Log - c39e23ebb68cf0bb49f68a54f77bf88494d04dd1 - mirror/mbed-tls

42de8f8 Fix typo in documentation of ssl_parse_certificate_chain() by Hanno Becker · 6 years ago
9d64b78 Set peer CRT length only after successful allocation by Hanno Becker · 6 years ago
257ef65 Remove question in comment about verify flags on cli vs. server by Hanno Becker · 6 years ago
34106f6 Free peer CRT chain immediately after verifying it by Hanno Becker · 6 years ago
0cc7af5 Parse peer's CRT chain in-place from the input buffer by Hanno Becker · 6 years ago
1757247 Correct compile-time guards for ssl_clear_peer_cert() by Hanno Becker · 6 years ago
bfab9df Guard mbedtls_ssl_get_peer_cert() by new compile-time option by Hanno Becker · 6 years ago
81d11aa Adapt mbedtls_ssl_parse_certificate() to removal of peer_cert field by Hanno Becker · 6 years ago
5062897 Adapt ssl_clear_peer_cert() to removal of `peer_cert` field by Hanno Becker · 6 years ago
d5258fa Adapt mbedtls_ssl_session_copy() to removal of `peer_cert` field by Hanno Becker · 6 years ago
cf291d6 Make a copy of peer's raw public key after verifying its CRT chain by Hanno Becker · 6 years ago
3bf8cdf Add field for peer's raw public key to TLS handshake param structure by Hanno Becker · 6 years ago
2e6d347 Remove peer CRT from mbedtls_ssl_session if !KEEP_PEER_CERT by Hanno Becker · 6 years ago
4a2f8e5 Add peer CRT digest to session tickets by Hanno Becker · 6 years ago
e4aeb76 Parse and verify peer CRT chain in local variable by Hanno Becker · 6 years ago
df75938 Mitigate triple handshake attack by comparing digests only by Hanno Becker · 6 years ago
3008d28 Compute digest of peer's end-CRT in mbedtls_ssl_parse_certificate() by Hanno Becker · 6 years ago
9fb6e2e Extend mbedtls_ssl_session by buffer holding peer CRT digest by Hanno Becker · 6 years ago
58fccf2 Give ssl_session_copy() external linkage by Hanno Becker · 6 years ago
35e4177 Allow passing any X.509 CRT chain to ssl_parse_certificate_chain() by Hanno Becker · 6 years ago
3cf5061 Introduce helper function for peer CRT chain verification by Hanno Becker · 6 years ago
a7c1df6 Don't progress TLS state machine on peer CRT chain parsing error by Hanno Becker · 6 years ago
6b9a6f3 Add helper function to check whether a CRT msg is expected by Hanno Becker · 6 years ago
5097cba Introduce helper function to determine whether suite uses server CRT by Hanno Becker · 6 years ago
b71e90a Use helper macro to detect whether some ciphersuite uses CRTs by Hanno Becker · 6 years ago
613d490 Unify state machine update in mbedtls_ssl_parse_certificate() by Hanno Becker · 6 years ago
a46c287 Clear peer's CRT chain outside before parsing new one by Hanno Becker · 6 years ago
b8a0857 Introduce helper to check for no-CRT notification from client by Hanno Becker · 6 years ago
8794fd9 Introduce CRT counter to CRT chain parsing function by Hanno Becker · 6 years ago
2214159 Introduce helper function to clear peer CRT from session structure by Hanno Becker · 6 years ago
933b9fc Break overly long line in definition of mbedtls_ssl_get_session() by Hanno Becker · 6 years ago
1332f35 Don't reuse CRT from initial handshake during renegotiation by Hanno Becker · 6 years ago
f2ef573 Merge remote-tracking branch 'origin/pr/598' into baremetal by Simon Butcher · 6 years ago
889bbc7 Fix unreachable code warnings with armc5 by Manuel Pégourié-Gonnard · 6 years ago
cc71c77 Fix typos, grammar and wording in documentation by Manuel Pégourié-Gonnard · 6 years ago
d87601e Declare and document ssl_context_save()/load() by Manuel Pégourié-Gonnard · 6 years ago
c725e4b Merge remote-tracking branch 'origin/pr/590' into baremetal by Simon Butcher · 6 years ago
01a8eb2 Merge remote-tracking branch 'origin/pr/585' into baremetal by Simon Butcher · 6 years ago
ec1c222 Fix a few style issues by Manuel Pégourié-Gonnard · 6 years ago
8794a42 Clarify a few more comments and documentation by Manuel Pégourié-Gonnard · 6 years ago
18b9a49 Disable the enforce flag by default by Jarno Lamsa · 6 years ago
842be16 Check for the enforcing and fail handshake if the peer doesn't support by Jarno Lamsa · 6 years ago
d9382f8 Add definitions for enforce flag values by Jarno Lamsa · 6 years ago
7a5e2be Create a new flag for enforcing the extended master secret by Jarno Lamsa · 6 years ago
64c1681 Use new macros for all TLS/DTLS tests by Manuel Pégourié-Gonnard · 6 years ago
ff4bd9f Use new tools for all cases with TLS-specific code by Manuel Pégourié-Gonnard · 6 years ago
25838b7 Introduce tools for transport-specific code by Manuel Pégourié-Gonnard · 6 years ago
e744eab Adapt defaults and programs documentation by Manuel Pégourié-Gonnard · 6 years ago
68b856d Fix style issue and wording by Hanno Becker · 6 years ago
fe87027 Fix memory leak by Hanno Becker · 7 years ago
fd39919 Improve formatting of ssl_parse_certificate_chain() by Hanno Becker · 7 years ago
285ff0c Add compile-time guards around helper routine by Hanno Becker · 7 years ago
33c3dc8 Don't store the peer CRT chain twice during renegotiation by Hanno Becker · 7 years ago
7bf7710 Remove reference to outdated compile-time option by Hanno Becker · 6 years ago
5dbcc9f Introduce specific error for ver/cfg mismatch on deserialization by Hanno Becker · 6 years ago
baf968c Use def'n consts for bits in config-identifier of serialized data by Hanno Becker · 6 years ago
b36db4f Note that ver+fmt bytes in serialized data must not be removed by Hanno Becker · 6 years ago
26829e9 Improve doc'n of config-identifying bitfield in serialized session by Hanno Becker · 6 years ago
1d8b6d7 Session serialization: Fail with BAD_INPUT_DATA if buffer too small by Hanno Becker · 6 years ago
4152762 Encode relevant parts of the config in serialized session header by Hanno Becker · 6 years ago
557fe9f Add configuration identifier to serialized SSL sessions by Hanno Becker · 6 years ago
b5352f0 Add Mbed TLS version to SSL sessions by Hanno Becker · 6 years ago
60a4299 Add new ABI-independent format for serialization by Manuel Pégourié-Gonnard · 6 years ago
35ccdbb Normalize spelling to serialiZation by Manuel Pégourié-Gonnard · 6 years ago
5709811 Add test for session_load() from small buffers by Manuel Pégourié-Gonnard · 6 years ago
32ce596 Improve save API by always updating olen by Manuel Pégourié-Gonnard · 6 years ago
37a5324 Add mbedtls_ssl_get_session_pointer() by Manuel Pégourié-Gonnard · 6 years ago
ef4ae61 Add support for serialisation session with ticket by Manuel Pégourié-Gonnard · 6 years ago
91f4ca2 Move session save/load function to ssl_tls.c by Manuel Pégourié-Gonnard · 6 years ago
0d1d76f Merge remote-tracking branch 'origin/pr/561' into baremetal by Simon Butcher · 6 years ago
5a790f9 Merge remote-tracking branch 'origin/pr/563' into baremetal by Simon Butcher · 6 years ago
675c4d6 Add debug line witnessing receipt of unexpected CID by Hanno Becker · 6 years ago
d8f7c4a Fix indentation in debug message in ssl_tls.c by Hanno Becker · 6 years ago
3b2bf5b Improve comment in ssl_parse_record_header() by Hanno Becker · 6 years ago
633d604 Allow passing NULL pointers to mbedtls_ssl_get_peer_cid() by Hanno Becker · 6 years ago
a5a2b08 Rename MBEDTLS_SSL_CID to MBEDTLS_SSL_DTLS_CONNECTION_ID by Hanno Becker · 6 years ago
e582d12 Slightly reorder CID debug messages during creation of transforms by Hanno Becker · 6 years ago
791ec6b Fix mbedtls_ssl_conf_cid() to not depend on macro constant values by Hanno Becker · 6 years ago
b86c2a8 Remove warnings about unfinished CID implementation by Hanno Becker · 6 years ago
e8eff9a Allow to configure the stack's behaviour on unexpected CIDs by Hanno Becker · 6 years ago
7842609 Remove restriction on value of MBEDTLS_SSL_CID_PADDING_GRANULARITY by Hanno Becker · 6 years ago
7ba3568 Make signed to unsigned integer truncation cast explicit by Hanno Becker · 6 years ago
550e166 Allow the configuration of padding when using CID extension by Hanno Becker · 6 years ago
9bf10ea Set CID pointer to default value even for TLS by Hanno Becker · 6 years ago
f65ad82 Fix typo in comment by Hanno Becker · 6 years ago
043a2a4 Remove indicators and warnings about unfinished CID implementation by Hanno Becker · 6 years ago
4932f9f Re-enable passing CIDs to record transforms by Hanno Becker · 6 years ago
687e0fb Don't fail on record with unexpected CID by Hanno Becker · 6 years ago
abd7c89 Re-enable CID comparison when decrypting CID-based records by Hanno Becker · 6 years ago
8b09b73 Implement parsing of CID-based records by Hanno Becker · 6 years ago
ff3e9c2 Adapt record encryption/decryption routines to change of record type by Hanno Becker · 6 years ago
70e7928 Add pointers to in/out CID fields to mbedtls_ssl_context by Hanno Becker · 6 years ago
add0190 Account for additional record expansion when using CIDs by Hanno Becker · 6 years ago
eec2be9 Add CID configuration API by Hanno Becker · 6 years ago
4339576 Split mbedtls_ssl_hdr_len() in separate functions for in/out records by Hanno Becker · 6 years ago
46483f1 Add helper function to check validity of record content type by Hanno Becker · 6 years ago
74dd3a7 Move dropping of unexpected AD records to after record decryption by Hanno Becker · 6 years ago
f5970a0 Set pointer to start of plaintext at record decryption time by Hanno Becker · 6 years ago
16e9ae2 Treat an invalid record after decryption as fatal by Hanno Becker · 6 years ago
70463db Expain rationale for handling of consecutive empty AD records by Hanno Becker · 6 years ago