aboutsummaryrefslogtreecommitdiff
path: root/library/ssl_tls.c
AgeCommit message (Expand)AuthorFilesLines
2015-09-30Added max length checking of hostnameSimon Butcher1-0/+3
2015-07-03Up default server DH params to 2048 bitsManuel Pégourié-Gonnard1-2/+2
2015-06-29Fix unchecked malloc()Manuel Pégourié-Gonnard1-0/+5
2015-04-29Add countermeasure against cache-based lucky 13Manuel Pégourié-Gonnard1-4/+7
2015-02-13Update copyright line to 2015Paul Bakker1-1/+1
2015-01-28Fix urlManuel Pégourié-Gonnard1-1/+1
2015-01-26Update copyright noticeManuel Pégourié-Gonnard1-5/+2
2014-10-23Fix ssl_read wrt non-Application DataManuel Pégourié-Gonnard1-3/+12
2014-10-23Fix ssl_close_notify() with non-blocking I/OManuel Pégourié-Gonnard1-6/+3
2014-07-09Fix minlen for GCM suitesManuel Pégourié-Gonnard1-2/+2
2014-07-08Add static and casts to prevent compiler warningsPaul Bakker1-3/+3
2014-07-08Latest CBC padding checkPaul Bakker1-6/+22
2014-07-08Fix length checking for AEAD ciphersuitesPaul Bakker1-5/+13
2014-07-08Introduce polarssl_zeroize() instead of memset() for zeroizationPaul Bakker1-37/+40
2014-07-08Sanity length checks in ssl_read_record() and ssl_fetch_input()Paul Bakker1-3/+16
2014-07-08Prevent potential NULL pointer dereference in ssl_read_record()Paul Bakker1-1/+2
2014-07-08Make sure no random pointer occur during failed malloc()'sPaul Bakker1-4/+12
2014-07-08ssl_init() left a dirty in_ctr pointer on failed allocation of out_ctrPaul Bakker1-0/+1
2014-07-08Forbid sequence number wrappingManuel Pégourié-Gonnard1-0/+14
2014-07-07Countermeasure against "triple handshake" attackManuel Pégourié-Gonnard1-0/+24
2014-07-07Remove a few dead storesPaul Bakker1-1/+0
2014-07-07Add a length check in ssl_derive_keys()Paul Bakker1-0/+6
2014-07-07Fixed potential overflow in certificate size in ssl_write_certificate()Paul Bakker1-1/+1
2014-07-07Safer buffer comparisons in the SSL modulesManuel Pégourié-Gonnard1-3/+3
2013-09-23Do not allow SHA256/SHA384 ciphersuites in < TLS 1.2Paul Bakker1-0/+44
2013-09-23RSA blinding on CRT operations to counter timing attacksPaul Bakker1-3/+5
2013-09-11Fixed potential memory leak when failing to resume a sessionPaul Bakker1-0/+7
2013-09-11Fixed potential heap buffer overflow on large hostname settingPaul Bakker1-1/+5
2013-06-12Added mechanism to provide alternative cipher / hash implementationsPaul Bakker1-0/+12
2013-06-06ssl_parse_certificate() now calls x509parse_crt_der() directlyPaul Bakker1-2/+2
2013-06-06Fixed const correctness issues that have no impact on the ABIPaul Bakker1-18/+18
2013-04-12Ability to specify allowed ciphersuites based on the protocol version.Paul Bakker1-2/+20
2013-03-06Fixed possible NULL pointer exception in ssl_get_ciphersuite()Paul Bakker1-0/+3
2013-02-27Removed further timing differences during SSL message decryption in ssl_decry...Paul Bakker1-27/+57
2013-02-14Fixed commentPaul Bakker1-1/+1
2013-02-14Fixed memory leak in ssl_free() and ssl_reset() for active sessionPaul Bakker1-0/+13
2013-02-02Added sending of alert messages in case of decryption failures as per RFCPaul Bakker1-0/+8
2013-02-02Disable debug messages that can introduce a timing side channel.Paul Bakker1-1/+6
2013-02-02Fixed timing difference resulting from badly formatted padding.Paul Bakker1-23/+50
2013-01-25Added ssl_handshake_step() to allow single stepping the handshakePaul Bakker1-6/+24
2012-11-24Fixed dependency on POLARSSL_SHA4_C in ssl modulesPaul Bakker1-2/+25
2012-10-31 - Moved ciphersuite naming scheme to IANA reserved namesPaul Bakker1-256/+258
2012-10-30 - Added ssl_get_peer_cert() to SSL APIPaul Bakker1-0/+8
2012-09-28 - Added proper support for TLS 1.2 signature_algorithm extension on serverPaul Bakker1-1/+2
2012-09-28 - Added option to add minimum accepted SSL/TLS protocol versionPaul Bakker1-0/+9
2012-09-28 - Set POLARSSL_DHM_RFC5114_MODP_1024_[PG] as default DHM MODP group for SSL/TLSPaul Bakker1-0/+17
2012-09-28 - Revamped x509_verify() and the SSL f_vrfy callback implementationsPaul Bakker1-1/+1
2012-09-27 - Added ServerName extension parsing (SNI) at server sidePaul Bakker1-0/+9
2012-09-27 - Generalized external private key implementation handling (like PKCS#11) in...Paul Bakker1-5/+36
2012-09-25 - Added simple SSL session cache implementationPaul Bakker1-44/+30
generated by cgit v1.1 at 2024-09-13 02:22:56 +0000