TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-23 04:31:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
858880686ebe4919b7c433c7a0d96c19ad47740c
mbedtls/library
History
Gilles Peskine 858880686e Don't rely on private key metadata in SSL 
When checking whether a server key matches the handshake parameters,
rely only on the offered certificate and not on the metadata of the
private key. Specifically, with an EC key, check the curve in the
certificate rather than in the associated private key.

This was the only place in the SSL module where mbedtls_pk_ec or
mbedtls_pk_rsa was called to access a private signature or decryption
key (as opposed to a public key or a key used for DH/ECDH).
2018-01-22 07:51:24 -05:00
..
.gitignore
Split libs with make + general make cleanups
2015-06-25 10:59:56 +02:00
aes.c
Merge remote-tracking branch 'upstream-public/pr/964' into development
2018-01-02 16:24:29 +01:00
aesni.c
Fix build errors on x32 by using the generic 'add' instruction
2016-05-23 14:29:28 +01:00
arc4.c
Adds casts to zeroize functions to allow building as C++
2016-05-23 14:29:32 +01:00
asn1parse.c
Fix 1 byte overread in mbedtls_asn1_get_int()
2016-10-13 13:54:14 +01:00
asn1write.c
Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths
2016-08-25 15:42:27 +01:00
base64.c
Add comment to integer overflow fix in base64.c
2017-02-15 23:31:07 +02:00
bignum.c
Merge remote-tracking branch 'hanno/mpi_read_file_underflow' into development
2017-06-08 19:48:03 +02:00
blowfish.c
Adds casts to zeroize functions to allow building as C++
2016-05-23 14:29:32 +01:00
camellia.c
Address user reported coverity issues.
2016-06-07 14:52:35 +01:00
ccm.c
Allow alternate core implementation of CCM
2017-04-04 11:37:15 +02:00
certs.c
Undo API change from SHA1 deprecation
2017-07-27 21:44:33 +01:00
cipher_wrap.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
cipher.c
Fix integer overflows in buffer bound checks
2017-02-15 23:31:07 +02:00
cmac.c
Merge remote-tracking branch 'upstream-public/pr/866' into development
2018-01-02 15:55:55 +01:00
CMakeLists.txt
Merge branch 'development' into iotssl-1619
2017-12-22 10:24:32 +00:00
ctr_drbg.c
Fix integer overflows in buffer bound checks
2017-02-15 23:31:07 +02:00
debug.c
Fix compiler warning in debug.c
2017-02-15 09:08:26 +00:00
des.c
Adds casts to zeroize functions to allow building as C++
2016-05-23 14:29:32 +01:00
dhm.c
Check return code of mbedtls_mpi_fill_random
2017-07-27 21:44:33 +01:00
ecdh.c
Address PR cpomments reviews
2017-10-10 19:04:27 +03:00
ecdsa.c
Merge remote-tracking branch 'upstream-public/pr/1027' into development
2018-01-09 10:42:03 +00:00
ecjpake.c
Fix potential stack buffer overflow in ecjpake
2015-10-20 16:20:56 +02:00
ecp_curves.c
ECP: Add module and function level replacement options.
2017-05-11 22:42:14 +01:00
ecp.c
Check return code of mbedtls_mpi_fill_random
2017-07-27 21:44:33 +01:00
entropy_poll.c
Renames null entropy source function for clarity
2016-06-12 00:31:33 +01:00
entropy.c
Merge branch 'pr_1025' into development
2017-11-28 18:23:53 +01:00
error.c
Merge remote-tracking branch 'upstream-public/pr/964' into development
2018-01-02 16:24:29 +01:00
gcm.c
Merge remote-tracking branch 'upstream-public/pr/964' into development
2018-01-02 16:24:29 +01:00
havege.c
Fixes warnings found by Clang static analyser
2016-05-23 23:18:26 +01:00
hmac_drbg.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
Makefile
Introduce new files rsa_internal.[ch] for RSA helper functions
2017-10-11 11:00:19 +01:00
md2.c
Fix integer overflows in buffer bound checks
2017-02-15 23:31:07 +02:00
md4.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
md5.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
md_wrap.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
md.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
memory_buffer_alloc.c
Fixes memory leak in memory_buffer_alloc.c debug
2016-05-23 14:29:29 +01:00
net_sockets.c
Merge remote-tracking branch 'upstream-public/pr/895' into development
2017-11-29 20:49:21 +01:00
oid.c
Removing in compile time unused entries from oid_ecp_grp list
2016-09-04 15:14:38 +01:00
padlock.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
pem.c
Add missing ret code checks in PEM module
2017-05-30 16:40:36 +01:00
pk_wrap.c
Merge branch 'development' into iotssl-1619
2017-12-22 10:24:32 +00:00
pk.c
Change PK module preprocessor check on word size
2017-08-04 13:32:15 +01:00
pkcs5.c
Fix output of PKCS#5 and RIPEMD-160 self tests
2016-08-25 16:36:35 +01:00
pkcs11.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
pkcs12.c
Shut up a few clang-analyze warnings about use of uninitialized variables
2016-05-23 14:29:28 +01:00
pkparse.c
Preserve old behavior by checking public key in RSA parsing function
2018-01-05 08:08:09 +00:00
pkwrite.c
Adapt PK test suite to use new interface
2017-08-23 16:17:27 +01:00
platform.c
Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT
2017-07-27 21:44:33 +01:00
ripemd160.c
Fix output of PKCS#5 and RIPEMD-160 self tests
2016-08-25 16:36:35 +01:00
rsa_internal.c
Add explicit type cast to avoid truncation warning
2018-01-03 09:27:40 +00:00
rsa.c
Add explicit uint truncation casts
2018-01-15 15:27:56 +00:00
sha1.c
Adds casts to zeroize functions to allow building as C++
2016-05-23 14:29:32 +01:00
sha256.c
Use allocated memory for SHA self tests
2016-10-13 15:10:14 +01:00
sha512.c
Use allocated memory for SHA self tests
2016-10-13 15:10:14 +01:00
ssl_cache.c
Address PR review comments
2017-10-29 17:53:52 +02:00
ssl_ciphersuites.c
Undo API change
2017-07-27 21:44:33 +01:00
ssl_cli.c
Merge remote-tracking branch 'upstream-public/pr/1141' into development
2017-11-29 20:50:59 +01:00
ssl_cookie.c
Fix resource leak when using mutex and ssl_cookie
2017-03-02 12:26:11 +00:00
ssl_srv.c
Don't rely on private key metadata in SSL
2018-01-22 07:51:24 -05:00
ssl_ticket.c
Puts platform time abstraction into its own header
2016-07-13 14:46:18 +01:00
ssl_tls.c
Merge remote-tracking branch 'upstream-public/pr/1141' into development
2017-11-29 20:50:59 +01:00
threading.c
Remove mutexes from ECP hardware acceleration
2017-07-27 21:44:32 +01:00
timing.c
Timing self test: shorten redundant tests
2017-12-20 22:31:17 +01:00
version_features.c
Merge remote-tracking branch 'upstream-public/pr/1060' into development
2018-01-09 12:20:54 +00:00
version.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00
x509_create.c
Fix other occurrences of same bounds check issue
2015-10-21 12:50:45 +02:00
x509_crl.c
Fix potential integer overflow parsing DER CRL
2017-07-27 21:44:34 +01:00
x509_crt.c
Fix potential integer overflow parsing DER CRT
2017-07-27 21:44:34 +01:00
x509_csr.c
Prevent signed integer overflow in CSR parsing
2017-07-27 21:44:34 +01:00
x509.c
Correctly handle leap year in x509_date_is_valid()
2017-10-12 23:21:37 +01:00
x509write_crt.c
Clarify code-paths in x509write_csr and x509write_crt
2017-09-22 16:05:43 +01:00
x509write_csr.c
Clarify code-paths in x509write_csr and x509write_crt
2017-09-22 16:05:43 +01:00
xtea.c
Change main license to Apache 2.0
2015-09-04 14:21:07 +02:00