Manuel Pégourié-Gonnard
0cdde2d107
Fix minlen for GCM suites
2014-07-09 18:03:10 +02:00
Paul Bakker
1d073c59ad
Add static and casts to prevent compiler warnings
2014-07-08 20:17:07 +02:00
Paul Bakker
f73b718f17
Latest CBC padding check
2014-07-08 18:30:44 +02:00
Paul Bakker
5bad6afd8c
Fix length checking for AEAD ciphersuites
2014-07-08 18:28:54 +02:00
Paul Bakker
312da33ef1
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-07-08 18:28:52 +02:00
Paul Bakker
ccebf6ef8a
Sanity length checks in ssl_read_record() and ssl_fetch_input()
...
Both are already covered in other places, but not in a clear fashion. So
for instance Coverity thinks the value is still tainted.
2014-07-08 18:28:38 +02:00
Paul Bakker
dedce0c35c
Prevent potential NULL pointer dereference in ssl_read_record()
2014-07-08 14:36:12 +02:00
Paul Bakker
24aaf44120
Make sure no random pointer occur during failed malloc()'s
2014-07-08 11:39:19 +02:00
Paul Bakker
b000f82d76
ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr
2014-07-08 11:15:18 +02:00
Manuel Pégourié-Gonnard
be04673c49
Forbid sequence number wrapping
2014-07-08 11:04:19 +02:00
Manuel Pégourié-Gonnard
963918b88f
Countermeasure against "triple handshake" attack
2014-07-07 17:46:35 +02:00
Paul Bakker
7837026b91
Remove a few dead stores
2014-07-07 16:01:34 +02:00
Paul Bakker
4091141368
Add a length check in ssl_derive_keys()
2014-07-07 16:01:28 +02:00
Paul Bakker
d83584e9aa
Fixed potential overflow in certificate size in ssl_write_certificate()
2014-07-07 16:01:11 +02:00
Manuel Pégourié-Gonnard
5c8434cf52
Safer buffer comparisons in the SSL modules
2014-07-07 14:10:07 +02:00
Paul Bakker
915ee19887
Do not allow SHA256/SHA384 ciphersuites in < TLS 1.2
2013-09-23 17:30:26 +02:00
Paul Bakker
43f9799ce6
RSA blinding on CRT operations to counter timing attacks
2013-09-23 11:23:31 +02:00
Paul Bakker
a565aceea1
Fixed potential memory leak when failing to resume a session
2013-09-11 13:31:53 +02:00
Paul Bakker
a13d744d2e
Fixed potential heap buffer overflow on large hostname setting
...
(cherry picked from commit 75c1a6f97c
)
Conflicts:
library/ssl_tls.c
2013-09-11 11:41:41 +02:00
Paul Bakker
4087c47043
Added mechanism to provide alternative cipher / hash implementations
...
All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
2013-06-12 16:57:46 +02:00
Paul Bakker
1922a4e6aa
ssl_parse_certificate() now calls x509parse_crt_der() directly
2013-06-06 15:11:16 +02:00
Paul Bakker
eae09db9e5
Fixed const correctness issues that have no impact on the ABI
2013-06-06 12:35:54 +02:00
Paul Bakker
a62729888b
Ability to specify allowed ciphersuites based on the protocol version.
...
The ciphersuites parameter in the ssl_session structure changed from
'int *' to 'int **' and is now malloced in ssl_init() and freed in
ssl_free().
The new function ssl_set_ciphersuite_for_version() sets specific entries
inside this array. ssl_set_ciphersuite() sets all entries to the same
value.
2013-04-12 13:13:43 +02:00
Paul Bakker
926c8e49fe
Fixed possible NULL pointer exception in ssl_get_ciphersuite()
2013-03-06 18:01:03 +01:00
Paul Bakker
e47b34bdc8
Removed further timing differences during SSL message decryption in ssl_decrypt_buf()
...
New padding checking is unbiased on correct or incorrect padding and
has no branch prediction timing differences.
The additional MAC checks further straighten out the timing differences.
2013-02-27 14:48:00 +01:00
Paul Bakker
86f04f400b
Fixed comment
2013-02-14 11:20:09 +01:00
Paul Bakker
c0463502ff
Fixed memory leak in ssl_free() and ssl_reset() for active session
2013-02-14 11:19:38 +01:00
Paul Bakker
40865c8e5d
Added sending of alert messages in case of decryption failures as per RFC
...
The flag POLARSSL_SSL_ALERT_MESSAGES switched between enabling and
disabling the sending of alert messages that give adversaries intel
about the result of their action. PolarSSL can still communicate with
other parties if they are disabled, but debugging of issues might be
harder.
2013-02-02 19:04:13 +01:00
Paul Bakker
d66f070d49
Disable debug messages that can introduce a timing side channel.
...
Introduced the POLARSSL_SSL_DEBUG_ALL flag to enable all these debug
messages in case somebody does want to see the reason checks fail.
2013-02-02 19:04:13 +01:00
Paul Bakker
4582999be6
Fixed timing difference resulting from badly formatted padding.
2013-02-02 19:04:13 +01:00
Paul Bakker
1961b709d8
Added ssl_handshake_step() to allow single stepping the handshake
...
process
Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted.
2013-01-25 14:49:24 +01:00
Paul Bakker
769075dfb6
Fixed dependency on POLARSSL_SHA4_C in ssl modules
2012-11-24 11:26:46 +01:00
Paul Bakker
645ce3a2b4
- Moved ciphersuite naming scheme to IANA reserved names
2012-10-31 12:32:41 +00:00
Paul Bakker
b0550d90c9
- Added ssl_get_peer_cert() to SSL API
2012-10-30 07:51:03 +00:00
Paul Bakker
23f3680898
- Added proper support for TLS 1.2 signature_algorithm extension on server
...
side
- Minor const changes to other extension parsing functions
2012-09-28 14:15:14 +00:00
Paul Bakker
1d29fb5e33
- Added option to add minimum accepted SSL/TLS protocol version
2012-09-28 13:28:45 +00:00
Paul Bakker
62f2deef8b
- Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS
2012-09-28 07:31:51 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
5701cdcd02
- Added ServerName extension parsing (SNI) at server side
2012-09-27 21:49:42 +00:00
Paul Bakker
eb2c658163
- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
2012-09-27 19:15:01 +00:00
Paul Bakker
0a59707523
- Added simple SSL session cache implementation
...
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
d0f6fa7bdc
- Sending of handshake_failures during renegotiation added
...
- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION
2012-09-17 09:18:12 +00:00
Paul Bakker
48916f9b67
- Added Secure Renegotiation (RFC 5746)
2012-09-16 19:57:18 +00:00
Paul Bakker
5f70b25c9b
- Correctly handle SHA256 ciphersuites in SSLv3
...
- Moved ssl3_prf to separate function (no exceptions)
2012-09-13 14:23:06 +00:00
Paul Bakker
b68cad6cc7
- Made cipersuites in ssl context const (no intention to modify)
...
- Adjusted ssl_set_ciphersuites() to match
2012-08-23 08:34:18 +00:00
Paul Bakker
2770fbd651
- Added DEFLATE compression support as per RFC3749 (requires zlib)
2012-07-03 13:30:23 +00:00
Paul Bakker
186751d9dd
- Moved out_msg to out_hdr + 32 to support hardware acceleration
2012-05-08 13:16:14 +00:00
Paul Bakker
05ef835b6a
- Added support for Hardware Acceleration hooking in SSL/TLS
2012-05-08 09:17:57 +00:00
Paul Bakker
380da53c48
- Abstracted checksum updating during handshake
2012-04-18 16:10:25 +00:00
Paul Bakker
ca4ab49158
- Added GCM ciphersuites to TLS implementation
2012-04-18 14:23:57 +00:00