yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-11 10:55:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'mbedtls-2.6' into iotssl-1381-x509-verify-refactor-restricted

Browse source 
* mbedtls-2.6: (27 commits)
  Update version number to 2.6.0
  Fix language in Changelog for clarity
  Improve documentation of PKCS1 decryption functions
  Fix style and missing item in ChangeLog
  Add credit to Changelog to fix for #666
  Fix naked call to time() with platform call
  Fix ChangeLog for duplication after merge
  Rename time and index parameter to avoid name conflict.
  Correct comment
  Adapt ChangeLog
  Reliably zeroize sensitive data in AES sample application
  Reliably zeroize sensitive data in Crypt-and-Hash sample application
  Fix potential integer overflow parsing DER CRT
  Fix potential integer overflow parsing DER CRL
  Move the git scripts to correct path
  Update after @sbutcher-arm comments
  Fix slash direction for linux path
  Add note for the git_hoos README file
  Pre push hook script
  Check return code of mbedtls_mpi_fill_random
  ...
This commit is contained in:
Manuel Pégourié-Gonnard 2017-08-31 10:09:43 +02:00
parent be2f0b5e27 72ea31b026
commit 4b6e210d00
15 changed files with 116 additions and 97 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
ChangeLog
View file

@ -1,69 +1,80 @@
mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS x.x.x branch released xxxx-xx-xx
= mbed TLS 2.6.0 branch released 2017-08-10
Security
* Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
* Fix authentication bypass in SSL/TLS: when authmode is set to optional,
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
(default: 8) intermediates, even when it was not trusted. Could be
triggered remotely on both sides. (With auth_mode set to required
(default), the handshake was correctly aborted.)
(default: 8) intermediates, even when it was not trusted. This could be
triggered remotely from either side. (With authmode set to 'required'
(the default), the handshake was correctly aborted).
* Reliably wipe sensitive data after use in the AES example applications
programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
Found by Laurent Simon.
Features
* Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown()
and the context struct mbedtls_platform_context to perform
platform-specific setup and teardown operations. The macro
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
by the user in a platform_alt.h file. This new APIs are required in some
embedded environments that have hardware acceleration support.
by the user in a platform_alt.h file. These new functions are required in
some embedded environments to provide a means of initialising underlying
cryptographic acceleration hardware.
API Changes
* Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
API consistent with mbed TLS 2.5.0. Specifically removed the inline
qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt,
mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978
Found by James Cowgill.
mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found
by James Cowgill. #978
* Certificate verification functions now set flags to -1 in case the full
chain was not verified due to an internal error (including in the verify
callback) or chain length limitations.
* With authmode set to optional, handshake is now aborted if the
* With authmode set to optional, the TLS handshake is now aborted if the
verification of the peer's certificate failed due to an overlong chain or
a fatal error in the vrfy callback.
a fatal error in the verify callback.
Bugfix
* Add a check if iv_len is zero, and return an error if it is zero. reported
by roberto. #716
* Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
* Add a check if iv_len is zero in GCM, and return an error if it is zero.
Reported by roberto. #716
* Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
always be implemented by pthread support. Fix for #696
* Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
In case of failure, when an error occures, goto cleanup.
Found by redplait #590
always be implemented by pthread support. #696
* Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(),
in the case of an error. Found by redplait. #590
* Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
Reported and fix suggested by guidovranken in #740
Reported and fix suggested by guidovranken. #740
* Fix conditional preprocessor directives in bignum.h to enable 64-bit
compilation when using ARM Compiler 6.
* Fix a potential integer overflow in the version verification for DER
encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
encoded X.509 CRLs. The overflow could enable maliciously constructed CRLs
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
KNOX Security, Samsung Research America
* Fix potential integer overflow in the version verification for DER
encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
encoded X.509 CSRs. The overflow could enable maliciously constructed CSRs
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
KNOX Security, Samsung Research America
* Fix a potential integer overflow in the version verification for DER
encoded X509 certificates. The overflow would enable maliciously
encoded X.509 certificates. The overflow could enable maliciously
constructed certificates to bypass the certificate verification check.
* Fix a call to the libc function time() to call the platform abstraction
function mbedtls_time() instead. Found by wairua. #666
* Avoid shadowing of time and index functions through mbed TLS function
arguments. Found by inestlerode. #557.
Changes
* Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of
64-bit division. #708
64-bit division. This is useful on embedded platforms where 64-bit division
created a dependency on external libraries. #708
* Removed mutexes from ECP hardware accelerator code. Now all hardware
accelerator code in the library leaves concurrency handling to the
platform. Reported by Steven Cooreman. #863
* Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file
config-no-entropy.h to reduce the RAM footprint.
* Added a test script that can be hooked into git that verifies commits
before they are pushed.
* Improve documentation of PKCS1 decryption functions.
= mbed TLS 2.5.1 released 2017-06-21

2
doxygen/input/doc_mainpage.h
View file

@ -21,7 +21,7 @@
*/
/**
* @mainpage mbed TLS v2.5.1 source code documentation
* @mainpage mbed TLS v2.6.0 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in

2
doxygen/mbedtls.doxyfile
View file

@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
PROJECT_NAME = "mbed TLS v2.5.1"
PROJECT_NAME = "mbed TLS v2.6.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or

4
include/mbedtls/ecp.h
View file

@ -461,7 +461,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp
* \brief Set a group using well-known domain parameters
*
* \param grp Destination group
* \param index Index in the list of well-known domain parameters
* \param id Index in the list of well-known domain parameters
*
* \return 0 if successful,
* MBEDTLS_ERR_MPI_XXX if initialization failed
@ -470,7 +470,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp
* \note Index should be a value of RFC 4492's enum NamedCurve,
* usually in the form of a MBEDTLS_ECP_DP_XXX macro.
*/
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index );
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
/**
* \brief Set a group from a TLS ECParameters record

10
include/mbedtls/version.h
View file

@ -38,17 +38,17 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 5
#define MBEDTLS_VERSION_PATCH 1
#define MBEDTLS_VERSION_MINOR 6
#define MBEDTLS_VERSION_PATCH 0
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
#define MBEDTLS_VERSION_NUMBER 0x02050100
#define MBEDTLS_VERSION_STRING "2.5.1"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.5.1"
#define MBEDTLS_VERSION_NUMBER 0x02060000
#define MBEDTLS_VERSION_STRING "2.6.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.6.0"
#if defined(MBEDTLS_VERSION_C)

10
include/mbedtls/x509.h
View file

@ -247,12 +247,12 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se
* \note Intended usage is "if( is_past( valid_to ) ) ERROR".
* Hence the return value of 1 if on internal errors.
*
* \param time mbedtls_x509_time to check
* \param to mbedtls_x509_time to check
*
* \return 1 if the given time is in the past or an error occured,
* 0 otherwise.
*/
int mbedtls_x509_time_is_past( const mbedtls_x509_time *time );
int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
/**
* \brief Check a given mbedtls_x509_time against the system time
@ -261,12 +261,12 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *time );
* \note Intended usage is "if( is_future( valid_from ) ) ERROR".
* Hence the return value of 1 if on internal errors.
*
* \param time mbedtls_x509_time to check
* \param from mbedtls_x509_time to check
*
* \return 1 if the given time is in the future or an error occured,
* 0 otherwise.
*/
int mbedtls_x509_time_is_future( const mbedtls_x509_time *time );
int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
/**
* \brief Checkup routine
@ -295,7 +295,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
void **sig_opts );
int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
mbedtls_x509_time *time );
mbedtls_x509_time *t );
int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *serial );
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,

6
library/CMakeLists.txt
View file

@ -140,15 +140,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
set_target_properties(mbedcrypto PROPERTIES VERSION 2.5.1 SOVERSION 0)
set_target_properties(mbedcrypto PROPERTIES VERSION 2.6.0 SOVERSION 0)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
set_target_properties(mbedx509 PROPERTIES VERSION 2.5.1 SOVERSION 0)
set_target_properties(mbedx509 PROPERTIES VERSION 2.6.0 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
set_target_properties(mbedtls PROPERTIES VERSION 2.5.1 SOVERSION 10)
set_target_properties(mbedtls PROPERTIES VERSION 2.6.0 SOVERSION 10)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto

6
library/cmac.c
View file

@ -169,10 +169,10 @@ static void cmac_xor_block( unsigned char *output, const unsigned char *input1,
const unsigned char *input2,
const size_t block_size )
{
size_t index;
size_t idx;
for( index = 0; index < block_size; index++ )
output[ index ] = input1[ index ] ^ input2[ index ];
for( idx = 0; idx < block_size; idx++ )
output[ idx ] = input1[ idx ] ^ input2[ idx ];
}
/*

14
library/entropy.c
View file

@ -132,24 +132,24 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
mbedtls_entropy_f_source_ptr f_source, void *p_source,
size_t threshold, int strong )
{
int index, ret = 0;
int idx, ret = 0;
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( ret );
#endif
index = ctx->source_count;
if( index >= MBEDTLS_ENTROPY_MAX_SOURCES )
idx = ctx->source_count;
if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES )
{
ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
goto exit;
}
ctx->source[index].f_source = f_source;
ctx->source[index].p_source = p_source;
ctx->source[index].threshold = threshold;
ctx->source[index].strong = strong;
ctx->source[idx].f_source = f_source;
ctx->source[idx].p_source = p_source;
ctx->source[idx].threshold = threshold;
ctx->source[idx].strong = strong;
ctx->source_count++;

2
library/ssl_cache.c
View file

@ -138,7 +138,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
{
int ret = 1;
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t t = time( NULL ), oldest = 0;
mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0;
mbedtls_ssl_cache_entry *old = NULL;
#endif
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;

44
library/x509.c
View file

@ -496,25 +496,25 @@ static int x509_parse_int( unsigned char **p, size_t n, int *res )
return( 0 );
}
static int x509_date_is_valid(const mbedtls_x509_time *time)
static int x509_date_is_valid(const mbedtls_x509_time *t)
{
int ret = MBEDTLS_ERR_X509_INVALID_DATE;
CHECK_RANGE( 0, 9999, time->year );
CHECK_RANGE( 0, 23, time->hour );
CHECK_RANGE( 0, 59, time->min );
CHECK_RANGE( 0, 59, time->sec );
CHECK_RANGE( 0, 9999, t->year );
CHECK_RANGE( 0, 23, t->hour );
CHECK_RANGE( 0, 59, t->min );
CHECK_RANGE( 0, 59, t->sec );
switch( time->mon )
switch( t->mon )
{
case 1: case 3: case 5: case 7: case 8: case 10: case 12:
CHECK_RANGE( 1, 31, time->day );
CHECK_RANGE( 1, 31, t->day );
break;
case 4: case 6: case 9: case 11:
CHECK_RANGE( 1, 30, time->day );
CHECK_RANGE( 1, 30, t->day );
break;
case 2:
CHECK_RANGE( 1, 28 + (time->year % 4 == 0), time->day );
CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day );
break;
default:
return( ret );
@ -528,7 +528,7 @@ static int x509_date_is_valid(const mbedtls_x509_time *time)
* field.
*/
static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
mbedtls_x509_time *time )
mbedtls_x509_time *tm )
{
int ret;
@ -542,26 +542,26 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
/*
* Parse year, month, day, hour, minute
*/
CHECK( x509_parse_int( p, yearlen, &time->year ) );
CHECK( x509_parse_int( p, yearlen, &tm->year ) );
if ( 2 == yearlen )
{
if ( time->year < 50 )
time->year += 100;
if ( tm->year < 50 )
tm->year += 100;
time->year += 1900;
tm->year += 1900;
}
CHECK( x509_parse_int( p, 2, &time->mon ) );
CHECK( x509_parse_int( p, 2, &time->day ) );
CHECK( x509_parse_int( p, 2, &time->hour ) );
CHECK( x509_parse_int( p, 2, &time->min ) );
CHECK( x509_parse_int( p, 2, &tm->mon ) );
CHECK( x509_parse_int( p, 2, &tm->day ) );
CHECK( x509_parse_int( p, 2, &tm->hour ) );
CHECK( x509_parse_int( p, 2, &tm->min ) );
/*
* Parse seconds if present
*/
if ( len >= 2 )
{
CHECK( x509_parse_int( p, 2, &time->sec ) );
CHECK( x509_parse_int( p, 2, &tm->sec ) );
len -= 2;
}
else
@ -582,7 +582,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
if ( 0 != len )
return ( MBEDTLS_ERR_X509_INVALID_DATE );
CHECK( x509_date_is_valid( time ) );
CHECK( x509_date_is_valid( tm ) );
return ( 0 );
}
@ -593,7 +593,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
* generalTime GeneralizedTime }
*/
int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
mbedtls_x509_time *time )
mbedtls_x509_time *tm )
{
int ret;
size_t len, year_len;
@ -619,7 +619,7 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
if( ret != 0 )
return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
return x509_parse_time( p, len, year_len, time );
return x509_parse_time( p, len, year_len, tm );
}
int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )

8
library/x509write_crt.c
View file

@ -264,7 +264,7 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
}
static int x509_write_time( unsigned char **p, unsigned char *start,
const char *time, size_t size )
const char *t, size_t size )
{
int ret;
size_t len = 0;
@ -272,10 +272,10 @@ static int x509_write_time( unsigned char **p, unsigned char *start,
/*
* write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
*/
if( time[0] == '2' && time[1] == '0' && time [2] < '5' )
if( t[0] == '2' && t[1] == '0' && t[2] < '5' )
{
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
(const unsigned char *) time + 2,
(const unsigned char *) t + 2,
size - 2 ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) );
@ -283,7 +283,7 @@ static int x509_write_time( unsigned char **p, unsigned char *start,
else
{
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
(const unsigned char *) time,
(const unsigned char *) t,
size ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) );

27
programs/aes/aescrypt2.c
View file

@ -79,7 +79,9 @@ int main( int argc, char *argv[] )
FILE *fkey, *fin = NULL, *fout = NULL;
char *p;
unsigned char IV[16];
unsigned char tmp[16];
unsigned char key[512];
unsigned char digest[32];
unsigned char buffer[1024];
@ -123,10 +125,10 @@ int main( int argc, char *argv[] )
}
mode = atoi( argv[1] );
memset(IV, 0, sizeof(IV));
memset(key, 0, sizeof(key));
memset(digest, 0, sizeof(digest));
memset(buffer, 0, sizeof(buffer));
memset( IV, 0, sizeof( IV ) );
memset( key, 0, sizeof( key ) );
memset( digest, 0, sizeof( digest ) );
memset( buffer, 0, sizeof( buffer ) );
if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
{
@ -153,7 +155,7 @@ int main( int argc, char *argv[] )
}
/*
* Read the secret key and clean the command line.
* Read the secret key from file or command line
*/
if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
{
@ -185,8 +187,6 @@ int main( int argc, char *argv[] )
}
}
memset( argv[4], 0, strlen( argv[4] ) );
#if defined(_WIN32_WCE)
filesize = fseek( fin, 0L, SEEK_END );
#else
@ -272,7 +272,6 @@ int main( int argc, char *argv[] )
mbedtls_md_finish( &sha_ctx, digest );
}
memset( key, 0, sizeof( key ) );
mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 );
mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
@ -319,8 +318,6 @@ int main( int argc, char *argv[] )
if( mode == MODE_DECRYPT )
{
unsigned char tmp[16];
/*
* The encrypted file must be structured as follows:
*
@ -374,7 +371,6 @@ int main( int argc, char *argv[] )
mbedtls_md_finish( &sha_ctx, digest );
}
memset( key, 0, sizeof( key ) );
mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 );
mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
@ -441,6 +437,15 @@ exit:
if( fout )
fclose( fout );
/* Zeroize all command line arguments to also cover
the case when the user has missed or reordered some,
in which case the key might not be in argv[4]. */
for( i = 0; i < (unsigned int) argc; i++ )
memset( argv[i], 0, strlen( argv[i] ) );
memset( IV, 0, sizeof( IV ) );
memset( key, 0, sizeof( key ) );
memset( tmp, 0, sizeof( tmp ) );
memset( buffer, 0, sizeof( buffer ) );
memset( digest, 0, sizeof( digest ) );

17
programs/aes/crypt_and_hash.c
View file

@ -192,7 +192,7 @@ int main( int argc, char *argv[] )
}
/*
* Read the secret key and clean the command line.
* Read the secret key from file or command line
*/
if( ( fkey = fopen( argv[6], "rb" ) ) != NULL )
{
@ -224,8 +224,6 @@ int main( int argc, char *argv[] )
}
}
memset( argv[6], 0, strlen( argv[6] ) );
#if defined(_WIN32_WCE)
filesize = fseek( fin, 0L, SEEK_END );
#else
@ -303,8 +301,6 @@ int main( int argc, char *argv[] )
}
memset( key, 0, sizeof( key ) );
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
MBEDTLS_ENCRYPT ) != 0 )
{
@ -444,8 +440,6 @@ int main( int argc, char *argv[] )
mbedtls_md_finish( &md_ctx, digest );
}
memset( key, 0, sizeof( key ) );
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
MBEDTLS_DECRYPT ) != 0 )
{
@ -540,7 +534,16 @@ exit:
if( fout )
fclose( fout );
/* Zeroize all command line arguments to also cover
the case when the user has missed or reordered some,
in which case the key might not be in argv[6]. */
for( i = 0; i < argc; i++ )
memset( argv[i], 0, strlen( argv[i] ) );
memset( IV, 0, sizeof( IV ) );
memset( key, 0, sizeof( key ) );
memset( buffer, 0, sizeof( buffer ) );
memset( output, 0, sizeof( output ) );
memset( digest, 0, sizeof( digest ) );
mbedtls_cipher_free( &cipher_ctx );

4
tests/suites/test_suite_version.data
View file

@ -1,8 +1,8 @@
Check compiletime library version
check_compiletime_version:"2.5.1"
check_compiletime_version:"2.6.0"
Check runtime library version
check_runtime_version:"2.5.1"
check_runtime_version:"2.6.0"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0