Janos Follath 
							
						 
					 
					
						
						
						
						
							
						
						
							10c575be3e 
							
						 
					 
					
						
						
							
							Fix odd bitlength RSA key generation  
						
						... 
						
						
						
						Fix issue that caused a hang up when generating RSA keys of odd
bitlength. 
						
						
					 
					
						2016-04-15 18:49:13 +01:00 
						 
				 
			
				
					
						
							
							
								Nicholas Wilson 
							
						 
					 
					
						
						
						
						
							
						
						
							409401c044 
							
						 
					 
					
						
						
							
							Shut up a few clang-analyze warnings about use of uninitialized variables  
						
						... 
						
						
						
						The functions are all safe, Clang just isn't clever enough to realise
it. 
						
						
					 
					
						2016-04-13 11:56:22 +01:00 
						 
				 
			
				
					
						
							
							
								Simon Butcher 
							
						 
					 
					
						
						
						
						
							
						
						
							078bcdd6f6 
							
						 
					 
					
						
						
							
							Merge branch 'IOTSSL-628-BufferOverread'  
						
						
						
						
					 
					
						2016-03-16 22:53:11 +00:00 
						 
				 
			
				
					
						
							
							
								Simon Butcher 
							
						 
					 
					
						
						
						
						
							
						
						
							0203745e23 
							
						 
					 
					
						
						
							
							Swap C++ comments to C for style consistency in rsa.c  
						
						
						
						
					 
					
						2016-03-09 21:06:20 +00:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
						
						
							
						
						
							c69fa50d4c 
							
						 
					 
					
						
						
							
							Removing 'if' branch from the fix.  
						
						... 
						
						
						
						This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch. 
						
						
					 
					
						2016-03-09 21:06:19 +00:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
						
						
							
						
						
							b6eb1ca01c 
							
						 
					 
					
						
						
							
							Length check added  
						
						
						
						
					 
					
						2016-03-09 21:06:19 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							370717b571 
							
						 
					 
					
						
						
							
							Add precision about exploitability in ChangeLog  
						
						... 
						
						
						
						Also fix some whitespace while at it. 
						
						
					 
					
						2016-03-09 21:06:19 +00:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
						
						
							
						
						
							eddfe8f6f3 
							
						 
					 
					
						
						
							
							Included tests for the overflow  
						
						
						
						
					 
					
						2016-03-09 21:06:19 +00:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
						
						
							
						
						
							c17cda1ab9 
							
						 
					 
					
						
						
							
							Moved underflow test to better reflect time constant behaviour.  
						
						
						
						
					 
					
						2016-02-11 11:08:18 +00:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
						
						
							
						
						
							b8afe1bb2c 
							
						 
					 
					
						
						
							
							Included test for integer underflow.  
						
						
						
						
					 
					
						2016-02-09 14:51:35 +00:00 
						 
				 
			
				
					
						
							
							
								Simon Butcher 
							
						 
					 
					
						
						
						
						
							
						
						
							bdae02ce90 
							
						 
					 
					
						
						
							
							Corrected references for RSA and DHM  
						
						... 
						
						
						
						The links in the references in rsa.c and dhm.c were no longer valid and needed
updating. 
						
						
					 
					
						2016-01-20 00:44:42 +00:00 
						 
				 
			
				
					
						
							
							
								Simon Butcher 
							
						 
					 
					
						
						
						
						
							
						
						
							1285ab5dc2 
							
						 
					 
					
						
						
							
							Fix for memory leak in RSA-SSA signing  
						
						... 
						
						
						
						Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c 
						
						
					 
					
						2016-01-01 21:42:47 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							fb84d38b45 
							
						 
					 
					
						
						
							
							Try to prevent some misuse of RSA functions  
						
						... 
						
						
						
						fixes  #331  
					
						2015-10-30 10:56:25 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							5f50104c52 
							
						 
					 
					
						
						
							
							Add counter-measure against RSA-CRT attack  
						
						... 
						
						
						
						https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/  
					
						2015-09-08 13:39:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							37ff14062e 
							
						 
					 
					
						
						
							
							Change main license to Apache 2.0  
						
						
						
						
					 
					
						2015-09-04 14:21:07 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							4d04cdcd12 
							
						 
					 
					
						
						
							
							Fix RSA mutex fix  
						
						... 
						
						
						
						Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.
Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.
see #257  
						
						
					 
					
						2015-08-31 09:31:55 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							1385a289f4 
							
						 
					 
					
						
						
							
							Fix possible mutex lock/unlock mismatch  
						
						... 
						
						
						
						fixes  #257  
					
						2015-08-27 11:30:58 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							d1004f02e6 
							
						 
					 
					
						
						
							
							Fix printed output of some selftests  
						
						
						
						
					 
					
						2015-08-07 10:57:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							6fb8187279 
							
						 
					 
					
						
						
							
							Update date in copyright line  
						
						
						
						
					 
					
						2015-07-28 17:11:58 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							c0696c216b 
							
						 
					 
					
						
						
							
							Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen  
						
						
						
						
					 
					
						2015-06-18 16:49:37 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							bdd7828ca0 
							
						 
					 
					
						
						
							
							Always check return status of mutex_(un)lock()  
						
						
						
						
					 
					
						2015-04-24 14:43:24 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							53c76c07de 
							
						 
					 
					
						
						
							
							Merge branch 'mbedtls-1.3' into development  
						
						... 
						
						
						
						* commit 'ce60fbe':
  Fix potential timing difference with RSA PMS
  Update Changelog for recent merge
  Added more constant-time code and removed biases in the prime number generation routines.
Conflicts:
	library/bignum.c
	library/ssl_srv.c 
						
						
					 
					
						2015-04-17 20:19:32 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							aac657a1d3 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'pj/development' into mbedtls-1.3  
						
						... 
						
						
						
						* pj/development:
  Added more constant-time code and removed biases in the prime number generation routines. 
						
						
					 
					
						2015-04-15 14:12:59 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							2cf5a7c98e 
							
						 
					 
					
						
						
							
							The Great Renaming  
						
						... 
						
						
						
						A simple execution of tmp/invoke-rename.pl 
						
						
					 
					
						2015-04-08 13:25:31 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							998930ae0d 
							
						 
					 
					
						
						
							
							Replace non-ascii characters in source files  
						
						
						
						
					 
					
						2015-04-03 13:48:06 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							26c9f90cae 
							
						 
					 
					
						
						
							
							Merge branch 'mbedtls-1.3' into development  
						
						... 
						
						
						
						* mbedtls-1.3:
  Add missing depends in x509 programs
  Simplify ifdef checks in programs/x509
  Fix thread safety issue in RSA operations
  Add test certificate for bitstring in DN
  Add support for X.520 uniqueIdentifier
  Accept bitstrings in X.509 names 
						
						
					 
					
						2015-03-31 17:56:15 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							88fca3ef0e 
							
						 
					 
					
						
						
							
							Fix thread safety issue in RSA operations  
						
						... 
						
						
						
						The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).
The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.
A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later. 
						
						
					 
					
						2015-03-27 15:12:05 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							abb674467b 
							
						 
					 
					
						
						
							
							Rename md_init_ctx() to md_setup()  
						
						
						
						
					 
					
						2015-03-25 21:55:56 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							4063ceb281 
							
						 
					 
					
						
						
							
							Make hmac_ctx optional  
						
						... 
						
						
						
						Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added. 
						
						
					 
					
						2015-03-25 21:55:56 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							ca878dbaa5 
							
						 
					 
					
						
						
							
							Make md_info_t an opaque structure  
						
						... 
						
						
						
						- more freedom for us to change it in the future
- enforces hygiene
- performance impact of making accessors no longer inline should really be
  negligible 
						
						
					 
					
						2015-03-25 21:37:15 +01:00 
						 
				 
			
				
					
						
							
							
								Pascal Junod 
							
						 
					 
					
						
						
						
						
							
						
						
							b99183dfc6 
							
						 
					 
					
						
						
							
							Added more constant-time code and removed biases in the prime number generation routines.  
						
						
						
						
					 
					
						2015-03-11 16:49:45 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7f8099773e 
							
						 
					 
					
						
						
							
							Rename include directory to mbedtls  
						
						
						
						
					 
					
						2015-03-10 11:23:56 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							fe44643b0e 
							
						 
					 
					
						
						
							
							Rename website and repository  
						
						
						
						
					 
					
						2015-03-06 13:17:10 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a273371fc4 
							
						 
					 
					
						
						
							
							Fix "int vs enum" warnings from armcc v5  
						
						... 
						
						
						
						enumerated type mixed with another type 
						
						
					 
					
						2015-02-10 17:34:48 +01:00 
						 
				 
			
				
					
						
							
							
								Rich Evans 
							
						 
					 
					
						
						
						
						
							
						
						
							00ab47026b 
							
						 
					 
					
						
						
							
							cleanup library and some basic tests. Includes, add guards to includes  
						
						
						
						
					 
					
						2015-02-10 11:28:46 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							860b51642d 
							
						 
					 
					
						
						
							
							Fix url again  
						
						
						
						
					 
					
						2015-01-28 17:12:07 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							085ab040aa 
							
						 
					 
					
						
						
							
							Fix website url to use https.  
						
						
						
						
					 
					
						2015-01-23 11:06:27 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							9698f5852c 
							
						 
					 
					
						
						
							
							Remove maintainer line.  
						
						
						
						
					 
					
						2015-01-23 10:59:00 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							19f6b5dfaa 
							
						 
					 
					
						
						
							
							Remove redundant "all rights reserved"  
						
						
						
						
					 
					
						2015-01-23 10:54:00 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a658a4051b 
							
						 
					 
					
						
						
							
							Update copyright  
						
						
						
						
					 
					
						2015-01-23 09:55:24 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							967a2a5f8c 
							
						 
					 
					
						
						
							
							Change name to mbed TLS in the copyright notice  
						
						
						
						
					 
					
						2015-01-22 14:28:16 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							2f8d1f9fc3 
							
						 
					 
					
						
						
							
							Add rsa_check_pub_priv()  
						
						
						
						
					 
					
						2014-11-06 18:25:51 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							e10e06d863 
							
						 
					 
					
						
						
							
							Blind RSA operations even without CRT  
						
						
						
						
					 
					
						2014-11-06 18:25:44 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							21e081b068 
							
						 
					 
					
						
						
							
							Prevent (incorrect) compiler warning  
						
						
						
						
					 
					
						2014-07-24 10:38:01 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							84bbeb58df 
							
						 
					 
					
						
						
							
							Adapt cipher and MD layer with _init() and _free()  
						
						
						
						
					 
					
						2014-07-09 10:19:24 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							66d5d076f7 
							
						 
					 
					
						
						
							
							Fix formatting in various code to match spacing from coding style  
						
						
						
						
					 
					
						2014-06-17 17:06:47 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							d8bb82665e 
							
						 
					 
					
						
						
							
							Fix code styling for return statements  
						
						
						
						
					 
					
						2014-06-17 14:06:49 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							88aa6e0b58 
							
						 
					 
					
						
						
							
							Fix potential memory leak in RSASSA-PSS verify  
						
						
						
						
					 
					
						2014-06-06 16:32:22 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							0eaa8beb36 
							
						 
					 
					
						
						
							
							Fix signedness warning  
						
						
						
						
					 
					
						2014-06-06 16:32:22 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							5ec628a2b9 
							
						 
					 
					
						
						
							
							Add rsa_rsassa_pss_verify_ext()  
						
						
						
						
					 
					
						2014-06-05 14:02:05 +02:00