Teppo Järvelin
91d7938761
Changed every memcpy to SCA equivalent mbedtls_platform_memcpy
...
This makes physical attacks more difficult.
2019-10-30 14:07:04 +02:00
Simon Butcher
e2bf54d3d1
Merge remote-tracking branch 'public/pr/2877' into baremetal
2019-10-23 14:53:29 +01:00
Manuel Pégourié-Gonnard
7a346b866c
Replace memset() with mbedtls_platform_memset()
...
Steps:
1. sed -i 's/\bmemset(\([^)]\)/mbedtls_platform_memset(\1/g' library/*.c tinycrypt/*.c include/mbedtls/*.h scripts/data_files/*.fmt
2. Manually edit library/platform_util.c to revert to memset() in the
implementations of mbedtls_platform_memset() and mbedtls_platform_memcpy()
3. egrep -n '\<memset\>' library/*.c include/mbedtls/*.h tinycrypt/*.c
The remaining occurrences are in three categories:
a. From point 2 above.
b. In comments.
c. In the initialisation of memset_func, to be changed in a future commit.
2019-10-22 10:03:07 +02:00
Teppo Järvelin
61f412eb58
Changed every memcmp to SCA equivalent mbedtls_platform_memcmp
...
This makes physical attacks more difficult.
Selftest memcmp functions were not changed.
2019-10-03 13:14:33 +03:00
irwir
2239a868f7
Clear pk context and other minor changes in *_free() procedures
2018-06-12 18:25:09 +03:00
Andres Amaya Garcia
1f6301b3c8
Rename mbedtls_zeroize to mbedtls_platform_zeroize
2018-04-17 10:00:21 -05:00
Andres Amaya Garcia
e32df087fb
Remove individual copies of mbedtls_zeroize()
...
This commit removes all the static occurrencies of the function
mbedtls_zeroize() in each of the individual .c modules. Instead the
function has been moved to utils.h that is included in each of the
modules.
2018-04-17 09:19:05 -05:00
Gilles Peskine
a7b34c7810
Merge remote-tracking branch 'upstream-public/pr/1406' into development-proposed
2018-03-22 21:52:48 +01:00
Gilles Peskine
a31d8206b1
Merge remote-tracking branch 'upstream-public/pr/778' into development-proposed
2018-03-12 23:45:08 +01:00
ILUXONCHIK
060fe37496
fix typo in pem.c
2018-02-25 20:59:09 +00:00
Jaeden Amero
66954e1c1f
Merge branch 'development' into development-restricted
2018-01-25 17:28:31 +00:00
Andres Amaya Garcia
f1ee63562a
Style fixes in pem, x509_crl and buf_alloc
2018-01-23 19:37:44 +00:00
Andres AG
9cf1f96a7b
Fix corner case uses of memory_buffer_alloc.c
...
The corner cases fixed include:
* Allocating a buffer of size 0. With this change, the allocator now
returns a NULL pointer in this case. Note that changes in pem.c and
x509_crl.c were required to fix tests that did not work under this
assumption.
* Initialising the allocator with less memory than required for headers.
* Fix header chain checks for uninitialised allocator.
2018-01-23 19:37:44 +00:00
Gilles Peskine
9e4f77c606
New MD API: rename functions from _ext to _ret
...
The _ext suffix suggests "new arguments", but the new functions have
the same arguments. Use _ret instead, to convey that the difference is
that the new functions return a value.
2018-01-22 11:54:42 +01:00
Gilles Peskine
d91f2a26cb
Merge branch 'development' into iotssl-1251-2.7
...
Conflict resolution:
* ChangeLog: put the new entries in their rightful place.
* library/x509write_crt.c: the change in development was whitespace
only, so use the one from the iotssl-1251 feature branch.
2018-01-19 11:25:10 +01:00
Gilles Peskine
7fb29b17c7
Merge branch 'development' into development-restricted
2017-11-28 18:46:09 +01:00
Gilles Peskine
7ca6d1fdd4
Merge remote-tracking branch 'upstream-restricted/pr/399' into development-restricted
2017-11-28 14:17:53 +01:00
Ron Eldor
65112b15e6
Adress Hannos's comments
...
Remove zeroizing buffer, as it was done already in PR #369
Check that buffer is not null by `!= NULL` statement
2017-09-06 17:09:41 +03:00
Ron Eldor
9d84b4c102
update after Andres comments
...
Update after Andres coments:
1. zeroize the buffer in `mbedtls_pem_read_buffer()` before freeing it
2. use `mbedtls_zeroize()` instead of `memset()`
2017-09-05 17:17:31 +03:00
Ron Eldor
31162e4423
Set PEM buffer to zero before freeing it
...
Set PEM buffer to zero before freeing it, to avoid private keys
being leaked to memory after releasing it.
2017-09-05 15:34:35 +03:00
Andres Amaya Garcia
92d46f0246
Zeroize buf if mbedtls_base64_decode() fails
2017-07-07 10:46:51 +01:00
Andres Amaya Garcia
8d08c4489e
Change pem to use new MD API and check ret code
2017-06-29 11:16:38 +01:00
Andres Amaya Garcia
03d70504ca
Zeroize heap buf on failure in pem.c
2017-06-26 11:44:54 +01:00
Andres AG
51a7ae1353
Add missing ret code checks in PEM module
...
Add missing return code checks in the functions pem_des_decrypt(),
pem_3des_decrypt() and pem_aes_decrypt() so that the calling function
mbedtls_pem_read_buffer() is notified of errors reported by the crypto
primitives AES, DES and 3DES.
2017-05-30 16:40:36 +01:00
Andres AG
c0db511820
Fix unused variable/function compilation warnings
...
This PR fixes a number of unused variable/function compilation warnings
that arise when using a config.h that does not define the macro
MBEDTLS_PEM_PARSE_C.
2017-02-15 22:54:42 +02:00
Andres AG
703990b839
Fix buffer overreads in mbedtls_pem_read_buffer()
2016-10-24 13:00:37 +01:00
Simon Butcher
a45aa1399b
Merge of IOTSSL-476 - Random malloc in pem_read()
2015-10-05 00:26:36 +01:00
Manuel Pégourié-Gonnard
37ff14062e
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
052d10c9d5
Accept a trailing space at end of PEM lines
...
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
closes #226
2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard
6fb8187279
Update date in copyright line
2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
ba56136b5c
Avoid in-out length in base64
2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard
6a8ca33fa5
Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED
2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9
Replace malloc with calloc
...
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e
The Great Renaming
...
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
7f8099773e
Rename include directory to mbedtls
2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
fe44643b0e
Rename website and repository
2015-03-06 13:17:10 +00:00
Mansour Moufid
c531b4af3c
Apply the semantic patch rm-malloc-cast.cocci.
...
for dir in library programs; do
spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
--in-place;
done
2015-02-16 10:43:52 +00:00
Rich Evans
ce2f237697
change test function includes to use one convention
2015-02-10 11:28:46 +00:00
Rich Evans
00ab47026b
cleanup library and some basic tests. Includes, add guards to includes
2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard
860b51642d
Fix url again
2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard
085ab040aa
Fix website url to use https.
2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c
Remove maintainer line.
2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa
Remove redundant "all rights reserved"
2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
a658a4051b
Update copyright
2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c
Change name to mbed TLS in the copyright notice
2015-01-22 14:28:16 +00:00
Paul Bakker
5b4af39a36
Add _init() and _free() for hash modules
2014-07-09 10:19:23 +02:00
Paul Bakker
c7ea99af4f
Add _init() and _free() for cipher modules
2014-07-09 10:19:22 +02:00
Paul Bakker
3461772559
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-06-14 16:46:03 +02:00
Paul Bakker
14b16c62e9
Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker)
...
Move strlen out of for loop.
Remove redundant null checks before free.
2014-05-28 11:34:33 +02:00
Paul Bakker
b9e4e2c97a
Fix formatting: fix some 'easy' > 80 length lines
2014-05-01 14:18:25 +02:00