Refactor `mpi_write_hlp()` to not be recursive, to fix stack overflows.
Iterate over the `mbedtls_mpi` division of the radix requested,
until it is zero. Each iteration, put the residue in the next LSB
of the output buffer. Fixes#2190
In mbedtls_mpi_write_binary, avoid leaking the size of the number
through timing or branches, if possible. More precisely, if the number
fits in the output buffer based on its allocated size, the new code's
trace doesn't depend on the value of the number.
Detect Git merge artifacts. These are lines starting with "<<<<<<",
"|||||||" or ">>>>>>>" followed by a space, or containing just
"=======". For "=======", exempt Markdown files, because this can be
used to underline a title, as a compromise between false negatives and
false positives.
Previously, when checking whether a CRT was revoked through
one of the configured CRLs, the library would only consider
those CRLs whose `issuer` field binary-matches the `subject`
field of the CA that has issued the CRT in question. If those
fields were not binary equivalent, the corresponding CRL was
discarded.
This is not in line with RFC 5280, which demands that the
comparison should be format- and case-insensitive. For example:
- If the same string is once encoded as a `PrintableString` and
another time as a `UTF8String`, they should compare equal.
- If two strings differ only in their choice of upper and lower case
letters, they should compare equal.
This commit fixes this by using the dedicated x509_name_cmp()
function to compare the CRL issuer with the CA subject.
Fixes#1784.
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.
The test files were generated using PR #1641 which
- adds a build instruction for test-ca.crt to
tests/data_files/Makefile which allows easy
change of the subject DN.
- changes the default string format from `PrintableString`
to `UTF8String`.
Specifically:
- `test-ca_utf8.crt` was generated by running
`rm test-ca.crt && make test-ca.crt`
on PR #1641.
- `test-ca_uppercase.crt`, too, was generated by running
`rm test-ca.crt && make test-ca.crt`
on PR #1641, after modifying the subject DN line in the build
instruction for `test-ca.crt` in `tests/data_files/Makefile`.
- `test-ca_printable.crt` is a copy of `test-ca.crt`
because at the time of this commit, `PrintableString` is
still the default string format.
Enable passing a number to "-v" in order to set the level of verbosity.
Print detailed test failure information at verbosity level 1 or higher.
Display summary messages at the verbosity level 2 or higher. Print
detailed test information at verbosity level 3 or higher, whether the
test failed or not. This enables a more readable output style that
includes detailed failure information when a failure occurs.
This commit fixes issue #1212 related to platform-specific entropy
polling in an syscall-emulated environment.
Previously, the implementation of the entropy gathering function
`mbedtls_platform_entropy_poll()` for linux machines used the
following logic to determine how to obtain entropy from the kernel:
1. If the getrandom() system call identifier SYS_getrandom is present and
the kernel version is 3.17 or higher, use syscall( SYS_getrandom, ... )
2. Otherwise, fall back to reading from /dev/random.
There are two issues with this:
1. Portability:
When cross-compiling the code for a different
architecture and running it through system call
emulation in qemu, qemu reports the host kernel
version through uname but, as of v.2.5.0,
doesn't support emulating the getrandom() syscall.
This leads to `mbedtls_platform_entropy_poll()`
failing even though reading from /dev/random would
have worked.
2. Style:
Extracting the linux kernel version from
the output of `uname` is slightly tedious.
This commit fixes both by implementing the suggestion in #1212:
- It removes the kernel-version detection through uname().
- Instead, it checks whether `syscall( SYS_getrandom, ... )`
fails with errno set to ENOSYS indicating an unknown system call.
If so, it falls through to trying to read from /dev/random.
Fixes#1212.
Use `( x >> y ) & z` instead of `x >> y & z`. Both are equivalent
by operator precedence, but the former is more readable and the
commonly used idiom in the library.