Gilles Peskine 858880686e Don't rely on private key metadata in SSL ... When checking whether a server key matches the handshake parameters, rely only on the offered certificate and not on the metadata of the private key. Specifically, with an EC key, check the curve in the certificate rather than in the associated private key. This was the only place in the SSL module where mbedtls_pk_ec or mbedtls_pk_rsa was called to access a private signature or decryption key (as opposed to a public key or a key used for DH/ECDH).		2018-01-22 07:51:24 -05:00
..
.gitignore
aes.c	Merge remote-tracking branch 'upstream-public/pr/964' into development	2018-01-02 16:24:29 +01:00
aesni.c
arc4.c
asn1parse.c
asn1write.c
base64.c
bignum.c
blowfish.c
camellia.c
ccm.c
certs.c	Undo API change from SHA1 deprecation	2017-07-27 21:44:33 +01:00
cipher_wrap.c
cipher.c
cmac.c	Merge remote-tracking branch 'upstream-public/pr/866' into development	2018-01-02 15:55:55 +01:00
CMakeLists.txt	Merge branch 'development' into iotssl-1619	2017-12-22 10:24:32 +00:00
ctr_drbg.c
debug.c
des.c
dhm.c	Check return code of mbedtls_mpi_fill_random	2017-07-27 21:44:33 +01:00
ecdh.c	Address PR cpomments reviews	2017-10-10 19:04:27 +03:00
ecdsa.c	Merge remote-tracking branch 'upstream-public/pr/1027' into development	2018-01-09 10:42:03 +00:00
ecjpake.c
ecp_curves.c
ecp.c	Check return code of mbedtls_mpi_fill_random	2017-07-27 21:44:33 +01:00
entropy_poll.c
entropy.c	Merge branch 'pr_1025' into development	2017-11-28 18:23:53 +01:00
error.c	Merge remote-tracking branch 'upstream-public/pr/964' into development	2018-01-02 16:24:29 +01:00
gcm.c	Merge remote-tracking branch 'upstream-public/pr/964' into development	2018-01-02 16:24:29 +01:00
havege.c
hmac_drbg.c
Makefile	Introduce new files rsa_internal.[ch] for RSA helper functions	2017-10-11 11:00:19 +01:00
md2.c
md4.c
md5.c
md_wrap.c
md.c
memory_buffer_alloc.c
net_sockets.c	Merge remote-tracking branch 'upstream-public/pr/895' into development	2017-11-29 20:49:21 +01:00
oid.c
padlock.c
pem.c
pk_wrap.c	Merge branch 'development' into iotssl-1619	2017-12-22 10:24:32 +00:00
pk.c	Change PK module preprocessor check on word size	2017-08-04 13:32:15 +01:00
pkcs5.c
pkcs11.c
pkcs12.c
pkparse.c	Preserve old behavior by checking public key in RSA parsing function	2018-01-05 08:08:09 +00:00
pkwrite.c	Adapt PK test suite to use new interface	2017-08-23 16:17:27 +01:00
platform.c	Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT	2017-07-27 21:44:33 +01:00
ripemd160.c
rsa_internal.c	Add explicit type cast to avoid truncation warning	2018-01-03 09:27:40 +00:00
rsa.c	Add explicit uint truncation casts	2018-01-15 15:27:56 +00:00
sha1.c
sha256.c
sha512.c
ssl_cache.c	Address PR review comments	2017-10-29 17:53:52 +02:00
ssl_ciphersuites.c	Undo API change	2017-07-27 21:44:33 +01:00
ssl_cli.c	Merge remote-tracking branch 'upstream-public/pr/1141' into development	2017-11-29 20:50:59 +01:00
ssl_cookie.c
ssl_srv.c	Don't rely on private key metadata in SSL	2018-01-22 07:51:24 -05:00
ssl_ticket.c
ssl_tls.c	Merge remote-tracking branch 'upstream-public/pr/1141' into development	2017-11-29 20:50:59 +01:00
threading.c	Remove mutexes from ECP hardware acceleration	2017-07-27 21:44:32 +01:00
timing.c	Timing self test: shorten redundant tests	2017-12-20 22:31:17 +01:00
version_features.c	Merge remote-tracking branch 'upstream-public/pr/1060' into development	2018-01-09 12:20:54 +00:00
version.c
x509_create.c
x509_crl.c	Fix potential integer overflow parsing DER CRL	2017-07-27 21:44:34 +01:00
x509_crt.c	Fix potential integer overflow parsing DER CRT	2017-07-27 21:44:34 +01:00
x509_csr.c	Prevent signed integer overflow in CSR parsing	2017-07-27 21:44:34 +01:00
x509.c	Correctly handle leap year in x509_date_is_valid()	2017-10-12 23:21:37 +01:00
x509write_crt.c	Clarify code-paths in x509write_csr and x509write_crt	2017-09-22 16:05:43 +01:00
x509write_csr.c	Clarify code-paths in x509write_csr and x509write_crt	2017-09-22 16:05:43 +01:00
xtea.c