TrustedFirmware Git Browser
Code Review
Sign In
review.trustedfirmware.org
/
mirror
/
mbed-tls
/
b59d3f1692b6df35ab5ebf40aa21bfab114f6498
b59d3f1
Add single function to parse ASN.1 AlgorithmIdentifier to x509.c
by Hanno Becker
· 6 years ago
1898b68
Allow NULL pointer in mbedtls_x509_get_sig_alg if params not needed
by Hanno Becker
· 6 years ago
c84fd1c
Check whether CRT is revoked by passing its serial number only
by Hanno Becker
· 6 years ago
b3def1d
Move length check into mbedtls_x509_memcasecmp()
by Hanno Becker
· 6 years ago
f1b39bf
Implement v3 Extension parsing through ASN.1 SEQUENCE OF traversal
by Hanno Becker
· 6 years ago
c7c638e
Implement ExtKeyUsage traversal via ASN.1 SEQUENCE OF traversal
by Hanno Becker
· 6 years ago
90b9408
Implement SubjectAltName traversal via ASN.1 SEQUENCE OF traversal
by Hanno Becker
· 6 years ago
8730610
Introduce ASN.1 API for traversing ASN.1 SEQUENCEs
by Hanno Becker
· 6 years ago
5984d30
Make use of cb to build linked list presentation of SubjectAltName
by Hanno Becker
· 6 years ago
ad46219
Add cb to build dynamic linked list representation of SubjectAltName
by Hanno Becker
· 6 years ago
da41082
Add callback to search through SubjectAltNames extension
by Hanno Becker
· 6 years ago
2c6cc04
Add function to traverse raw SubjectAltName extension
by Hanno Becker
· 6 years ago
2492622
Pass raw data to x509_check_wildcard() and `x509_crt_check_cn()`
by Hanno Becker
· 6 years ago
ded167e
Add raw buffer holding SubjectAlternativeName ext to CRT structure
by Hanno Becker
· 6 years ago
e1956af
Check for extended key usage by traversing raw extension data
by Hanno Becker
· 6 years ago
7ec9c36
Add buffer holding raw ExtKeyUsage extension data to CRT struct
by Hanno Becker
· 6 years ago
8b543b3
Make use of abort condition callback in CN comparison
by Hanno Becker
· 6 years ago
67284cc
Add abort condition callback to `mbedtls_x509_name_cmp_raw()`
by Hanno Becker
· 6 years ago
7dee12a
Make use of raw comparison function in CRT verification
by Hanno Becker
· 6 years ago
f8a4286
Add buffers with raw issuer/subject data to CRT structure
by Hanno Becker
· 6 years ago
a632e36
Add buffer with raw issuer data to CRL structure
by Hanno Becker
· 6 years ago
a3a2ca1
Provide X.509 name comparison based on raw ASN.1 data
by Hanno Becker
· 6 years ago
88de342
Move x509_name_cmp() from x509_crt.c to x509.c
by Hanno Becker
· 6 years ago
83cd867
Remove `sig_oid` parameter from mbedtls_x509_sig_alg_gets()
by Hanno Becker
· 6 years ago
f226998
Reduce code-size of mbedtls_asn1_get_sequence_of()
by Hanno Becker
· 6 years ago
b541986
Reduce code-size of mbedtls_asn1_get_alg()
by Hanno Becker
· 6 years ago
30cb1ac
Reduce code-size of mbedtls_x509_get_name()
by Hanno Becker
· 6 years ago
3470d59
Simplify implementation of mbedtls_x509_get_name()
by Hanno Becker
· 6 years ago
b40dc58
Introduce a helper macro to check for ASN.1 string tags
by Hanno Becker
· 6 years ago
ace04a6
Move bounds check into ASN.1 parsing function
by Hanno Becker
· 6 years ago
74b89f6
Use private key to check suitability of PK type when picking srv CRT
by Hanno Becker
· 6 years ago
81bb4d0
Simplify server-side ssl_decrypt_encrypted_pms()
by Hanno Becker
· 6 years ago
cd03bb2
Introduce helper functions to free X.509 names and sequences
by Hanno Becker
· 6 years ago
393338c
Merge pull request #586 from ARMmbed/remove_peer_crt_after_handshake_no_digest-baremetal
by Manuel Pégourié-Gonnard
· 6 years ago
79cf74a
Merge pull request #583 from ARMmbed/remove_peer_crt_after_handshake-baremetal
by Manuel Pégourié-Gonnard
· 6 years ago
8dcd80e
Merge pull request #578 from ARMmbed/x509_parse_bf-baremetal
by Manuel Pégourié-Gonnard
· 6 years ago
cc3b7cc
Merge pull request #579 from Patater/bm-dont-use-non-existent-encrypt-then-mac
by Manuel Pégourié-Gonnard
· 6 years ago
e256f7c
Add test for !KEEP_PEER_CERTIFICATE + !RENEGOTIAITON to all.sh
by Hanno Becker
· 6 years ago
5882dd0
Remove CRT digest from SSL session if !RENEGO + !KEEP_PEER_CERT
by Hanno Becker
· 6 years ago
0528f82
Clarify documentation of serialized session format
by Hanno Becker
· 6 years ago
d972f00
Use consistent error messages in check_config.h
by Hanno Becker
· 6 years ago
17daaa5
Move return statement in ssl_srv_check_client_no_crt_notification
by Hanno Becker
· 6 years ago
2326d20
Validate consistency of certificate hash type and length in session
by Hanno Becker
· 6 years ago
fd5dc8a
Fix unused variable warning in ssl_parse_certificate_coordinate()
by Hanno Becker
· 6 years ago
488c8de
Add missing compile time guard in ssl_client2
by Hanno Becker
· 6 years ago
b6f7241
Update programs/ssl/query_config.c
by Hanno Becker
· 6 years ago
b7fab76
ssl_client2: Reset peer CRT info string on reconnect
by Hanno Becker
· 6 years ago
c39e23e
Add further debug statements on assertion failures
by Hanno Becker
· 6 years ago
42de8f8
Fix typo in documentation of ssl_parse_certificate_chain()
by Hanno Becker
· 6 years ago
e9839c0
Add debug output in case of assertion failure
by Hanno Becker
· 6 years ago
2984bd2
Add config sanity check for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
by Hanno Becker
· 6 years ago
f9ca30d
ssl_client2: Zeroize peer CRT info buffer when reconnecting
by Hanno Becker
· 6 years ago
890d7ee
Reintroduce numerous ssl-opt.sh tests if !MBEDTLS_SSL_KEEP_PEER_CERT
by Hanno Becker
· 6 years ago
975c463
ssl_client2: Extract peer CRT info from verification callback
by Hanno Becker
· 6 years ago
24bc570
Improve documentation of mbedtls_ssl_get_peer_cert()
by Hanno Becker
· 6 years ago
3ed6457
Improve documentation of MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
by Hanno Becker
· 6 years ago
dd68931
Fix indentation of Doxygen comment in ssl_internal.h
by Hanno Becker
· 6 years ago
9d64b78
Set peer CRT length only after successful allocation
by Hanno Becker
· 6 years ago
257ef65
Remove question in comment about verify flags on cli vs. server
by Hanno Becker
· 6 years ago
e669770
Remove misleading and redundant guard around restartable ECC field
by Hanno Becker
· 6 years ago
92820a1
Add test for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to all.sh
by Hanno Becker
· 6 years ago
34106f6
Free peer CRT chain immediately after verifying it
by Hanno Becker
· 6 years ago
0cc7af5
Parse peer's CRT chain in-place from the input buffer
by Hanno Becker
· 6 years ago
6c83db7
Free peer's public key as soon as it's no longer needed
by Hanno Becker
· 6 years ago
1757247
Correct compile-time guards for ssl_clear_peer_cert()
by Hanno Becker
· 6 years ago
597ffe4
Adapt ChangeLog
by Hanno Becker
· 6 years ago
bfab9df
Guard mbedtls_ssl_get_peer_cert() by new compile-time option
by Hanno Becker
· 6 years ago
8b6d2cd
Add dependency to ssl-opt.sh tests which need peer CRT debug info
by Hanno Becker
· 6 years ago
81d11aa
Adapt mbedtls_ssl_parse_certificate() to removal of peer_cert field
by Hanno Becker
· 6 years ago
5062897
Adapt ssl_clear_peer_cert() to removal of `peer_cert` field
by Hanno Becker
· 6 years ago
d5258fa
Adapt mbedtls_ssl_session_copy() to removal of `peer_cert` field
by Hanno Becker
· 6 years ago
cd90126
Adapt client auth detection in ssl_parse_certificate_verify()
by Hanno Becker
· 6 years ago
b265f5f
Use mbedtls_ssl_get_peer_cert() to query peer cert in cert_app
by Hanno Becker
· 6 years ago
0833c10
Adapt server-side signature verification to use raw public key
by Hanno Becker
· 6 years ago
69fad13
Adapt client-side signature verification to use raw public key
by Hanno Becker
· 6 years ago
53b6b7e
Adapt ssl_get_ecdh_params_from_cert() to use raw public key
by Hanno Becker
· 6 years ago
374800a
Adapt ssl_write_encrypted_pms() to use raw public key
by Hanno Becker
· 6 years ago
cf291d6
Make a copy of peer's raw public key after verifying its CRT chain
by Hanno Becker
· 6 years ago
3bf8cdf
Add field for peer's raw public key to TLS handshake param structure
by Hanno Becker
· 6 years ago
32c530e
Add raw public key buffer bounds to mbedtls_x509_crt struct
by Hanno Becker
· 6 years ago
2e6d347
Remove peer CRT from mbedtls_ssl_session if !KEEP_PEER_CERT
by Hanno Becker
· 6 years ago
4a2f8e5
Add peer CRT digest to session tickets
by Hanno Becker
· 6 years ago
e4aeb76
Parse and verify peer CRT chain in local variable
by Hanno Becker
· 7 years ago
df75938
Mitigate triple handshake attack by comparing digests only
by Hanno Becker
· 7 years ago
3008d28
Compute digest of peer's end-CRT in mbedtls_ssl_parse_certificate()
by Hanno Becker
· 7 years ago
9fb6e2e
Extend mbedtls_ssl_session by buffer holding peer CRT digest
by Hanno Becker
· 7 years ago
c88289a
Update version_features.c
by Hanno Becker
· 6 years ago
b90f655
Add configuration option to remove peer CRT after handshake
by Hanno Becker
· 7 years ago
869144b
Improve documentation of mbedtls_ssl_get_peer_cert()
by Hanno Becker
· 7 years ago
f02d550
Re-classify errors on missing peer CRT
by Hanno Becker
· 6 years ago
a177b38
Simplify session cache implementation via mbedtls_ssl_session_copy()
by Hanno Becker
· 6 years ago
58fccf2
Give ssl_session_copy() external linkage
by Hanno Becker
· 6 years ago
35e4177
Allow passing any X.509 CRT chain to ssl_parse_certificate_chain()
by Hanno Becker
· 7 years ago
3cf5061
Introduce helper function for peer CRT chain verification
by Hanno Becker
· 7 years ago
a7c1df6
Don't progress TLS state machine on peer CRT chain parsing error
by Hanno Becker
· 7 years ago
ae39b9e
Make use of macro and helper detecting whether CertRequest allowed
by Hanno Becker
· 6 years ago
6b9a6f3
Add helper function to check whether a CRT msg is expected
by Hanno Becker
· 6 years ago
5097cba
Introduce helper function to determine whether suite uses server CRT
by Hanno Becker
· 7 years ago
b71e90a
Use helper macro to detect whether some ciphersuite uses CRTs
by Hanno Becker
· 7 years ago
613d490
Unify state machine update in mbedtls_ssl_parse_certificate()
by Hanno Becker
· 7 years ago
Next »