TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c047c74b95b25e79f0638b51cadde192d521b910 / library / ssl_tls.c
  1. 13ca895 Added max length checking of hostname by Simon Butcher · 10 years ago
  2. 3517c20 Up default server DH params to 2048 bits by Manuel Pégourié-Gonnard · 10 years ago
  3. 78a428d Fix unchecked malloc() by Manuel Pégourié-Gonnard · 10 years ago
  4. 70f0df9 Add countermeasure against cache-based lucky 13 by Manuel Pégourié-Gonnard · 10 years ago
  5. 530927b Update copyright line to 2015 by Paul Bakker · 10 years ago
  6. e12abf9 Fix url by Manuel Pégourié-Gonnard · 11 years ago
  7. 0edee5e Update copyright notice by Manuel Pégourié-Gonnard · 11 years ago
  8. 9711920 Fix ssl_read wrt non-Application Data by Manuel Pégourié-Gonnard · 11 years ago
  9. 86792a6 Fix ssl_close_notify() with non-blocking I/O by Manuel Pégourié-Gonnard · 11 years ago
  10. 0cdde2d Fix minlen for GCM suites by Manuel Pégourié-Gonnard · 11 years ago
  11. 1d073c5 Add static and casts to prevent compiler warnings by Paul Bakker · 11 years ago
  12. f73b718 Latest CBC padding check by Paul Bakker · 11 years ago
  13. 5bad6af Fix length checking for AEAD ciphersuites by Paul Bakker · 11 years ago
  14. 312da33 Introduce polarssl_zeroize() instead of memset() for zeroization by Paul Bakker · 11 years ago
  15. ccebf6e Sanity length checks in ssl_read_record() and ssl_fetch_input() by Paul Bakker · 11 years ago
  16. dedce0c Prevent potential NULL pointer dereference in ssl_read_record() by Paul Bakker · 11 years ago
  17. 24aaf44 Make sure no random pointer occur during failed malloc()'s by Paul Bakker · 11 years ago
  18. b000f82 ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctr by Paul Bakker · 11 years ago
  19. be04673 Forbid sequence number wrapping by Manuel Pégourié-Gonnard · 11 years ago
  20. 963918b Countermeasure against "triple handshake" attack by Manuel Pégourié-Gonnard · 11 years ago
  21. 7837026 Remove a few dead stores by Paul Bakker · 11 years ago
  22. 4091141 Add a length check in ssl_derive_keys() by Paul Bakker · 11 years ago
  23. d83584e Fixed potential overflow in certificate size in ssl_write_certificate() by Paul Bakker · 12 years ago
  24. 5c8434c Safer buffer comparisons in the SSL modules by Manuel Pégourié-Gonnard · 12 years ago
  25. 915ee19 Do not allow SHA256/SHA384 ciphersuites in < TLS 1.2 by Paul Bakker · 12 years ago
  26. 43f9799 RSA blinding on CRT operations to counter timing attacks by Paul Bakker · 12 years ago
  27. a565ace Fixed potential memory leak when failing to resume a session by Paul Bakker · 12 years ago
  28. a13d744 Fixed potential heap buffer overflow on large hostname setting by Paul Bakker · 12 years ago
  29. 4087c47 Added mechanism to provide alternative cipher / hash implementations by Paul Bakker · 12 years ago
  30. 1922a4e ssl_parse_certificate() now calls x509parse_crt_der() directly by Paul Bakker · 12 years ago
  31. eae09db Fixed const correctness issues that have no impact on the ABI by Paul Bakker · 12 years ago
  32. a627298 Ability to specify allowed ciphersuites based on the protocol version. by Paul Bakker · 12 years ago
  33. 926c8e4 Fixed possible NULL pointer exception in ssl_get_ciphersuite() by Paul Bakker · 12 years ago
  34. e47b34b Removed further timing differences during SSL message decryption in ssl_decrypt_buf() by Paul Bakker · 12 years ago
  35. 86f04f4 Fixed comment by Paul Bakker · 12 years ago
  36. c046350 Fixed memory leak in ssl_free() and ssl_reset() for active session by Paul Bakker · 12 years ago
  37. 40865c8 Added sending of alert messages in case of decryption failures as per RFC by Paul Bakker · 12 years ago
  38. d66f070 Disable debug messages that can introduce a timing side channel. by Paul Bakker · 12 years ago
  39. 4582999 Fixed timing difference resulting from badly formatted padding. by Paul Bakker · 13 years ago
  40. 1961b70 Added ssl_handshake_step() to allow single stepping the handshake process by Paul Bakker · 13 years ago
  41. 769075d Fixed dependency on POLARSSL_SHA4_C in ssl modules by Paul Bakker · 13 years ago
  42. 645ce3a - Moved ciphersuite naming scheme to IANA reserved names by Paul Bakker · 13 years ago
  43. b0550d9 - Added ssl_get_peer_cert() to SSL API by Paul Bakker · 13 years ago
  44. 23f3680 - Added proper support for TLS 1.2 signature_algorithm extension on server by Paul Bakker · 13 years ago
  45. 1d29fb5 - Added option to add minimum accepted SSL/TLS protocol version by Paul Bakker · 13 years ago
  46. 62f2dee - Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLS by Paul Bakker · 13 years ago
  47. 915275b - Revamped x509_verify() and the SSL f_vrfy callback implementations by Paul Bakker · 13 years ago
  48. 5701cdc - Added ServerName extension parsing (SNI) at server side by Paul Bakker · 13 years ago
  49. eb2c658 - Generalized external private key implementation handling (like PKCS#11) in SSL/TLS by Paul Bakker · 13 years ago
  50. 0a59707 - Added simple SSL session cache implementation by Paul Bakker · 13 years ago
  51. d0f6fa7 - Sending of handshake_failures during renegotiation added by Paul Bakker · 13 years ago
  52. 48916f9 - Added Secure Renegotiation (RFC 5746) by Paul Bakker · 13 years ago
  53. 5f70b25 - Correctly handle SHA256 ciphersuites in SSLv3 by Paul Bakker · 13 years ago
  54. b68cad6 - Made cipersuites in ssl context const (no intention to modify) by Paul Bakker · 13 years ago
  55. 2770fbd - Added DEFLATE compression support as per RFC3749 (requires zlib) by Paul Bakker · 13 years ago
  56. 186751d - Moved out_msg to out_hdr + 32 to support hardware acceleration by Paul Bakker · 13 years ago
  57. 05ef835 - Added support for Hardware Acceleration hooking in SSL/TLS by Paul Bakker · 13 years ago
  58. 380da53 - Abstracted checksum updating during handshake by Paul Bakker · 13 years ago
  59. ca4ab49 - Added GCM ciphersuites to TLS implementation by Paul Bakker · 13 years ago
  60. 0a92518 - Report unexpected_message if unknown record type is received by Paul Bakker · 13 years ago
  61. 10cd225 - Added support for the SHA256 ciphersuites of AES and Camellia by Paul Bakker · 13 years ago
  62. 1ef83d6 - Initial bare version of TLS 1.2 by Paul Bakker · 13 years ago
  63. f34cf85 - Fixed too restrictive test by Paul Bakker · 13 years ago
  64. 452d532 - Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST) by Paul Bakker · 13 years ago
  65. fab5c82 - Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default! by Paul Bakker · 13 years ago
  66. b15b851 - Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47, found by Hugo Leisink) by Paul Bakker · 14 years ago
  67. 69e095c - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it. by Paul Bakker · 14 years ago
  68. 6c0ceb3 - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error by Paul Bakker · 14 years ago
  69. a3d195c - Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs by Paul Bakker · 14 years ago
  70. 490ecc8 - Added ssl_set_max_version() to set the client's maximum sent version number by Paul Bakker · 14 years ago
  71. 7eb013f - Added ssl_session_reset() to allow re-use of already set non-connection specific context information by Paul Bakker · 14 years ago
  72. 8934a98 - Fixed memcpy() that had possible overlapping areas to memmove() by Paul Bakker · 14 years ago
  73. 39bb418 - Made second argument of f_send() prototype and of net_send() const by Paul Bakker · 14 years ago
  74. 887bd50 - Undid fix for ssl_write that introduced a true bug when buffers are running full. by Paul Bakker · 14 years ago
  75. 831a755 - Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake. by Paul Bakker · 14 years ago
  76. 9d78140 - A error_strerror function() has been added to translate between error codes and their description. by Paul Bakker · 14 years ago
  77. 23986e5 - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops by Paul Bakker · 14 years ago
  78. af5c85f - Improved portability with Microsoft Visual C by Paul Bakker · 14 years ago
  79. 1fd00bf - Fixed bug in ssl_write() when flushing old data (Fixes ticket #18) by Paul Bakker · 14 years ago
  80. cdf07e9 - Information about missing or non-verified client certificate is not provided as well. by Paul Bakker · 15 years ago
  81. e3166ce - Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether by Paul Bakker · 15 years ago
  82. 43b7e35 - Support for PKCS#11 through the use of the pkcs11-helper library by Paul Bakker · 15 years ago
  83. 72f6266 - Improved information provided about current Hashing, Cipher and Suite capabilities by Paul Bakker · 15 years ago
  84. 43ca69c - Added function for stringified SSL/TLS version by Paul Bakker · 15 years ago
  85. b63b0af - Added verification callback in certificate verification chain in order to allow external blacklisting by Paul Bakker · 15 years ago
  86. 1b57b06 - Added reading of DHM context from memory and file by Paul Bakker · 15 years ago
  87. 2e11f7d - Added support for TLS v1.1 by Paul Bakker · 15 years ago
  88. b96f154 - Fixed copyright message by Paul Bakker · 15 years ago
  89. 84f12b7 - Updated Copyright to correct entity by Paul Bakker · 15 years ago
  90. 77a4358 - Added support for the SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites by Paul Bakker · 15 years ago
  91. 57b7914 - String peer_cn in ssl context made const as well. by Paul Bakker · 15 years ago
  92. 2908713 - Corrected behaviour by Paul Bakker · 15 years ago
  93. fc8c436 - Updated copyright line to 2010 by Paul Bakker · 15 years ago
  94. 1f3c39c - Removed copyright line for Christophe Devine for clarity by Paul Bakker · 15 years ago
  95. baad650 - Changed ARC4 to use seperate input/output buffer by Paul Bakker · 15 years ago
  96. ff60ee6 - Added const-correctness to main codebase by Paul Bakker · 15 years ago
  97. 1f76115 - Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request() by Paul Bakker · 15 years ago
  98. 77b385e - Updated copyright messages on all relevant files by Paul Bakker · 16 years ago
  99. 40ea7de - Added CRL revocation support to x509parse_verify() by Paul Bakker · 16 years ago
  100. ef75f25 - Proper sequence of ciphersuites by Paul Bakker · 16 years ago