Hanno Becker
f601ec5f34
Reliably zeroize sensitive data in Crypt-and-Hash sample application
...
The AES sample application programs/aes/crypt_and_hash could miss
zeroizing the stack-based key buffer in case of an error during
operation. This commit fixes this and also clears all command line
arguments (one of which might be the key) before exit.
2017-07-28 22:28:08 +01:00
Andres AG
6b171e4aec
Fix potential integer overflow parsing DER CRT
...
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-28 22:28:04 +01:00
Andres AG
ce49a25033
Fix potential integer overflow parsing DER CRL
...
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
2017-07-28 22:28:04 +01:00
Ron Eldor
2dfb02151d
Move the git scripts to correct path
...
The git scripts were accidently put in `test` folder instead of `tests`.
Moved them to `tests` folder
2017-07-28 22:28:04 +01:00
Ron Eldor
cf61d7d992
Update after @sbutcher-arm comments
...
1. Move the scripts to test/git-scripts folder
2. Support the script to run independant, not only with git
3. modify Readme accordingly
2017-07-28 22:28:04 +01:00
Ron Eldor
13067fca9d
Fix slash direction for linux path
...
Update direction of the slash, for linux path, after @hanno-arm comments
2017-07-28 22:28:04 +01:00
Ron Eldor
e9b3f7ea3f
Add note for the git_hoos README file
...
Add a note to the git_hooks README.md file, to state that currently
they only work on GNU platforms
2017-07-28 22:28:04 +01:00
Ron Eldor
f16ce1cfb7
Pre push hook script
...
Add git_hook folder, and pre-push script,
to be soft linked from .git/hooks/pre-push
2017-07-28 22:28:04 +01:00
Ron Eldor
a207e75089
Check return code of mbedtls_mpi_fill_random
...
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-28 22:27:30 +01:00
Ron Eldor
7faf92a2fe
Resource leak fix on windows platform
...
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-28 22:27:30 +01:00
Ron Eldor
368d55c549
Wrong preproccessor condition fix
...
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-28 22:27:30 +01:00
Ron Eldor
d5a75f44a1
fix for issue 1118: check if iv is zero in gcm.
...
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-28 22:27:29 +01:00
Janos Follath
c08d9ddd55
Remove mutexes from ECP hardware acceleration
...
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.
Fixes #863
2017-07-28 22:27:29 +01:00
Hanno Becker
c6f346b60c
Fix get option in config.pl script
2017-07-28 16:45:55 +01:00
Simon Butcher
bcfa6f42e3
Fix the check for max CA intermediates in ssl-opt.sh
...
The tests only work for a specific number for MBEDTLS_X509_MAX_INTERMEDIATE_CA
so the check has been changed to confirm the default value, and to show an error
otherwise.
2017-07-28 16:43:33 +01:00
Simon Butcher
efdfeeba6a
Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA
2017-07-28 12:15:13 +01:00
Simon Butcher
85097c7c38
Merge branch 'development'
2017-07-28 01:12:38 +01:00
Simon Butcher
b060cc21b1
Reorder and group sections in the ChangeLog
2017-07-28 01:04:34 +01:00
Simon Butcher
06b786372c
Change a ssl-opt.sh script sanity checks
...
Change the check in ssl-opt.sh for MBEDTLS_X509_MAX_INTERMEDIATE_CA to
check config.h instead of the x509 headers.
2017-07-28 01:00:17 +01:00
Simon Butcher
00d3cc61a6
Fix merge errors in ChangeLog
2017-07-27 21:44:34 +01:00
Andres AG
2e3ddfac5f
Prevent signed integer overflow in CSR parsing
...
Modify the function mbedtls_x509_csr_parse_der() so that it checks the
parsed CSR version integer before it increments the value. This prevents
a potential signed integer overflow, as these have undefined behaviour
in the C standard.
2017-07-27 21:44:34 +01:00
Andres AG
80164741e1
Fix potential integer overflow parsing DER CRT
...
This patch prevents a potential signed integer overflow during the
certificate version verification checks.
2017-07-27 21:44:34 +01:00
Andres AG
7d6ec7bacc
Add CRT DER tests with incorrect version
2017-07-27 21:44:34 +01:00
Andres AG
c124061681
Add CRL DER tests with incorrect version
2017-07-27 21:44:34 +01:00
Andres AG
6fb6d79a37
Add CSR DER tests with incorrect version
2017-07-27 21:44:34 +01:00
Andres AG
4f753c1186
Fix potential integer overflow parsing DER CRL
...
This patch prevents a potential signed integer overflow during the
CRL version verification checks.
2017-07-27 21:44:34 +01:00
Ron Eldor
d922c78aa4
Move the git scripts to correct path
...
The git scripts were accidently put in `test` folder instead of `tests`.
Moved them to `tests` folder
2017-07-27 21:44:34 +01:00
Ron Eldor
d731eb8f55
Update after @sbutcher-arm comments
...
1. Move the scripts to test/git-scripts folder
2. Support the script to run independant, not only with git
3. modify Readme accordingly
2017-07-27 21:44:34 +01:00
Ron Eldor
50bdf74b5c
Fix slash direction for linux path
...
Update direction of the slash, for linux path, after @hanno-arm comments
2017-07-27 21:44:34 +01:00
Ron Eldor
3f9cc28f02
Add note for the git_hoos README file
...
Add a note to the git_hooks README.md file, to state that currently
they only work on GNU platforms
2017-07-27 21:44:34 +01:00
Ron Eldor
bf007d297d
Pre push hook script
...
Add git_hook folder, and pre-push script,
to be soft linked from .git/hooks/pre-push
2017-07-27 21:44:34 +01:00
Simon Butcher
6f262c4e3e
Minor typo fixes in the github template files
2017-07-27 21:44:34 +01:00
Ron Eldor
05b9498d94
Update after Simon's comment
...
Update the comment with Simon's comments
2017-07-27 21:44:34 +01:00
Ron Eldor
4b53513db5
github templates
...
Add templates for github, for templates to be used in new issues and new
PRs
2017-07-27 21:44:34 +01:00
Simon Butcher
2c4d558873
Fixes test for MBEDTLS_NO_UDBL_DIVISION
...
The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h
for the next test.
Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-27 21:44:34 +01:00
Simon Butcher
256da0f0d8
Added missing credit to Changelog and format fixes
2017-07-27 21:44:34 +01:00
Ron Eldor
80697a0c11
Check return code of mbedtls_mpi_fill_random
...
Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
2017-07-27 21:44:34 +01:00
Ron Eldor
b2d6e591f9
Resource leak fix on windows platform
...
Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
2017-07-27 21:44:34 +01:00
Ron Eldor
5843db932d
Wrong preproccessor condition fix
...
Fix for issue #696
Change #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C)
2017-07-27 21:44:34 +01:00
Ron Eldor
e13b224d17
fix for issue 1118: check if iv is zero in gcm.
...
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 21:44:34 +01:00
Janos Follath
325294013f
Remove mutexes from ECP hardware acceleration
...
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.
Fixes #863
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
c630ce6b4c
Improve MBEDTLS_NO_UDBL_DIVISION description
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
f755bb3adf
Remove MBEDTLS_TYPE_UDBL tests from all.sh
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
df1486afe4
Remove MBEDTLS_TYPE_UDBL option
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
465db7eba1
Fix no 64-bit division test in all.sh
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
9946783218
Add tests for 64 and 32-bit int types compilation
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
b39467dda7
Fix check_config.h #error directive
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
93db11a395
Fix typo in check_config.h
2017-07-27 21:44:33 +01:00
Gilles Peskine
683ac27b0f
Checked names
2017-07-27 21:44:33 +01:00
Gilles Peskine
b1a977f5a7
MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
...
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-27 21:44:33 +01:00