41:12 +08:00
Jerry Yu	2aa312b136	Update server5-selfsigned.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-19 11:41:12 +08:00
Pengyu Lv	1fca541a5f	Remove redundant PHONY targets Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-14 09:55:51 +08:00
Pengyu Lv	a640339243	Fix long line format Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-14 09:55:51 +08:00
Pengyu Lv	8569c876a4	Add rules to generate crl_cat* Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:50:58 +08:00
Pengyu Lv	fe50030b5b	Add rules to generate test-int-ca{2,3}.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:45:14 +08:00
Pengyu Lv	381186b853	Add rules to generate test-ca2_cat-*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:36:32 +08:00
Pengyu Lv	43ad9848db	Add rules to generate server10*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:35:10 +08:00
Pengyu Lv	4217429a46	Add rules to generate server8*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:30:10 +08:00
Pengyu Lv	30cd6b0964	Add rules to generate server7*.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:27:20 +08:00
Jerry Yu	324a43b4ac	Add rules to generate server6.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-13 17:24:11 +08:00
Jerry Yu	fa4ef28c00	Add rules to generate server5-sha*.crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-13 17:22:45 +08:00
Jerry Yu	c2d694e367	Add server5-der*crt generate command Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-13 17:20:01 +08:00
Jerry Yu	111f4353f7	Add rules to generate server5[-badsign].crt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-06-13 17:08:45 +08:00
Pengyu Lv	746e2d133d	Add rules to generate server4.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 17:05:10 +08:00
Pengyu Lv	a3d7bb8059	Add rules to generate server3.crt Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 16:49:19 +08:00
Pengyu Lv	f287e2a528	Mark all_intermediate as intermediate files Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-06-13 16:45:11 +08:00
Andrzej Kurek	8985146f03	Fix wrong makefile target Missing tab and a prerequisite that's not a file Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-22 09:48:30 -04:00
Mukesh Bharsakle	2599a71c74	updating test-ca.key to use AES instead of DES	2023-05-10 12:12:40 +01:00
Valerio Setti	b4468c45ac	test: fix makefile for ec_pub.[der/pem] generation Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-02 16:04:46 +02:00
Valerio Setti	755582b297	fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-24 10:47:36 +02:00
Valerio Setti	f1477da185	test: pkwrite: backport of issue 7446 Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-18 16:58:22 +02:00
David Horstmann	f3fee1299e	Fix typo 'unsupoported' -> 'unsupported' Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-11-25 15:54:07 +00:00
Manuel Pégourié-Gonnard	8d8266468b	Merge pull request #6509 from valeriosetti/issue4577-backport Backport 2.28: Adding unit test for mbedtls_x509write_csr_set_extension	2022-11-15 09:39:11 +01:00
Valerio Setti	d3f7df4b8a	Adding unit test for mbedtls_x509write_csr_set_extension() The already existing "x509_csr_check()" function is extended in order to support/test also CSR's extensions. The test is performed by adding an extended key usage. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-14 13:32:48 +01:00
Victor Barpp Gomes	7e5426d696	Add a new test with a binary hwSerialNum Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>	2022-09-30 09:32:27 -03:00
Werner Lewis	02c9d3b9c2	Fix parsing of special chars in X509 DN values Use escape mechanism defined in RFC 1779 when parsing commas and other special characters in X509 DN values. Resolves failures when generating a certificate with a CSR containing a comma in subject value. Fixes #769. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-08 14:38:38 +01:00
Gilles Peskine	c6b0d96c31	More precise testing of dhm_min_len An SSL client can be configured to insist on a minimum size for the Diffie-Hellman (DHM) parameters sent by the server. Add several test cases where the server sends parameters with exactly the minimum size (must be accepted) or parameters that are one bit too short (must be rejected). Make sure that there are test cases both where the boundary is byte-aligned and where it isn't. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-04-01 14:18:31 +02:00
Dave Rodgman	6fbff5b557	Merge pull request #3698 from darrenkrahn/development Mark basic constraints critical as appropriate.	2021-01-17 18:06:18 +00:00
Darren Krahn	9c134cef35	Add build instructions for new test data. Signed-off-by: Darren Krahn <dkrahn@google.com>	2021-01-13 22:04:45 -08:00
Gilles Peskine	a282984c3d	Merge pull request #773 from paul-elliott-arm/discrepancy_cert Add missing tag check to signature check on certificate load	2020-12-03 12:19:39 +01:00
Paul Elliott	ca17ebfbc0	Add tag check to cert algorithm check Add missing tag check for algorithm parameters when comparing the signature in the description part of the cert against the actual signature whilst loading a certificate. This was found by a certificate (created by fuzzing) that openssl would not verify, but mbedtls would. Regression test added (one of the client certs modified accordingly) Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2020-11-26 16:34:16 +00:00
Ronald Cron	8f24a8bb34	Merge pull request #3595 from gilles-peskine-arm/cert-gen-cleanup-202008-development Minor cleanups in certificate generation	2020-10-15 13:32:53 +02:00

1 2 3

112 Commits