Commit graph

31 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 5220781b98 Fix missing include in some files
Add it in all files that use mbedtls_plaform_memset() but didn't already
include platfom_util.h.

In some configurations it just happened to work, either because it was
included indirectly or because the part of the code that used that function
was disabled, but it some configurations it broke, so let's fix it properly.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard 7a346b866c Replace memset() with mbedtls_platform_memset()
Steps:

1. sed -i 's/\bmemset(\([^)]\)/mbedtls_platform_memset(\1/g' library/*.c tinycrypt/*.c include/mbedtls/*.h scripts/data_files/*.fmt

2. Manually edit library/platform_util.c to revert to memset() in the
implementations of mbedtls_platform_memset() and mbedtls_platform_memcpy()

3. egrep -n '\<memset\>' library/*.c include/mbedtls/*.h tinycrypt/*.c
The remaining occurrences are in three categories:
    a. From point 2 above.
    b. In comments.
    c. In the initialisation of memset_func, to be changed in a future commit.
2019-10-22 10:03:07 +02:00
Hanno Becker a5cedbcd3f Introduce MD handle type
As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type

  mbedtls_md_info const *

whose valid values represent implementations of message digest algorithms.

Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.

This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.

The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.
2019-09-09 09:45:57 +01:00
Manuel Pégourié-Gonnard 37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard 6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard 3a89559d71 Fix compile errors in pkcs11.c 2015-05-27 17:09:21 +02:00
Manuel Pégourié-Gonnard 7551cb9ee9 Replace malloc with calloc
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard eab147c4d0 Rename pkcs11_xxx_init() to bind() 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard 2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard 7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Rich Evans 00ab47026b cleanup library and some basic tests. Includes, add guards to includes 2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard 860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard 085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard 9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard 19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard 967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Paul Bakker 66d5d076f7 Fix formatting in various code to match spacing from coding style 2014-06-17 17:06:47 +02:00
Paul Bakker d8bb82665e Fix code styling for return statements 2014-06-17 14:06:49 +02:00
Paul Bakker b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Paul Bakker 4ffcd2f9c3 Typo in PKCS#11 module 2014-04-25 11:44:12 +02:00
Paul Bakker db1f05985e Add a check for buffer overflow to pkcs11_sign()
pkcs11_sign() reuses *sig to store the header and hash, but those might
be larger than the actual sig, causing a buffer overflow.

An overflow can occur when using raw sigs with hashlen > siglen, or when
the RSA key is less than 664 bits long (or less when using hashes
shorter than SHA512)

As siglen is always within the 'low realm' < 32k, an overflow of asnlen
+ hashlen is not possible.
2014-03-26 15:14:21 +01:00
Paul Bakker 7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Steffan Karger 28d81a009c Fix pkcs11.c to conform to PolarSSL 1.3 API.
This restores previous functionality, and thus still allows only RSA to be
used through PKCS#11.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Paul Bakker <p.j.bakker@polarssl.org>
2013-11-20 16:13:27 +01:00
Paul Bakker c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker 6e339b52e8 Memory-allocation abstraction layer and buffer-based allocator added 2013-07-03 17:22:31 +02:00
Paul Bakker 9a73632fd9 - Merged changesets 1399 up to and including 1415 into 1.2 branch 2012-11-14 12:39:52 +00:00
Paul Bakker 23986e5d5d - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops 2011-04-24 08:57:21 +00:00
Paul Bakker d61e7d98cb - Cleaned up warning-generating code 2011-01-18 16:17:47 +00:00
Paul Bakker 43b7e35b25 - Support for PKCS#11 through the use of the pkcs11-helper library 2011-01-18 15:27:19 +00:00