1. 25 Apr, 2016 1 commit
  2. 21 Apr, 2016 1 commit
  3. 19 Apr, 2016 1 commit
  4. 15 Apr, 2016 2 commits
  5. 21 Mar, 2016 1 commit
  6. 18 Mar, 2016 1 commit
  7. 09 Mar, 2016 3 commits
  8. 07 Mar, 2016 1 commit
  9. 01 Mar, 2016 2 commits
  10. 17 Feb, 2016 1 commit
    • Janos Follath's avatar
      x509: trailing bytes in DER: fix bug · cc0e49dd
      Janos Follath authored
      Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
      buffer after DER certificates to be included in the raw representation. #377
  11. 10 Feb, 2016 1 commit
  12. 12 Jan, 2016 1 commit
    • Manuel Pégourié-Gonnard's avatar
      Revert changes done to 'make apidoc' target · c990189e
      Manuel Pégourié-Gonnard authored
      This partially reverts 1989caf7 (only the changes to Makefile and
      CMakeLists, the addition to scripts/config.pl is kept).
      Modifying config.h in the apidoc target creates a race condition with
          make -j4 all apidoc
      where some parts of the library, tests or programs could be built with the
      wrong config.h, resulting in all kinds of (semi-random) errors. Recent
      versions of CMake mitigate this by adding a .NOTPARALLEL target to the
      generated Makefile, but people would still get errors with older CMake
      versions that are still in use (eg in RHEL 5), and with plain make.
      An additional issue is that, by failing to use cp -p, the apidoc target was
      updating the timestamp on config.h, which seems to cause further build issues.
      Let's get back to the previous, safe, situation. The improved apidoc building
      will be resurrected in a script in the next commit.
      fixes #390
      fixes #391
  13. 08 Jan, 2016 1 commit
  14. 07 Jan, 2016 3 commits
  15. 04 Jan, 2016 2 commits
  16. 01 Jan, 2016 1 commit
  17. 23 Dec, 2015 1 commit
  18. 22 Dec, 2015 1 commit
  19. 16 Dec, 2015 1 commit
  20. 10 Dec, 2015 2 commits
    • Manuel Pégourié-Gonnard's avatar
      Fix wrong length limit in GCM · 1e07562d
      Manuel Pégourié-Gonnard authored
      See for example page 8 of
      The previous constant probably came from a typo as it was 2^26 - 2^5 instead
      of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than
      2^32 as the ull suffix and cast to uint64_t show.
      fixes #362
    • Manuel Pégourié-Gonnard's avatar
      Fix potential double free in cert writing code · 97b5209b
      Manuel Pégourié-Gonnard authored
      In case an entry with the given OID already exists in the list passed to
      mbedtls_asn1_store_named_data() and there is not enough memory to allocate
      room for the new value, the existing entry will be freed but the preceding
      entry in the list will sill hold a pointer to it. (And the following entries
      in the list are no longer reachable.) This results in memory leak or a double
      The issue is we want to leave the list in a consistent state on allocation
      failure. (We could add a warning that the list is left in inconsistent state
      when the function returns NULL, but behaviour changes that require more care
      from the user are undesirable, especially in a stable branch.)
      The chosen solution is a bit inefficient in that there is a time where both
      blocks are allocated, but at least it's safe and this should trump efficiency
      here: this code is only used for generating certificates, which is unlikely to
      be done on very constrained devices, or to be in the critical loop of
      anything. Also, the sizes involved should be fairly small anyway.
      fixes #367
  21. 08 Dec, 2015 1 commit
  22. 04 Dec, 2015 1 commit
  23. 19 Nov, 2015 1 commit
    • Manuel Pégourié-Gonnard's avatar
      Fix bug checking pathlen on first intermediate · f4569b14
      Manuel Pégourié-Gonnard authored
      Remove check on the pathLenConstraint value when looking for a parent to the
      EE cert, as the constraint is on the number of intermediate certs below the
      parent, and that number is always 0 at that point, so the constraint is always
      The check was actually off-by-one, which caused valid chains to be rejected
      under the following conditions:
      - the parent certificate is not a trusted root, and
      - it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)
      fixes #280
  24. 04 Nov, 2015 1 commit
  25. 03 Nov, 2015 1 commit
  26. 01 Nov, 2015 1 commit
  27. 30 Oct, 2015 1 commit
  28. 27 Oct, 2015 1 commit
  29. 23 Oct, 2015 4 commits