TrustedFirmware Git Browser
Code Review
Sign In
review.trustedfirmware.org
/
mirror
/
mbed-tls.git
/
dbbd96652ceff314a45f23be40b3820dbd540347
/
library
/
ssl_tls.c
1f10d76
Fix uninitialized variable access in debug output of record enc/dec
by Hanno Becker
· 6 years ago
22bf145
Adapt PSA code to ssl_transform changes
by Hanno Becker
· 6 years ago
78f839d
Adapt record length value after encryption
by Hanno Becker
· 6 years ago
b2ca87d
Rename ssl_decrypt_buf() to mbedtls_ssl_decrypt_buf() in comment
by Hanno Becker
· 7 years ago
29800d2
Double check that record expansion is as expected during decryption
by Hanno Becker
· 7 years ago
1c0c37f
Move debugging output after record decryption
by Hanno Becker
· 7 years ago
a18d132
Add tests for record encryption/decryption
by Hanno Becker
· 8 years ago
d56ed24
Reduce size of `ssl_transform` if no MAC ciphersuite is enabled
by Hanno Becker
· 8 years ago
8031d06
Remove code from `ssl_derive_keys` if relevant modes are not enabled
by Hanno Becker
· 8 years ago
2e24c3b
Provide standalone version of `ssl_decrypt_buf`
by Hanno Becker
· 8 years ago
9eddaeb
Provide standalone version of `ssl_encrypt_buf`
by Hanno Becker
· 8 years ago
52344c2
Correct space needed for MAC in case of NULL cipher
by Hanno Becker
· 8 years ago
e694c3e
Remove ciphersuite_info from ssl_transform
by Hanno Becker
· 8 years ago
88aaf65
Remove key length field from ssl_transform
by Hanno Becker
· 8 years ago
7a1c4eb
Merge remote-tracking branch 'origin/pr/2567' into development
by Jaeden Amero
· 6 years ago
fe71067
Merge remote-tracking branch 'origin/pr/2539' into development
by Jaeden Amero
· 6 years ago
4c8c7aa
Don't use debug level 1 for informational messages
by Hanno Becker
· 6 years ago
efb440a
Add test exercising context-specific CRT callback to ssl-opt.sh
by Hanno Becker
· 6 years ago
8927c83
Implement context-specific verification callbacks
by Hanno Becker
· 6 years ago
9822c0d
Fix name to function call
by Jarno Lamsa
· 6 years ago
afd0b0a
Make use of CA callback if present when verifying peer CRT chain
by Hanno Becker
· 6 years ago
5adaad9
Add X.509 CA callback to SSL configuration and implement setter API
by Hanno Becker
· 6 years ago
84d9d27
Fix unused variable warning in ssl_parse_certificate_coordinate()
by Hanno Becker
· 6 years ago
353a6f0
Fix typo in documentation of ssl_parse_certificate_chain()
by Hanno Becker
· 6 years ago
accc599
Set peer CRT length only after successful allocation
by Hanno Becker
· 6 years ago
3acc9b9
Remove question in comment about verify flags on cli vs. server
by Hanno Becker
· 6 years ago
6b8fbab
Free peer CRT chain immediately after verifying it
by Hanno Becker
· 6 years ago
0056eab
Parse peer's CRT chain in-place from the input buffer
by Hanno Becker
· 6 years ago
b9d4479
Correct compile-time guards for ssl_clear_peer_cert()
by Hanno Becker
· 6 years ago
e682457
Guard mbedtls_ssl_get_peer_cert() by new compile-time option
by Hanno Becker
· 6 years ago
b6c5eca
Adapt mbedtls_ssl_parse_certificate() to removal of peer_cert field
by Hanno Becker
· 6 years ago
13c327d
Adapt ssl_clear_peer_cert() to removal of `peer_cert` field
by Hanno Becker
· 6 years ago
6d1986e
Adapt mbedtls_ssl_session_copy() to removal of `peer_cert` field
by Hanno Becker
· 6 years ago
a274753
Make a copy of peer's raw public key after verifying its CRT chain
by Hanno Becker
· 6 years ago
7517312
Add field for peer's raw public key to TLS handshake param structure
by Hanno Becker
· 6 years ago
3dad311
Parse and verify peer CRT chain in local variable
by Hanno Becker
· 6 years ago
177475a
Mitigate triple handshake attack by comparing digests only
by Hanno Becker
· 6 years ago
6bbd94c
Compute digest of peer's end-CRT in mbedtls_ssl_parse_certificate()
by Hanno Becker
· 6 years ago
9198ad1
Extend mbedtls_ssl_session by buffer holding peer CRT digest
by Hanno Becker
· 6 years ago
52055ae
Give ssl_session_copy() external linkage
by Hanno Becker
· 6 years ago
c7bd780
Allow passing any X.509 CRT chain to ssl_parse_certificate_chain()
by Hanno Becker
· 6 years ago
6863619
Introduce helper function for peer CRT chain verification
by Hanno Becker
· 6 years ago
fcd9e71
Don't progress TLS state machine on peer CRT chain parsing error
by Hanno Becker
· 6 years ago
28f2fcd
Add helper function to check whether a CRT msg is expected
by Hanno Becker
· 6 years ago
7177a88
Introduce helper function to determine whether suite uses server CRT
by Hanno Becker
· 6 years ago
2148993
Use helper macro to detect whether some ciphersuite uses CRTs
by Hanno Becker
· 6 years ago
6bdfab2
Unify state machine update in mbedtls_ssl_parse_certificate()
by Hanno Becker
· 6 years ago
7a955a0
Clear peer's CRT chain outside before parsing new one
by Hanno Becker
· 6 years ago
4a55f63
Introduce helper to check for no-CRT notification from client
by Hanno Becker
· 6 years ago
a028c5b
Introduce CRT counter to CRT chain parsing function
by Hanno Becker
· 6 years ago
1294a0b
Introduce helper function to clear peer CRT from session structure
by Hanno Becker
· 6 years ago
f852b1c
Break overly long line in definition of mbedtls_ssl_get_session()
by Hanno Becker
· 6 years ago
60848e6
Don't reuse CRT from initial handshake during renegotiation
by Hanno Becker
· 6 years ago
86016a0
Merge remote-tracking branch 'origin/pr/2338' into development
by Jaeden Amero
· 6 years ago
461bd3d
Merge remote-tracking branch 'origin/pr/2454' into development
by Jaeden Amero
· 6 years ago
9f47f82
Merge remote-tracking branch 'origin/pr/2391' into development
by Jaeden Amero
· 6 years ago
3497323
Initialize PSA Crypto operation contexts
by Jaeden Amero
· 6 years ago
4a63ed4
Implement ClientKeyExchange writing in PSA-based ECDHE suites
by Hanno Becker
· 7 years ago
46f34d0
Fix style issue and wording
by Hanno Becker
· 6 years ago
c1e18bd
Fix memory leak
by Hanno Becker
· 7 years ago
e2734e2
Improve formatting of ssl_parse_certificate_chain()
by Hanno Becker
· 7 years ago
84879e3
Add compile-time guards around helper routine
by Hanno Becker
· 7 years ago
def9bdc
Don't store the peer CRT chain twice during renegotiation
by Hanno Becker
· 7 years ago
8a2e97c
Merge development-psa commit 80b5662 into development-psa-merged branch
by Andrzej Kurek
· 6 years ago
80b5662
Merge remote-tracking branch 'origin/pr/2386' into development-psa
by Jaeden Amero
· 6 years ago
archive/development-psa
development-psa
65408c5
Merge remote-tracking branch 'origin/pr/2355' into development-psa
by Jaeden Amero
· 6 years ago
de5a007
Merge development commit f352f7 into development-psa
by Andrzej Kurek
· 7 years ago
c470b6b
Merge development commit 8e76332 into development-psa
by Andrzej Kurek
· 7 years ago
2ad2297
ssl_tls: add psa_hash_abort when reseting checksum
by Andrzej Kurek
· 7 years ago
972fba5
ssl_tls: rename sha_512_psa to sha_384_psa
by Andrzej Kurek
· 7 years ago
eb34224
ssl_tls: use PSA to compute running handshake hash for TLS 1.2
by Andrzej Kurek
· 7 years ago
2d4faa6
ssl_tls: remove redundant status check
by Andrzej Kurek
· 7 years ago
archive/iotssl-2690-tls-prf-generic
iotssl-2690-tls-prf-generic
2f76075
ssl_tls: adjust to the new key policy initialization and key allocation
by Andrzej Kurek
· 7 years ago
ac5dc34
Fix key allocation for tls_prf_generic
by Andrzej Kurek
· 7 years ago
3317126
ssl_tls: add missing return brackets
by Andrzej Kurek
· 7 years ago
70737ca
ssl_tls: add key destruction upon generator failure
by Andrzej Kurek
· 7 years ago
c929a82
Implement tls_prf_generic using the PSA API
by Andrzej Kurek
· 7 years ago
5615dab
ssl_tls: remove line breaks from a debug message
by Andrzej Kurek
· 7 years ago
archive/iotssl-2689-psa-tls1_2-get-key-exchange
iotssl-2689-psa-tls1_2-get-key-exchange
e85414e
ssl-opt: add a check for PSA computation of digest of ServerKeyExchange
by Andrzej Kurek
· 7 years ago
814feff
Whitespace, logging and documentation fixes
by Andrzej Kurek
· 7 years ago
d6db9be
Adapt mbedtls_ssl_get_key_exchange_md_tls1_2 to PSA hashing
by Andrzej Kurek
· 7 years ago
36e89b5
Fix #2370, minor typos and spelling mistakes
by Antonin Décimo
· 7 years ago
2349c4d
Adapt to the new key allocation mechanism
by Andrzej Kurek
· 7 years ago
e1b1a2c
Merge remote-tracking branch 'upstream-public/pr/2181' into development
by Jaeden Amero
· 7 years ago
3fbdada
SSL: Make use of the new ECDH interface
by Janos Follath
· 7 years ago
a0a96a0
Merge branch 'psa_cipher_integration' into development-psa-proposed
by Hanno Becker
· 7 years ago
cb1cc80
Use PSA-based ciphers for record protections in TLS-1.2 only
by Hanno Becker
· 7 years ago
f704bef
Setup PSA-based cipher context in mbedtls_ssl_derive_keys()
by Hanno Becker
· 7 years ago
7390c71
Share code for PSK identity configuration
by Hanno Becker
· 7 years ago
a63ac3f
Safe-guard `ssl_conf_remove_psk()` for simultaneous raw-opaque PSKs
by Hanno Becker
· 7 years ago
f9ed7d5
Don't use 48 as a magic number in ssl_derive_keys()
by Hanno Becker
· 7 years ago
7d0a569
Implement PSA-based PSK-to-MS derivation in mbedtls_ssl_derive_keys
by Hanno Becker
· 7 years ago
35b23c7
Simplify master secret derivation in mbedtls_ssl_derive_keys()
by Hanno Becker
· 7 years ago
d20a8ca
Implement API for configuration of opaque PSKs
by Hanno Becker
· 7 years ago
f6d6e30
Fix incomplete assertion in ssl_write_handshake_msg()
by Hanno Becker
· 7 years ago
2705bea
Merge remote-tracking branch 'public/pr/2095' into development-proposed
by Simon Butcher
· 7 years ago
17a0fab
Merge remote-tracking branch 'public/pr/2111' into development-proposed
by Simon Butcher
· 7 years ago
169712e
Merge remote-tracking branch 'restricted/pr/390' into development
by Simon Butcher
· 7 years ago
dd3ab13
Fail when encountering invalid CBC padding in EtM records
by Hanno Becker
· 7 years ago
805f2e1
Add missing zeroization of buffered handshake messages
by Hanno Becker
· 7 years ago
Next »