cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-07 06:05:03 -04:00
Code Issues Packages Projects Releases Wiki Activity
18,126 Commits 7 Branches 115 Tags
Commit Graph

276 Commits

Author SHA1 Message Date
Gilles Peskine
bd26a8de92 More spelling corrections 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-12 19:22:08 +02:00
Gilles Peskine
64dbdc06fa
Merge pull request #7768 from lpy4105/backport-2.28/issue/renew_cert_2027-01-01 
Backport 2.28: Updating crt/crl files due to expiry before 2027-01-01
 2023-08-17 18:55:42 +00:00
Pengyu Lv
e453f9df10 Add description for invalid commands 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-08-17 16:32:34 +08:00
Pengyu Lv
96d0ef4f08 Fix invalid generation commands 
`serial_hex` option is not supported by `cert_write` in 2.28,
use `serial` option instead.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-08-16 11:43:51 +08:00
Marek Jansta
0a6743b2de Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate 
Signed-off-by: Marek Jansta <jansta@2n.cz>
 2023-07-31 17:33:23 +02:00
Pengyu Lv
343ff1200d Fix typo and long line format 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
ea8027921b Update crl-rsa-pss-*.pem manually 
The rules will be in a seperate PR.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
a69934f249 upgrade server9-bad-saltlen.crt 
Upgrade scripts
```python
import subprocess
from asn1crypto import pem, x509,core

output_filename="server9-bad-saltlen.crt"
tmp_filename="server9-bad-saltlen.crt.tmp"
tmp1_filename="server9-bad-saltlen.crt.tmp1"

subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \
        -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \
        -set_serial 24 -days 3650 \
        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
        -sigopt rsa_mgf1_md:sha256 -sha256 \
        -in server9.csr -out {output_filename}
''',shell=True)

with open(output_filename,'rb') as f:
    _,_,der_bytes=pem.unarmor(f.read())
    target_certificate=x509.Certificate.load(der_bytes)

with open(tmp_filename,'wb') as f:
    f.write(target_certificate['tbs_certificate'].dump())

subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \
                        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \
                        -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}',
                        shell=True)

with open(tmp1_filename,'rb') as f:
    signature_value= core.OctetBitString(f.read())

with open(output_filename,'wb') as f:
    target_certificate['signature_value']=signature_value
    f.write(pem.armor('CERTIFICATE',target_certificate.dump()))
```

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
33536d170e Update server9*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
3ed1653df4 Add server9-bad-{mgfhash,saltlen}.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
4ac61a92cc Add rules to generate server9*.crt 
Except for server9-bad-saltlen.crt and
server9-bad-mgfhash.crt.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
7d7b735514 Update server1-nospace.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
4e573497d7 Update v1 crt files 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
124b75a09a Update cert_example_multi_nocn.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
5539dcb2d4 Add rules to generate cert_example_multi_nocn.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
fce773e0e9 Update server5.[e]ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
0158966a73 Add rules to generate server5.[e]ku-*.crt 
Since cert_write in mbedtls-2.28 doesn't support
write ext_key_usage extension, the commands are
added just for alignment with development.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
5a4cc39f39 Update server2.ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
4b7447cf45 Add rules to generate server2.ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
6acdd5c624 Add rule for server2-badsign.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
233c93b44d Update test-ca2.ku-*.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
34cfc35ce9 Fix the rule for server5-ss-forgeca.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
8e0cc70e38 Add the rule and update server6-ss-child.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
2aa312b136 Update server5-selfsigned.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
e1136d5eb4 Update test-ca2.crt[.der] and server5.crt[.der] 
Update these files to match the data in `library/certs.c`.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 10:17:21 +08:00
Pengyu Lv
1fca541a5f Remove redundant PHONY targets 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-14 09:55:51 +08:00
Pengyu Lv
a640339243 Fix long line format 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-14 09:55:51 +08:00
Pengyu Lv
9dbd1df175 Update crl-ec-sha*.pem, crl.pem, crl_cat_*.pem 
This commit updates the files manually, the rules
of generating these files will be upload in other
PR.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:51:08 +08:00
Pengyu Lv
8569c876a4 Add rules to generate crl_cat* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:50:58 +08:00
Pengyu Lv
dc66d3a34c Update server10*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:49:02 +08:00
Pengyu Lv
f23ecc1941 Update server8*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:48:31 +08:00
Pengyu Lv
3ff09ec78f Update server7*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:47:47 +08:00
Pengyu Lv
d5be96c4c7 Update test-int-ca*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:45:39 +08:00
Pengyu Lv
fe50030b5b Add rules to generate test-int-ca{2,3}.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:45:14 +08:00
Pengyu Lv
bb0fd701ad Update test-ca2_cat-*.crt and test-ca_cat*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:42:04 +08:00
Pengyu Lv
e106de0ebb Update server6.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:41:11 +08:00
Pengyu Lv
e340675475 Update test-ca[1|2].crt[.der] 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:39:02 +08:00
Pengyu Lv
d8893ccb9b Update server5[-der*|-sha*].crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:38:24 +08:00
Pengyu Lv
381186b853 Add rules to generate test-ca2_cat-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:36:32 +08:00
Pengyu Lv
43ad9848db Add rules to generate server10*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:35:10 +08:00
Pengyu Lv
4217429a46 Add rules to generate server8*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:30:10 +08:00
Pengyu Lv
30cd6b0964 Add rules to generate server7*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:27:20 +08:00
Jerry Yu
324a43b4ac Add rules to generate server6.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-13 17:24:11 +08:00
Jerry Yu
fa4ef28c00 Add rules to generate server5-sha*.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-13 17:22:45 +08:00
Jerry Yu
c2d694e367 Add server5-der*crt generate command 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-13 17:20:01 +08:00
Jerry Yu
111f4353f7 Add rules to generate server5[-badsign].crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-13 17:08:45 +08:00
Pengyu Lv
be8faab205 Update server3.crt and server4.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:06:37 +08:00
Pengyu Lv
746e2d133d Add rules to generate server4.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 17:05:10 +08:00
Pengyu Lv
a3d7bb8059 Add rules to generate server3.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 16:49:19 +08:00
Pengyu Lv
f287e2a528 Mark all_intermediate as intermediate files 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-13 16:45:11 +08:00