Paul Bakker 
							
						 
					 
					
						
						
							
						
						61885c7f7f 
					 
					
						
						
							
							Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites  
						
						... 
						
						
						
						In case full SSL frames arrived, they were rejected because an overly
strict padding check. 
						
						
					 
					
						2014-04-25 12:59:51 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						93389cc620 
					 
					
						
						
							
							Remove const indicator  
						
						
						
						
					 
					
						2014-04-17 14:44:38 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						0408fd1fbb 
					 
					
						
						
							
							Add extendedKeyUsage checking in SSL modules  
						
						
						
						
					 
					
						2014-04-11 11:09:09 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						d6ad8e949b 
					 
					
						
						
							
							Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C  
						
						
						
						
					 
					
						2014-04-09 17:24:14 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						a77de8c841 
					 
					
						
						
							
							Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off  
						
						
						
						
					 
					
						2014-04-09 16:39:35 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						a9db85df73 
					 
					
						
						
							
							Add tests for keyUsage with client auth  
						
						
						
						
					 
					
						2014-04-09 15:50:58 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						7f2a07d7b2 
					 
					
						
						
							
							Check keyUsage in SSL client and server  
						
						
						
						
					 
					
						2014-04-09 15:50:57 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						0763a401a7 
					 
					
						
						
							
							Merged support for the ALPN extension  
						
						
						
						
					 
					
						2014-04-08 14:37:12 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						4224bc0a4f 
					 
					
						
						
							
							Prevent potential NULL pointer dereference in ssl_read_record()  
						
						
						
						
					 
					
						2014-04-08 14:36:50 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						0b874dc580 
					 
					
						
						
							
							Implement ALPN client-side  
						
						
						
						
					 
					
						2014-04-07 10:57:45 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						7e250d4812 
					 
					
						
						
							
							Add ALPN interface  
						
						
						
						
					 
					
						2014-04-04 17:10:40 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						77f4f39ea6 
					 
					
						
						
							
							Make sure no random pointer occur during failed malloc()'s  
						
						
						
						
					 
					
						2014-03-26 15:30:20 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						91c61bc4fd 
					 
					
						
						
							
							Further tightened the padlen check to prevent underflow / overflow  
						
						
						
						
					 
					
						2014-03-26 15:14:20 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						b2bf5a1bbb 
					 
					
						
						
							
							Fix possible buffer overflow with PSK  
						
						
						
						
					 
					
						2014-03-26 12:58:50 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						3d6504a935 
					 
					
						
						
							
							ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr  
						
						
						
						
					 
					
						2014-03-17 13:41:51 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						83cdffc437 
					 
					
						
						
							
							Forbid sequence number wrapping  
						
						
						
						
					 
					
						2014-03-13 19:25:06 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						796c6f3aff 
					 
					
						
						
							
							Countermeasure against "triple handshake" attack  
						
						
						
						
					 
					
						2014-03-13 19:25:06 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						7dc4c44267 
					 
					
						
						
							
							Library files moved to use platform layer  
						
						
						
						
					 
					
						2014-02-06 13:20:16 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ab24010b54 
					 
					
						
						
							
							Enforce our choice of allowed curves.  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						7f38ed0bfa 
					 
					
						
						
							
							ssl_set_curves is no longer ECDHE only  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ac7194133e 
					 
					
						
						
							
							Renamings and other fixes  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Gergely Budai 
							
						 
					 
					
						
						
							
						
						e40c469ad3 
					 
					
						
						
							
							The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[].  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						de05390c85 
					 
					
						
						
							
							Rename ecdh_curve_list to curve_list  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						5de2580563 
					 
					
						
						
							
							Make ssl_set_ecdh_curves() a compile-time option  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Gergely Budai 
							
						 
					 
					
						
						
							
						
						987bfb510b 
					 
					
						
						
							
							Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves.  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						7c59363a85 
					 
					
						
						
							
							Remove a few dead stores  
						
						
						
						
					 
					
						2014-01-22 13:02:39 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						7cfdcb8c7f 
					 
					
						
						
							
							Add a length check in ssl_derive_keys()  
						
						
						
						
					 
					
						2014-01-22 12:56:22 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						6992eb762c 
					 
					
						
						
							
							Fixed potential overflow in certificate size in ssl_write_certificate()  
						
						
						
						
					 
					
						2013-12-31 11:38:33 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						956c9e063d 
					 
					
						
						
							
							Reduced the input / output overhead with 200+ bytes and covered corner  
						
						... 
						
						
						
						case
The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.
Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.
We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len) 
						
						
					 
					
						2013-12-30 15:00:51 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1e5369c7fa 
					 
					
						
						
							
							Variables in proper block or within proper defines in ssl_decrypt_buf()  
						
						
						
						
					 
					
						2013-12-19 16:40:57 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						fdf946928d 
					 
					
						
						
							
							Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites  
						
						
						
						
					 
					
						2013-12-17 13:10:27 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						77e257e958 
					 
					
						
						
							
							Fixed bad check for maximum size of fragment length index  
						
						
						
						
					 
					
						2013-12-17 13:09:12 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						6f0636a09f 
					 
					
						
						
							
							Potential memory leak in ssl_ticket_keys_init()  
						
						
						
						
					 
					
						2013-12-17 13:09:12 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						d18cc57962 
					 
					
						
						
							
							Add client-side support for ECDH key exchanges  
						
						
						
						
					 
					
						2013-12-17 11:32:31 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						c72ac7c3ef 
					 
					
						
						
							
							Fix SSLv3 handling of SHA-384 suites  
						
						... 
						
						
						
						Fixes memory corruption, introduced in
a5bdfcd 
						
						
					 
					
						2013-12-17 10:18:25 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						dc953e8c41 
					 
					
						
						
							
							Add missing defines/cases for RSA_PSK key exchange  
						
						
						
						
					 
					
						2013-11-26 15:19:57 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						08b028ff0f 
					 
					
						
						
							
							Prevent unlikely NULL dereference  
						
						
						
						
					 
					
						2013-11-19 10:42:37 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						0333b978fa 
					 
					
						
						
							
							Handshake key_cert should be set on first addition to the key_cert chain  
						
						
						
						
					 
					
						2013-11-04 17:08:28 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						993e386a73 
					 
					
						
						
							
							Merged renegotiation refactoring  
						
						
						
						
					 
					
						2013-10-31 14:32:38 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						37ce0ff185 
					 
					
						
						
							
							Added defines around renegotiation code for SSL_SRV and SSL_CLI  
						
						
						
						
					 
					
						2013-10-31 14:32:04 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						31ff1d2e4f 
					 
					
						
						
							
							Safer buffer comparisons in the SSL modules  
						
						
						
						
					 
					
						2013-10-31 14:23:12 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6d8404d6ba 
					 
					
						
						
							
							Server: enforce renegotiation  
						
						
						
						
					 
					
						2013-10-30 16:48:10 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						9c1e1898b6 
					 
					
						
						
							
							Move some code around, improve documentation  
						
						
						
						
					 
					
						2013-10-30 16:48:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						214eed38c7 
					 
					
						
						
							
							Make ssl_renegotiate the only interface  
						
						... 
						
						
						
						ssl_write_hello_request() is no private 
						
						
					 
					
						2013-10-30 16:48:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						caed0541a0 
					 
					
						
						
							
							Allow ssl_renegotiate() to be called in a loop  
						
						... 
						
						
						
						Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client. 
						
						
					 
					
						2013-10-30 16:48:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						e5e1bb972c 
					 
					
						
						
							
							Fix misplaced initialisation  
						
						
						
						
					 
					
						2013-10-30 16:46:46 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						f3dc2f6a1d 
					 
					
						
						
							
							Add code for testing server-initiated renegotiation  
						
						
						
						
					 
					
						2013-10-30 16:46:46 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						6edcd41c0a 
					 
					
						
						
							
							Addition conditions for UEFI environment under MSVC  
						
						
						
						
					 
					
						2013-10-29 15:44:13 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						fa6a620b75 
					 
					
						
						
							
							Defines for UEFI environment under MSVC added  
						
						
						
						
					 
					
						2013-10-29 14:05:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						a8a25ae1b9 
					 
					
						
						
							
							Fix bad error codes  
						
						
						
						
					 
					
						2013-10-27 13:48:15 +01:00