Log - 31f6e372e6ff7c67c89ca2dd9ddb44d17f734ec6 - mirror/mbed-tls.git

22a59fd Remove indicators and warnings about unfinished CID implementation by Hanno Becker · 6 years ago
05154c3 Re-enable passing CIDs to record transforms by Hanno Becker · 6 years ago
16ded98 Don't fail on record with unexpected CID by Hanno Becker · 6 years ago
938489a Re-enable CID comparison when decrypting CID-based records by Hanno Becker · 6 years ago
ca59c2b Implement parsing of CID-based records by Hanno Becker · 6 years ago
6430faf Adapt record encryption/decryption routines to change of record type by Hanno Becker · 6 years ago
f9c6a4b Add pointers to in/out CID fields to mbedtls_ssl_context by Hanno Becker · 6 years ago
6cbad55 Account for additional record expansion when using CIDs by Hanno Becker · 6 years ago
ad4a137 Add CID configuration API by Hanno Becker · 6 years ago
5903de4 Split mbedtls_ssl_hdr_len() in separate functions for in/out records by Hanno Becker · 6 years ago
f661c9c Add helper function to check validity of record content type by Hanno Becker · 6 years ago
37ae952 Move dropping of unexpected AD records to after record decryption by Hanno Becker · 6 years ago
79594fd Set pointer to start of plaintext at record decryption time by Hanno Becker · 6 years ago
82e2a39 Treat an invalid record after decryption as fatal by Hanno Becker · 6 years ago
6e7700d Expain rationale for handling of consecutive empty AD records by Hanno Becker · 6 years ago
76a79ab Don't allow calling CID API outside of DTLS by Hanno Becker · 6 years ago
95e4bbc Fix additional data calculation if CID is disabled by Hanno Becker · 6 years ago
af05ac0 Remove unnecessary empty line in ssl_tls.c by Hanno Becker · 6 years ago
07dc97d Don't quote DTLSInnerPlaintext structure multiple times by Hanno Becker · 6 years ago
d3f8c79 Improve wording in ssl_build_inner_plaintext() by Hanno Becker · 6 years ago
edb24f8 Remove unnecessary whitespace in ssl_extract_add_data_from_record() by Hanno Becker · 6 years ago
92fb4fa Reduce stack usage for additional data buffers in record dec/enc by Hanno Becker · 6 years ago
c4a190b Add length of CID to additional data used for record protection by Hanno Becker · 6 years ago
d5aeab1 Improve documentation of ssl_extract_add_data_from_record() by Hanno Becker · 6 years ago
43c24b8 Fix missing compile-time guards around CID-only constants by Hanno Becker · 6 years ago
f44e55d Remove TODO by Hanno Becker · 6 years ago
75f080f Use MBEDTLS_ namespace for internal CID length constant by Hanno Becker · 6 years ago
8a7f972 Skip copying CIDs to SSL transforms until CID feature is complete by Hanno Becker · 6 years ago
8b3eb5a Implement inner plaintext parsing/writing for CID-based connections by Hanno Becker · 6 years ago
cab87e6 Incorporate CID into MAC computations during record protection by Hanno Becker · 6 years ago
1c1f046 Replace 'ingoing' -> 'incoming' in CID debug messages by Hanno Becker · 6 years ago
c5f2422 Document behaviour of mbedtls_ssl_get_peer_cid() for empty CIDs by Hanno Becker · 6 years ago
b7ee0cf Make integer truncation explicit in mbedtls_ssl_set_cid() by Hanno Becker · 6 years ago
b1f89cd Implement mbedtls_ssl_get_peer_cid() by Hanno Becker · 6 years ago
4bf7465 Copy CIDs into SSL transform if use of CID has been negotiated by Hanno Becker · 6 years ago
ca09224 Allow configuring own CID fields through mbedtls_ssl_get_peer_cid() by Hanno Becker · 6 years ago
35c36a6 Guard CID implementations by MBEDTLS_SSL_CID by Hanno Becker · 6 years ago
f1f9a82 Add warnings about status of implementation of CID API by Hanno Becker · 6 years ago
f8542cf Add dummy implementations for CID API by Hanno Becker · 6 years ago
45be3d8 Fix compile guard for static function in ssl by Manuel Pégourié-Gonnard · 6 years ago
d2f25f7 Fix missing tls version test failures by Ron Eldor · 6 years ago
0810f0b Fix typo by Ron Eldor · 6 years ago
cf28009 Add function to retrieve the tls_prf type by Ron Eldor · 6 years ago
51d3ab5 Add public API for tls_prf by Ron Eldor · 6 years ago
b7fd64c Add eap-tls key derivation in the examples. by Ron Eldor · 6 years ago
f5cc10d Add an extra key export function by Ron Eldor · 6 years ago
3b35085 Have the temporary buffer allocated dynamically by Ron Eldor · 6 years ago
a9f9a73 Zeroize secret data in the exit point by Ron Eldor · 6 years ago
e699270 Add a single exit point in key derivation function by Ron Eldor · 6 years ago
1f10d76 Fix uninitialized variable access in debug output of record enc/dec by Hanno Becker · 6 years ago
22bf145 Adapt PSA code to ssl_transform changes by Hanno Becker · 6 years ago
78f839d Adapt record length value after encryption by Hanno Becker · 6 years ago
b2ca87d Rename ssl_decrypt_buf() to mbedtls_ssl_decrypt_buf() in comment by Hanno Becker · 7 years ago
29800d2 Double check that record expansion is as expected during decryption by Hanno Becker · 7 years ago
1c0c37f Move debugging output after record decryption by Hanno Becker · 7 years ago
a18d132 Add tests for record encryption/decryption by Hanno Becker · 8 years ago
d56ed24 Reduce size of `ssl_transform` if no MAC ciphersuite is enabled by Hanno Becker · 8 years ago
8031d06 Remove code from `ssl_derive_keys` if relevant modes are not enabled by Hanno Becker · 8 years ago
2e24c3b Provide standalone version of `ssl_decrypt_buf` by Hanno Becker · 8 years ago
9eddaeb Provide standalone version of `ssl_encrypt_buf` by Hanno Becker · 8 years ago
52344c2 Correct space needed for MAC in case of NULL cipher by Hanno Becker · 8 years ago
e694c3e Remove ciphersuite_info from ssl_transform by Hanno Becker · 8 years ago
88aaf65 Remove key length field from ssl_transform by Hanno Becker · 8 years ago
7a1c4eb Merge remote-tracking branch 'origin/pr/2567' into development by Jaeden Amero · 6 years ago
fe71067 Merge remote-tracking branch 'origin/pr/2539' into development by Jaeden Amero · 6 years ago
4c8c7aa Don't use debug level 1 for informational messages by Hanno Becker · 6 years ago
efb440a Add test exercising context-specific CRT callback to ssl-opt.sh by Hanno Becker · 6 years ago
8927c83 Implement context-specific verification callbacks by Hanno Becker · 6 years ago
9822c0d Fix name to function call by Jarno Lamsa · 6 years ago
afd0b0a Make use of CA callback if present when verifying peer CRT chain by Hanno Becker · 6 years ago
5adaad9 Add X.509 CA callback to SSL configuration and implement setter API by Hanno Becker · 6 years ago
84d9d27 Fix unused variable warning in ssl_parse_certificate_coordinate() by Hanno Becker · 6 years ago
353a6f0 Fix typo in documentation of ssl_parse_certificate_chain() by Hanno Becker · 6 years ago
accc599 Set peer CRT length only after successful allocation by Hanno Becker · 6 years ago
3acc9b9 Remove question in comment about verify flags on cli vs. server by Hanno Becker · 6 years ago
6b8fbab Free peer CRT chain immediately after verifying it by Hanno Becker · 6 years ago
0056eab Parse peer's CRT chain in-place from the input buffer by Hanno Becker · 6 years ago
b9d4479 Correct compile-time guards for ssl_clear_peer_cert() by Hanno Becker · 6 years ago
e682457 Guard mbedtls_ssl_get_peer_cert() by new compile-time option by Hanno Becker · 6 years ago
b6c5eca Adapt mbedtls_ssl_parse_certificate() to removal of peer_cert field by Hanno Becker · 6 years ago
13c327d Adapt ssl_clear_peer_cert() to removal of `peer_cert` field by Hanno Becker · 6 years ago
6d1986e Adapt mbedtls_ssl_session_copy() to removal of `peer_cert` field by Hanno Becker · 6 years ago
a274753 Make a copy of peer's raw public key after verifying its CRT chain by Hanno Becker · 6 years ago
7517312 Add field for peer's raw public key to TLS handshake param structure by Hanno Becker · 6 years ago
3dad311 Parse and verify peer CRT chain in local variable by Hanno Becker · 6 years ago
177475a Mitigate triple handshake attack by comparing digests only by Hanno Becker · 6 years ago
6bbd94c Compute digest of peer's end-CRT in mbedtls_ssl_parse_certificate() by Hanno Becker · 6 years ago
9198ad1 Extend mbedtls_ssl_session by buffer holding peer CRT digest by Hanno Becker · 6 years ago
52055ae Give ssl_session_copy() external linkage by Hanno Becker · 6 years ago
c7bd780 Allow passing any X.509 CRT chain to ssl_parse_certificate_chain() by Hanno Becker · 6 years ago
6863619 Introduce helper function for peer CRT chain verification by Hanno Becker · 6 years ago
fcd9e71 Don't progress TLS state machine on peer CRT chain parsing error by Hanno Becker · 6 years ago
28f2fcd Add helper function to check whether a CRT msg is expected by Hanno Becker · 6 years ago
7177a88 Introduce helper function to determine whether suite uses server CRT by Hanno Becker · 6 years ago
2148993 Use helper macro to detect whether some ciphersuite uses CRTs by Hanno Becker · 6 years ago
6bdfab2 Unify state machine update in mbedtls_ssl_parse_certificate() by Hanno Becker · 6 years ago
7a955a0 Clear peer's CRT chain outside before parsing new one by Hanno Becker · 6 years ago
4a55f63 Introduce helper to check for no-CRT notification from client by Hanno Becker · 6 years ago
a028c5b Introduce CRT counter to CRT chain parsing function by Hanno Becker · 6 years ago
1294a0b Introduce helper function to clear peer CRT from session structure by Hanno Becker · 6 years ago