mbedtls/library
Gilles Peskine e8a2fc8461 Enforce dhm_min_bitlen exactly, not just the byte size
In a TLS client, enforce the Diffie-Hellman minimum parameter size
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
minimum size was rounded down to the nearest multiple of 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-01 14:20:03 +02:00
..
.gitignore Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
aes.c Merge pull request #3823 from gabor-mezei-arm/3818_MBEDTLS_AES_SETKEY_DEC_ALT_excludes_MBEDTLS_CIPHER_MODE_XTS 2020-11-09 20:44:08 +01:00
aesni.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
arc4.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
aria.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
asn1parse.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
asn1write.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
base64.c Code style fixups 2021-03-04 14:34:50 +00:00
bignum.c mbedtls_mpi_sub_abs: fix buffer overflow in error case 2021-02-01 17:28:03 +01:00
blowfish.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
camellia.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ccm.c Fix additional data length field check for CCM 2020-10-08 12:09:44 +02:00
certs.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
chacha20.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
chachapoly.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
check_crypto_config.h psa: config: Add CAMELLIA to the list of possible CMAC ciphers 2021-03-25 14:25:46 +01:00
cipher.c Fix unused param warnings in auth_xxcrypt_ext() 2020-12-07 10:42:21 +01:00
cipher_wrap.c Do not set IV size for ECB mode ciphers 2020-11-06 09:40:21 +01:00
cmac.c Update comment to only apply to AES-192 2021-01-29 11:09:50 +01:00
CMakeLists.txt Rename MPS files library/mps/xxx.[ch] to library/mps_xxx.[ch] 2021-03-29 14:19:32 +01:00
common.h Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ctr_drbg.c Document mutex invariant for CTR_DRBG 2021-02-22 19:24:03 +01:00
debug.c Declare mbedtls_debug_print_msg as printf-like 2021-03-10 17:00:32 +00:00
des.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
dhm.c Merge development into development-restricted 2020-08-20 11:07:12 +01:00
ecdh.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ecdsa.c Fix unused argument when compiling with MBEDTLS_ECDSA_SIGN_ALT 2021-02-10 17:07:20 +01:00
ecjpake.c Skip tests requiring known entropy for ECJPAKE ALT implementations 2021-01-22 14:23:08 +01:00
ecp.c Remove unreferenced static functions when ECP_NO_FALLBACK is used 2021-03-02 10:14:24 +01:00
ecp_curves.c Fix uncaught error if fix_negative fails 2020-12-06 22:32:02 +01:00
entropy.c Merge pull request #3616 from militant-daos/bug_3175 2021-03-30 17:33:08 +02:00
entropy_poll.c Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls 2021-02-22 14:47:29 +00:00
error.c Simplify conditional guards in error.c 2020-11-16 15:02:16 +01:00
gcm.c Allow GCM selftest to skip non-12-byte IVs for ALT implementations 2021-02-10 15:34:52 +01:00
havege.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
hkdf.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
hmac_drbg.c Document mutex invariant for HMAC_DRBG 2021-02-22 19:24:03 +01:00
Makefile Adjust spacing for MPS reader entries in library/Makefile 2021-03-29 14:20:18 +01:00
md.c Fix wrong \file name in Doxygen comments 2021-02-23 20:29:38 +01:00
md2.c Merge branch 'development' into development-restricted 2020-12-03 09:59:42 +01:00
md4.c Merge branch 'development' into development-restricted 2020-12-03 09:59:42 +01:00
md5.c Merge branch 'development' into development-restricted 2020-12-03 09:59:42 +01:00
memory_buffer_alloc.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
mps_common.h Fix Doxygen headers for MPS files 2021-03-29 14:20:18 +01:00
mps_error.h Fix Doxygen headers for MPS files 2021-03-29 14:20:18 +01:00
mps_reader.c Apply suggestions from code review 2021-03-29 14:20:18 +01:00
mps_reader.h Fix Doxygen headers for MPS files 2021-03-29 14:20:18 +01:00
mps_trace.c Put MPS under the umbrella of the TLS 1.3 experimental configuration 2021-03-29 14:20:18 +01:00
mps_trace.h Fix Doxygen headers for MPS files 2021-03-29 14:20:18 +01:00
net_sockets.c Fix sloppy wording around stricly less-than vs less or equal 2021-03-01 11:39:21 +01:00
nist_kw.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
oid.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
padlock.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
pem.c Remove Extraneous bytes from buffer post pem write 2020-12-07 17:29:42 +00:00
pk.c psa: Move from key handle to key identifier 2020-11-10 16:00:41 +01:00
pk_wrap.c psa: Move from key handle to key identifier 2020-11-10 16:00:41 +01:00
pkcs5.c Merge pull request #731 from gabor-mezei-arm/692_missing_zeroizations_of_sensitive_data 2020-09-18 16:20:13 +02:00
pkcs11.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
pkcs12.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
pkparse.c fix return code 2020-09-22 11:57:16 +02:00
pkwrite.c adding parentheses to macro definitions, to avoid confusion and possible mistakes in usage. 2021-02-01 14:26:08 +01:00
platform.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
platform_util.c Fixes two _POSIX_C_SOURCE typos. 2020-11-13 09:20:18 +00:00
poly1305.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto.c psa: cipher: Remove cipher_generate_iv driver entry point 2021-03-26 15:58:25 +01:00
psa_crypto_cipher.c psa: cipher: Remove cipher_generate_iv driver entry point 2021-03-26 15:58:25 +01:00
psa_crypto_cipher.h psa: cipher: Remove cipher_generate_iv driver entry point 2021-03-26 15:58:25 +01:00
psa_crypto_client.c psa: Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined 2021-02-09 15:36:08 +01:00
psa_crypto_core.h Move mbedtls_cipher_info_from_psa to psa_crypto_cipher.c 2021-03-26 15:48:13 +01:00
psa_crypto_driver_wrappers.c psa: cipher: Remove cipher_generate_iv driver entry point 2021-03-26 15:58:25 +01:00
psa_crypto_driver_wrappers.h psa: cipher: Remove cipher_generate_iv driver entry point 2021-03-26 15:58:25 +01:00
psa_crypto_ecp.c Move mbedtls_md_info_from_psa into the mbedtls hash driver 2021-03-15 12:14:40 +01:00
psa_crypto_ecp.h psa: Rework ECDSA sign/verify support in the transparent test driver 2021-02-18 15:45:12 +01:00
psa_crypto_hash.c Simplify compilation guards around hash driver testing 2021-03-16 11:07:55 +01:00
psa_crypto_hash.h Move mbedtls_md_info_from_psa into the mbedtls hash driver 2021-03-15 12:14:40 +01:00
psa_crypto_invasive.h Rework MAC algorithm / key type validation 2021-03-03 19:58:02 +01:00
psa_crypto_its.h Update documentation 2020-11-25 13:10:50 +01:00
psa_crypto_random_impl.h Work around MSVC bug with duplicate static declarations 2021-02-16 18:55:05 +01:00
psa_crypto_rsa.c Move mbedtls_md_info_from_psa into the mbedtls hash driver 2021-03-15 12:14:40 +01:00
psa_crypto_rsa.h psa: Add RSA sign/verify hash support to the transparent test driver 2021-02-18 15:45:06 +01:00
psa_crypto_se.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_se.h Update documentation 2020-11-25 13:10:50 +01:00
psa_crypto_service_integration.h Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_slot_management.c Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT 2021-02-15 14:26:44 +01:00
psa_crypto_slot_management.h Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT 2021-02-15 14:26:44 +01:00
psa_crypto_storage.c Merge pull request #3872 from gabor-mezei-arm/3275_use_PSA_ERROR_DATA_INVALID_where_warranted 2021-02-03 20:54:46 +01:00
psa_crypto_storage.h Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT 2021-02-15 14:26:44 +01:00
psa_its_file.c Correct fix for potential truncation 2021-03-10 17:00:32 +00:00
ripemd160.c Merge branch 'development' into development-restricted 2020-12-03 09:59:42 +01:00
rsa.c Fix mutex leak in RSA 2021-02-22 19:24:03 +01:00
rsa_internal.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
sha1.c Merge pull request #731 from gabor-mezei-arm/692_missing_zeroizations_of_sensitive_data 2020-09-18 16:20:13 +02:00
sha256.c Merge pull request #731 from gabor-mezei-arm/692_missing_zeroizations_of_sensitive_data 2020-09-18 16:20:13 +02:00
sha512.c Merge branch 'development' into development-restricted 2020-12-03 09:59:42 +01:00
ssl_cache.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ssl_ciphersuites.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ssl_cli.c Enforce dhm_min_bitlen exactly, not just the byte size 2021-04-01 14:20:03 +02:00
ssl_cookie.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ssl_invasive.h Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted 2020-08-25 14:35:55 +01:00
ssl_msg.c Fix size_t and longlong specifiers for MinGW 2021-03-10 17:00:32 +00:00
ssl_srv.c Merge pull request #4098 from gstrauss/remove-redundant-condition 2021-03-27 22:47:13 +01:00
ssl_ticket.c Stop using deprecated functions in the library 2020-12-03 12:25:10 +01:00
ssl_tls.c Fix missed size_t printf 2021-03-10 18:17:12 +00:00
ssl_tls13_keys.c Comment on hardcoding of maximum HKDF key expansion of 255 Bytes 2020-09-16 09:50:17 +01:00
ssl_tls13_keys.h Comment on hardcoding of maximum HKDF key expansion of 255 Bytes 2020-09-16 09:50:17 +01:00
threading.c Explain the usage of is_valid in pthread mutexes 2021-02-22 19:24:03 +01:00
timing.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
version.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
version_features.c Add MBEDTLS_PSA_CRYPTO_CLIENT configuration option 2021-02-01 13:16:01 +01:00
x509.c x509.c: Remove one unnecessary cast 2020-09-01 11:04:53 +02:00
x509_create.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
x509_crl.c Merge development into development-restricted 2020-08-20 11:07:12 +01:00
x509_crt.c Fix memsan build with clang 11 2021-03-05 14:24:03 +00:00
x509_csr.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
x509write_crt.c Mark basic constraints critical as appropriate. 2020-09-21 18:25:35 -07:00
x509write_csr.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
xtea.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00