mbedtls/library at 81d4e899a4eee9e1f1a2d794dbe70a83b4a7be9a - mbedtls - Gitea: Git with a cup of tea

mirror/mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-10 06:44:28 +00:00

History

Gilles Peskine 81d4e899a4 Don't rely on private key metadata in SSL

In SSL, don't use mbedtls_pk_ec or mbedtls_pk_rsa on a private
signature or decryption key (as opposed to a public key or a key used
for DH/ECDH). Extract the data (it's the same data) from the public
key object instead. This way the code works even if the private key is
opaque or if there is no private key object at all.

Specifically, with an EC key, when checking whether the curve in a
server key matches the handshake parameters, rely only on the offered
certificate and not on the metadata of the private key.

2018-04-24 09:26:03 +02:00

..

.gitignore

Split libs with make + general make cleanups

2015-06-25 10:59:56 +02:00

aes.c

Merge remote-tracking branch 'upstream-public/pr/964' into development

2018-01-02 16:24:29 +01:00

aesni.c

Fix build errors on x32 by using the generic 'add' instruction

2016-05-23 14:29:28 +01:00

arc4.c

Adds casts to zeroize functions to allow building as C++

2016-05-23 14:29:32 +01:00

asn1parse.c

Fix 1 byte overread in mbedtls_asn1_get_int()

2016-10-13 13:54:14 +01:00

asn1write.c

Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths

2016-08-25 15:42:27 +01:00

base64.c

Add comment to integer overflow fix in base64.c

2017-02-15 23:31:07 +02:00

bignum.c

Merge remote-tracking branch 'hanno/mpi_read_file_underflow' into development

2017-06-08 19:48:03 +02:00

blowfish.c

Adds casts to zeroize functions to allow building as C++

2016-05-23 14:29:32 +01:00

camellia.c

Address user reported coverity issues.

2016-06-07 14:52:35 +01:00

ccm.c

Allow alternate core implementation of CCM

2017-04-04 11:37:15 +02:00

certs.c

Undo API change from SHA1 deprecation

2017-07-27 21:44:33 +01:00

cipher_wrap.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

cipher.c

Fix integer overflows in buffer bound checks

2017-02-15 23:31:07 +02:00

cmac.c

Merge remote-tracking branch 'upstream-public/pr/866' into development

2018-01-02 15:55:55 +01:00

CMakeLists.txt

Update version number to 2.6.0

2017-08-10 11:51:16 +01:00

ctr_drbg.c

Fix integer overflows in buffer bound checks

2017-02-15 23:31:07 +02:00

debug.c

Fix compiler warning in debug.c

2017-02-15 09:08:26 +00:00

des.c

Adds casts to zeroize functions to allow building as C++

2016-05-23 14:29:32 +01:00

dhm.c

Check return code of mbedtls_mpi_fill_random

2017-07-27 21:44:33 +01:00

ecdh.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

ecdsa.c

Add checks for private parameter in mbedtls_ecdsa_sign()

2017-11-17 17:09:17 +00:00

ecjpake.c

Fix potential stack buffer overflow in ecjpake

2015-10-20 16:20:56 +02:00

ecp_curves.c

ECP: Add module and function level replacement options.

2017-05-11 22:42:14 +01:00

ecp.c

Check return code of mbedtls_mpi_fill_random

2017-07-27 21:44:33 +01:00

entropy_poll.c

Renames null entropy source function for clarity

2016-06-12 00:31:33 +01:00

entropy.c

Merge branch 'pr_1025' into development

2017-11-28 18:23:53 +01:00

error.c

Merge remote-tracking branch 'upstream-public/pr/964' into development

2018-01-02 16:24:29 +01:00

gcm.c

Merge remote-tracking branch 'upstream-public/pr/964' into development

2018-01-02 16:24:29 +01:00

havege.c

Fixes warnings found by Clang static analyser

2016-05-23 23:18:26 +01:00

hmac_drbg.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

Makefile

Added cmac.o to libary/Makefile

2016-10-13 13:51:09 +01:00

md2.c

Fix integer overflows in buffer bound checks

2017-02-15 23:31:07 +02:00

md4.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

md5.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

md_wrap.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

md.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

memory_buffer_alloc.c

Fixes memory leak in memory_buffer_alloc.c debug

2016-05-23 14:29:29 +01:00

net_sockets.c

Merge remote-tracking branch 'upstream-public/pr/895' into development

2017-11-29 20:49:21 +01:00

oid.c

Removing in compile time unused entries from oid_ecp_grp list

2016-09-04 15:14:38 +01:00

padlock.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

pem.c

Add missing ret code checks in PEM module

2017-05-30 16:40:36 +01:00

pk_wrap.c

Change PK module preprocessor check on word size

2017-08-04 13:32:15 +01:00

pk.c

Change PK module preprocessor check on word size

2017-08-04 13:32:15 +01:00

pkcs5.c

Fix output of PKCS#5 and RIPEMD-160 self tests

2016-08-25 16:36:35 +01:00

pkcs11.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

pkcs12.c

Shut up a few clang-analyze warnings about use of uninitialized variables

2016-05-23 14:29:28 +01:00

pkparse.c

Fix build without MBEDTLS_FS_IO

2017-11-30 12:03:27 +01:00

pkwrite.c

Fix other occurrences of same bounds check issue

2015-10-21 12:50:45 +02:00

platform.c

Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT

2017-07-27 21:44:33 +01:00

ripemd160.c

Fix output of PKCS#5 and RIPEMD-160 self tests

2016-08-25 16:36:35 +01:00

rsa.c

Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-restricted' into development-restricted

2017-06-08 20:31:06 +02:00

sha1.c

Adds casts to zeroize functions to allow building as C++

2016-05-23 14:29:32 +01:00

sha256.c

Use allocated memory for SHA self tests

2016-10-13 15:10:14 +01:00

sha512.c

Use allocated memory for SHA self tests

2016-10-13 15:10:14 +01:00

ssl_cache.c

Address PR review comments

2017-10-29 17:53:52 +02:00

ssl_ciphersuites.c

Undo API change

2017-07-27 21:44:33 +01:00

ssl_cli.c

Merge remote-tracking branch 'upstream-public/pr/1141' into development

2017-11-29 20:50:59 +01:00

ssl_cookie.c

Fix resource leak when using mutex and ssl_cookie

2017-03-02 12:26:11 +00:00

ssl_srv.c

Don't rely on private key metadata in SSL

2018-04-24 09:26:03 +02:00

ssl_ticket.c

Puts platform time abstraction into its own header

2016-07-13 14:46:18 +01:00

ssl_tls.c

Merge remote-tracking branch 'upstream-public/pr/1141' into development

2017-11-29 20:50:59 +01:00

threading.c

Remove mutexes from ECP hardware acceleration

2017-07-27 21:44:32 +01:00

timing.c

Timing self test: shorten redundant tests

2017-12-20 22:31:17 +01:00

version_features.c

Merge remote-tracking branch 'upstream-public/pr/1097' into development

2018-01-02 16:09:15 +01:00

version.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00

x509_create.c

Fix other occurrences of same bounds check issue

2015-10-21 12:50:45 +02:00

x509_crl.c

Fix potential integer overflow parsing DER CRL

2017-07-27 21:44:34 +01:00

x509_crt.c

Fix potential integer overflow parsing DER CRT

2017-07-27 21:44:34 +01:00

x509_csr.c

Prevent signed integer overflow in CSR parsing

2017-07-27 21:44:34 +01:00

x509.c

Correctly handle leap year in x509_date_is_valid()

2017-10-12 23:21:37 +01:00

x509write_crt.c

Clarify code-paths in x509write_csr and x509write_crt

2017-09-22 16:05:43 +01:00

x509write_csr.c

Clarify code-paths in x509write_csr and x509write_crt

2017-09-22 16:05:43 +01:00

xtea.c

Change main license to Apache 2.0

2015-09-04 14:21:07 +02:00