1. 09 Mar, 2016 8 commits
  2. 07 Mar, 2016 1 commit
  3. 01 Mar, 2016 2 commits
  4. 10 Feb, 2016 1 commit
  5. 12 Jan, 2016 1 commit
    • Manuel Pégourié-Gonnard's avatar
      Revert changes done to 'make apidoc' target · c990189e
      Manuel Pégourié-Gonnard authored
      This partially reverts 1989caf7 (only the changes to Makefile and
      CMakeLists, the addition to scripts/config.pl is kept).
      Modifying config.h in the apidoc target creates a race condition with
          make -j4 all apidoc
      where some parts of the library, tests or programs could be built with the
      wrong config.h, resulting in all kinds of (semi-random) errors. Recent
      versions of CMake mitigate this by adding a .NOTPARALLEL target to the
      generated Makefile, but people would still get errors with older CMake
      versions that are still in use (eg in RHEL 5), and with plain make.
      An additional issue is that, by failing to use cp -p, the apidoc target was
      updating the timestamp on config.h, which seems to cause further build issues.
      Let's get back to the previous, safe, situation. The improved apidoc building
      will be resurrected in a script in the next commit.
      fixes #390
      fixes #391
  6. 08 Jan, 2016 1 commit
  7. 07 Jan, 2016 3 commits
  8. 04 Jan, 2016 2 commits
  9. 01 Jan, 2016 1 commit
  10. 23 Dec, 2015 1 commit
  11. 22 Dec, 2015 1 commit
  12. 16 Dec, 2015 1 commit
  13. 10 Dec, 2015 2 commits
    • Manuel Pégourié-Gonnard's avatar
      Fix wrong length limit in GCM · 1e07562d
      Manuel Pégourié-Gonnard authored
      See for example page 8 of
      The previous constant probably came from a typo as it was 2^26 - 2^5 instead
      of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than
      2^32 as the ull suffix and cast to uint64_t show.
      fixes #362
    • Manuel Pégourié-Gonnard's avatar
      Fix potential double free in cert writing code · 97b5209b
      Manuel Pégourié-Gonnard authored
      In case an entry with the given OID already exists in the list passed to
      mbedtls_asn1_store_named_data() and there is not enough memory to allocate
      room for the new value, the existing entry will be freed but the preceding
      entry in the list will sill hold a pointer to it. (And the following entries
      in the list are no longer reachable.) This results in memory leak or a double
      The issue is we want to leave the list in a consistent state on allocation
      failure. (We could add a warning that the list is left in inconsistent state
      when the function returns NULL, but behaviour changes that require more care
      from the user are undesirable, especially in a stable branch.)
      The chosen solution is a bit inefficient in that there is a time where both
      blocks are allocated, but at least it's safe and this should trump efficiency
      here: this code is only used for generating certificates, which is unlikely to
      be done on very constrained devices, or to be in the critical loop of
      anything. Also, the sizes involved should be fairly small anyway.
      fixes #367
  14. 08 Dec, 2015 1 commit
  15. 04 Dec, 2015 1 commit
  16. 19 Nov, 2015 1 commit
    • Manuel Pégourié-Gonnard's avatar
      Fix bug checking pathlen on first intermediate · f4569b14
      Manuel Pégourié-Gonnard authored
      Remove check on the pathLenConstraint value when looking for a parent to the
      EE cert, as the constraint is on the number of intermediate certs below the
      parent, and that number is always 0 at that point, so the constraint is always
      The check was actually off-by-one, which caused valid chains to be rejected
      under the following conditions:
      - the parent certificate is not a trusted root, and
      - it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)
      fixes #280
  17. 04 Nov, 2015 1 commit
  18. 03 Nov, 2015 1 commit
  19. 01 Nov, 2015 1 commit
  20. 30 Oct, 2015 1 commit
  21. 27 Oct, 2015 1 commit
  22. 23 Oct, 2015 4 commits
  23. 21 Oct, 2015 3 commits