Paul Bakker
|
f2a459df05
|
Preparation for PolarSSL 1.4.0
|
2014-10-21 16:40:54 +02:00 |
|
Manuel Pégourié-Gonnard
|
6b875fc7e5
|
Fix potential memory leak (from clang-analyzer)
|
2014-10-21 16:33:00 +02:00 |
|
Manuel Pégourié-Gonnard
|
df3acd82e2
|
Limit HelloRequest retransmission if not enforced
|
2014-10-21 16:32:58 +02:00 |
|
Manuel Pégourié-Gonnard
|
26a4cf63ec
|
Add retransmission of HelloRequest
|
2014-10-21 16:32:57 +02:00 |
|
Manuel Pégourié-Gonnard
|
74a1378175
|
Avoid false positive in ssl-opt.sh with memcheck
|
2014-10-21 16:32:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
8e704f0f74
|
DTLS depends on TIMING_C for now
|
2014-10-21 16:32:56 +02:00 |
|
Manuel Pégourié-Gonnard
|
b0643d152d
|
Add ssl_set_dtls_badmac_limit()
|
2014-10-21 16:32:55 +02:00 |
|
Manuel Pégourié-Gonnard
|
9b35f18f66
|
Add ssl_get_record_expansion()
|
2014-10-21 16:32:55 +02:00 |
|
Manuel Pégourié-Gonnard
|
37e08e1689
|
Fix max_fragment_length with DTLS
|
2014-10-21 16:32:53 +02:00 |
|
Manuel Pégourié-Gonnard
|
23cad339c4
|
Fail cleanly on unhandled case
|
2014-10-21 16:32:52 +02:00 |
|
Manuel Pégourié-Gonnard
|
fc572dd4f6
|
Retransmit only on last message from prev flight
Be a good network citizen, try to avoid causing congestion by causing a
retransmission explosion.
|
2014-10-21 16:32:51 +02:00 |
|
Manuel Pégourié-Gonnard
|
8a7cf2543a
|
Add a few #ifdefs
|
2014-10-21 16:32:51 +02:00 |
|
Manuel Pégourié-Gonnard
|
ba958b8bdc
|
Add test for server-initiated renego
Just assuming the HelloRequest isn't lost for now
|
2014-10-21 16:32:50 +02:00 |
|
Manuel Pégourié-Gonnard
|
46fb942046
|
Fix warning about function that should be static
|
2014-10-21 16:32:49 +02:00 |
|
Manuel Pégourié-Gonnard
|
f1e9b09a0c
|
Fix missing #ifdef's
|
2014-10-21 16:32:48 +02:00 |
|
Manuel Pégourié-Gonnard
|
4e2f245752
|
Fix timer issues
- timer not firing when constantly receiving bad messages
- timer not reset on failed reads
- timer incorrectly restarted on resend during read
|
2014-10-21 16:32:47 +02:00 |
|
Manuel Pégourié-Gonnard
|
df9a0a8460
|
Drop unexpected ApplicationData
This is likely to happen on resumption if client speaks first at the
application level.
|
2014-10-21 16:32:46 +02:00 |
|
Manuel Pégourié-Gonnard
|
6b65141718
|
Implement ssl_read() timeout (DTLS only for now)
|
2014-10-21 16:32:46 +02:00 |
|
Manuel Pégourié-Gonnard
|
2707430a4d
|
Fix types and comments about read_timeout
|
2014-10-21 16:32:45 +02:00 |
|
Manuel Pégourié-Gonnard
|
6c1fa3a184
|
Fix misplaced initialisation of timeout
|
2014-10-21 16:32:45 +02:00 |
|
Manuel Pégourié-Gonnard
|
c8d8e97cbd
|
Move to milliseconds in recv_timeout()
|
2014-10-21 16:32:44 +02:00 |
|
Manuel Pégourié-Gonnard
|
905dd2425c
|
Add ssl_set_handshake_timeout()
|
2014-10-21 16:32:43 +02:00 |
|
Manuel Pégourié-Gonnard
|
0ac247fd88
|
Implement timeout back-off (fixed range for now)
|
2014-10-21 16:32:43 +02:00 |
|
Manuel Pégourié-Gonnard
|
579950c2bb
|
Fix bug with non-blocking I/O and cookies
|
2014-10-21 16:32:42 +02:00 |
|
Manuel Pégourié-Gonnard
|
7de3c9eecb
|
Count timeout per flight, not per message
|
2014-10-21 16:32:41 +02:00 |
|
Manuel Pégourié-Gonnard
|
db2858ce96
|
Preparation for timers
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
|
2014-10-21 16:32:41 +02:00 |
|
Manuel Pégourié-Gonnard
|
08a1d4bce1
|
Fix bug with client auth with DTLS
|
2014-10-21 16:32:39 +02:00 |
|
Manuel Pégourié-Gonnard
|
23b7b703aa
|
Fix issue with renego & resend
|
2014-10-21 16:32:38 +02:00 |
|
Manuel Pégourié-Gonnard
|
f03c7aa469
|
Add replay detection in parse_client_hello()
|
2014-10-21 16:32:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
2739313cea
|
Make anti-replay a runtime option
|
2014-10-21 16:32:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
8464a46b6b
|
Make DTLS_ANTI_REPLAY depends on PROTO_DTLS
|
2014-10-21 16:32:35 +02:00 |
|
Manuel Pégourié-Gonnard
|
246c13a05f
|
Fix epoch checking
|
2014-10-21 16:32:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
b47368a00a
|
Add replay detection
|
2014-10-21 16:32:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
4956fd7437
|
Test and fix anti-replay functions
|
2014-10-21 16:32:34 +02:00 |
|
Manuel Pégourié-Gonnard
|
7a7e140d4e
|
Add functions for replay protection
|
2014-10-21 16:32:33 +02:00 |
|
Manuel Pégourié-Gonnard
|
ea22ce577e
|
Rm unneeded counter increment with DTLS
|
2014-10-21 16:32:33 +02:00 |
|
Manuel Pégourié-Gonnard
|
abf16240dd
|
Add ability to resend last flight
|
2014-10-21 16:32:31 +02:00 |
|
Manuel Pégourié-Gonnard
|
cd32a50d67
|
Fix NewSesssionTicket vs ChangeCipherSpec bug
Since we were cheating on state, ssl_read_record() wasn't able to drop
out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
|
2014-10-21 16:32:31 +02:00 |
|
Manuel Pégourié-Gonnard
|
767c69561b
|
Drop out-of-sequence ChangeCipherSpec messages
|
2014-10-21 16:32:29 +02:00 |
|
Manuel Pégourié-Gonnard
|
93017de47e
|
Minor optim: don't resend on duplicated HVR
|
2014-10-21 16:32:29 +02:00 |
|
Manuel Pégourié-Gonnard
|
c715aed744
|
Fix epoch swapping
|
2014-10-21 16:32:28 +02:00 |
|
Manuel Pégourié-Gonnard
|
6a2bdfaf73
|
Actually resend flights
|
2014-10-21 16:32:28 +02:00 |
|
Manuel Pégourié-Gonnard
|
5d8ba53ace
|
Expand and fix resend infrastructure
|
2014-10-21 16:32:28 +02:00 |
|
Manuel Pégourié-Gonnard
|
ffa67be698
|
Infrastructure for buffering & resending flights
|
2014-10-21 16:32:27 +02:00 |
|
Manuel Pégourié-Gonnard
|
9d9b003a9a
|
Add net_recv_timeout()
|
2014-10-21 16:32:26 +02:00 |
|
Manuel Pégourié-Gonnard
|
8fa6dfd560
|
Introduce f_recv_timeout callback
|
2014-10-21 16:32:26 +02:00 |
|
Manuel Pégourié-Gonnard
|
e6bdc4497c
|
Merge I/O contexts into one
|
2014-10-21 16:32:25 +02:00 |
|
Manuel Pégourié-Gonnard
|
f4acfe1808
|
Document previous API changes in this branch
|
2014-10-21 16:32:23 +02:00 |
|
Manuel Pégourié-Gonnard
|
d92d6a1b5b
|
ssl_parse_server_key_exchange() cleanups
|
2014-10-21 16:30:32 +02:00 |
|
Manuel Pégourié-Gonnard
|
5ee96546de
|
Add length checks in parse_certificate_verify()
|
2014-10-21 16:30:32 +02:00 |
|