Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							b5212b436f 
							
						 
					 
					
						
						
							
							Merge CCM cipher mode and ciphersuites  
						
						... 
						
						
						
						Conflicts:
	library/ssl_tls.c 
						
						
					 
					
						2014-05-22 15:30:31 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							8ff17c544c 
							
						 
					 
					
						
						
							
							Add missing DEBUG_RET on cipher failures  
						
						
						
						
					 
					
						2014-05-22 13:52:48 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							61edffef28 
							
						 
					 
					
						
						
							
							Normalize "should never happen" messages/errors  
						
						
						
						
					 
					
						2014-05-22 13:52:47 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							2e5ee32033 
							
						 
					 
					
						
						
							
							Implement CCM and CCM_8 ciphersuites  
						
						
						
						
					 
					
						2014-05-20 16:29:34 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							5efd772ef0 
							
						 
					 
					
						
						
							
							Small readability improvement  
						
						
						
						
					 
					
						2014-05-14 14:10:37 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							de7bb44004 
							
						 
					 
					
						
						
							
							Use cipher_auth_{en,de}crypt() in ssl_tls.c  
						
						
						
						
					 
					
						2014-05-14 14:10:36 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							8764d271fa 
							
						 
					 
					
						
						
							
							Use cipher_crypt() in ssl_tls.c  
						
						
						
						
					 
					
						2014-05-14 14:10:36 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							b9e4e2c97a 
							
						 
					 
					
						
						
							
							Fix formatting: fix some 'easy' > 80 length lines  
						
						
						
						
					 
					
						2014-05-01 14:18:25 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							9af723cee7 
							
						 
					 
					
						
						
							
							Fix formatting: remove trailing spaces, #endif with comments (> 10 lines)  
						
						
						
						
					 
					
						2014-05-01 13:03:14 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							2a024ac86a 
							
						 
					 
					
						
						
							
							Merge dependency fixes  
						
						
						
						
					 
					
						2014-04-30 16:50:59 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							cef4ad2509 
							
						 
					 
					
						
						
							
							Adapt sources to configurable config.h name  
						
						
						
						
					 
					
						2014-04-30 16:40:20 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							1a1fbba1ae 
							
						 
					 
					
						
						
							
							Sanity length checks in ssl_read_record() and ssl_fetch_input()  
						
						... 
						
						
						
						Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted. 
						
						
					 
					
						2014-04-30 14:48:51 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							3a306b9067 
							
						 
					 
					
						
						
							
							Fix misplaced #endif in ssl_tls.c  
						
						
						
						
					 
					
						2014-04-29 15:11:17 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							61885c7f7f 
							
						 
					 
					
						
						
							
							Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites  
						
						... 
						
						
						
						In case full SSL frames arrived, they were rejected because an overly
strict padding check. 
						
						
					 
					
						2014-04-25 12:59:51 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							93389cc620 
							
						 
					 
					
						
						
							
							Remove const indicator  
						
						
						
						
					 
					
						2014-04-17 14:44:38 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							0408fd1fbb 
							
						 
					 
					
						
						
							
							Add extendedKeyUsage checking in SSL modules  
						
						
						
						
					 
					
						2014-04-11 11:09:09 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							d6ad8e949b 
							
						 
					 
					
						
						
							
							Make ssl_check_cert_usage() dependent on POLARSSL_X509_CRT_PARSE_C  
						
						
						
						
					 
					
						2014-04-09 17:24:14 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							a77de8c841 
							
						 
					 
					
						
						
							
							Prevent warnings in ssl_check_cert_usage() if keyUsage checks are off  
						
						
						
						
					 
					
						2014-04-09 16:39:35 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a9db85df73 
							
						 
					 
					
						
						
							
							Add tests for keyUsage with client auth  
						
						
						
						
					 
					
						2014-04-09 15:50:58 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7f2a07d7b2 
							
						 
					 
					
						
						
							
							Check keyUsage in SSL client and server  
						
						
						
						
					 
					
						2014-04-09 15:50:57 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							0763a401a7 
							
						 
					 
					
						
						
							
							Merged support for the ALPN extension  
						
						
						
						
					 
					
						2014-04-08 14:37:12 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							4224bc0a4f 
							
						 
					 
					
						
						
							
							Prevent potential NULL pointer dereference in ssl_read_record()  
						
						
						
						
					 
					
						2014-04-08 14:36:50 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							0b874dc580 
							
						 
					 
					
						
						
							
							Implement ALPN client-side  
						
						
						
						
					 
					
						2014-04-07 10:57:45 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7e250d4812 
							
						 
					 
					
						
						
							
							Add ALPN interface  
						
						
						
						
					 
					
						2014-04-04 17:10:40 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							77f4f39ea6 
							
						 
					 
					
						
						
							
							Make sure no random pointer occur during failed malloc()'s  
						
						
						
						
					 
					
						2014-03-26 15:30:20 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							91c61bc4fd 
							
						 
					 
					
						
						
							
							Further tightened the padlen check to prevent underflow / overflow  
						
						
						
						
					 
					
						2014-03-26 15:14:20 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							b2bf5a1bbb 
							
						 
					 
					
						
						
							
							Fix possible buffer overflow with PSK  
						
						
						
						
					 
					
						2014-03-26 12:58:50 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							3d6504a935 
							
						 
					 
					
						
						
							
							ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr  
						
						
						
						
					 
					
						2014-03-17 13:41:51 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							83cdffc437 
							
						 
					 
					
						
						
							
							Forbid sequence number wrapping  
						
						
						
						
					 
					
						2014-03-13 19:25:06 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							796c6f3aff 
							
						 
					 
					
						
						
							
							Countermeasure against "triple handshake" attack  
						
						
						
						
					 
					
						2014-03-13 19:25:06 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							7dc4c44267 
							
						 
					 
					
						
						
							
							Library files moved to use platform layer  
						
						
						
						
					 
					
						2014-02-06 13:20:16 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							ab24010b54 
							
						 
					 
					
						
						
							
							Enforce our choice of allowed curves.  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7f38ed0bfa 
							
						 
					 
					
						
						
							
							ssl_set_curves is no longer ECDHE only  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							ac7194133e 
							
						 
					 
					
						
						
							
							Renamings and other fixes  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Gergely Budai 
							
						 
					 
					
						
						
						
						
							
						
						
							e40c469ad3 
							
						 
					 
					
						
						
							
							The default ECDH curve list will be dynamically built in the ecp module based on ecp_supported_curves[].  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							de05390c85 
							
						 
					 
					
						
						
							
							Rename ecdh_curve_list to curve_list  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							5de2580563 
							
						 
					 
					
						
						
							
							Make ssl_set_ecdh_curves() a compile-time option  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Gergely Budai 
							
						 
					 
					
						
						
						
						
							
						
						
							987bfb510b 
							
						 
					 
					
						
						
							
							Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves.  
						
						
						
						
					 
					
						2014-02-06 10:28:38 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7c59363a85 
							
						 
					 
					
						
						
							
							Remove a few dead stores  
						
						
						
						
					 
					
						2014-01-22 13:02:39 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							7cfdcb8c7f 
							
						 
					 
					
						
						
							
							Add a length check in ssl_derive_keys()  
						
						
						
						
					 
					
						2014-01-22 12:56:22 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							6992eb762c 
							
						 
					 
					
						
						
							
							Fixed potential overflow in certificate size in ssl_write_certificate()  
						
						
						
						
					 
					
						2013-12-31 11:38:33 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							956c9e063d 
							
						 
					 
					
						
						
							
							Reduced the input / output overhead with 200+ bytes and covered corner  
						
						... 
						
						
						
						case
The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.
Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.
We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len) 
						
						
					 
					
						2013-12-30 15:00:51 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							1e5369c7fa 
							
						 
					 
					
						
						
							
							Variables in proper block or within proper defines in ssl_decrypt_buf()  
						
						
						
						
					 
					
						2013-12-19 16:40:57 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							fdf946928d 
							
						 
					 
					
						
						
							
							Merged support for ECDH-RSA / ECDH-ECDSA key exchanges and ciphersuites  
						
						
						
						
					 
					
						2013-12-17 13:10:27 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							77e257e958 
							
						 
					 
					
						
						
							
							Fixed bad check for maximum size of fragment length index  
						
						
						
						
					 
					
						2013-12-17 13:09:12 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							6f0636a09f 
							
						 
					 
					
						
						
							
							Potential memory leak in ssl_ticket_keys_init()  
						
						
						
						
					 
					
						2013-12-17 13:09:12 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							d18cc57962 
							
						 
					 
					
						
						
							
							Add client-side support for ECDH key exchanges  
						
						
						
						
					 
					
						2013-12-17 11:32:31 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							c72ac7c3ef 
							
						 
					 
					
						
						
							
							Fix SSLv3 handling of SHA-384 suites  
						
						... 
						
						
						
						Fixes memory corruption, introduced in
a5bdfcd (Relax some SHA2 ciphersuite's version requirements) 
						
						
					 
					
						2013-12-17 10:18:25 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							dc953e8c41 
							
						 
					 
					
						
						
							
							Add missing defines/cases for RSA_PSK key exchange  
						
						
						
						
					 
					
						2013-11-26 15:19:57 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
						
						
							
						
						
							08b028ff0f 
							
						 
					 
					
						
						
							
							Prevent unlikely NULL dereference  
						
						
						
						
					 
					
						2013-11-19 10:42:37 +01:00