Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						f9d778d635 
					 
					
						
						
							
							Merge branch 'etm' into dtls  
						
						... 
						
						
						
						* etm:
  Fix warning in reduced config
  Update Changelog for EtM
  Keep EtM state across renegotiations
  Adjust minimum length for EtM
  Don't send back EtM extension if not using CBC
  Fix for the RFC erratum
  Implement EtM
  Preparation for EtM
  Implement initial negotiation of EtM
Conflicts:
	include/polarssl/check_config.h 
						
						
					 
					
						2014-11-06 01:36:32 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						56d985d0a6 
					 
					
						
						
							
							Merge branch 'session-hash' into dtls  
						
						... 
						
						
						
						* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret
Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c 
						
						
					 
					
						2014-11-06 01:25:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						9d7821d774 
					 
					
						
						
							
							Fix warning in reduced config  
						
						
						
						
					 
					
						2014-11-06 01:19:52 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						fedba98ede 
					 
					
						
						
							
							Merge branch 'fb-scsv' into dtls  
						
						... 
						
						
						
						* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side 
						
						
					 
					
						2014-11-05 16:12:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						1a03473576 
					 
					
						
						
							
							Keep EtM state across renegotiations  
						
						
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						169dd6a514 
					 
					
						
						
							
							Adjust minimum length for EtM  
						
						
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						08558e5b46 
					 
					
						
						
							
							Fix for the RFC erratum  
						
						
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						313d796e80 
					 
					
						
						
							
							Implement EtM  
						
						
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						0098e7dc70 
					 
					
						
						
							
							Preparation for EtM  
						
						
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						699cafaea2 
					 
					
						
						
							
							Implement initial negotiation of EtM  
						
						... 
						
						
						
						Not implemented yet:
- actually using EtM
- conditions on renegotiation 
						
						
					 
					
						2014-11-05 16:00:50 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ada3030485 
					 
					
						
						
							
							Implement extended master secret  
						
						
						
						
					 
					
						2014-11-05 16:00:49 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						1cbd39dbeb 
					 
					
						
						
							
							Implement FALLBACK_SCSV client-side  
						
						
						
						
					 
					
						2014-11-05 16:00:49 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						367381fddd 
					 
					
						
						
							
							Add negotiation of Extended Master Secret  
						
						... 
						
						
						
						(But not the actual thing yet.) 
						
						
					 
					
						2014-11-05 16:00:49 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6b875fc7e5 
					 
					
						
						
							
							Fix potential memory leak (from clang-analyzer)  
						
						
						
						
					 
					
						2014-10-21 16:33:00 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						df3acd82e2 
					 
					
						
						
							
							Limit HelloRequest retransmission if not enforced  
						
						
						
						
					 
					
						2014-10-21 16:32:58 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						26a4cf63ec 
					 
					
						
						
							
							Add retransmission of HelloRequest  
						
						
						
						
					 
					
						2014-10-21 16:32:57 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						74a1378175 
					 
					
						
						
							
							Avoid false positive in ssl-opt.sh with memcheck  
						
						
						
						
					 
					
						2014-10-21 16:32:56 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						8e704f0f74 
					 
					
						
						
							
							DTLS depends on TIMING_C for now  
						
						
						
						
					 
					
						2014-10-21 16:32:56 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						b0643d152d 
					 
					
						
						
							
							Add ssl_set_dtls_badmac_limit()  
						
						
						
						
					 
					
						2014-10-21 16:32:55 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						9b35f18f66 
					 
					
						
						
							
							Add ssl_get_record_expansion()  
						
						
						
						
					 
					
						2014-10-21 16:32:55 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						37e08e1689 
					 
					
						
						
							
							Fix max_fragment_length with DTLS  
						
						
						
						
					 
					
						2014-10-21 16:32:53 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						23cad339c4 
					 
					
						
						
							
							Fail cleanly on unhandled case  
						
						
						
						
					 
					
						2014-10-21 16:32:52 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						fc572dd4f6 
					 
					
						
						
							
							Retransmit only on last message from prev flight  
						
						... 
						
						
						
						Be a good network citizen, try to avoid causing congestion by causing a
retransmission explosion. 
						
						
					 
					
						2014-10-21 16:32:51 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						8a7cf2543a 
					 
					
						
						
							
							Add a few #ifdefs  
						
						
						
						
					 
					
						2014-10-21 16:32:51 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ba958b8bdc 
					 
					
						
						
							
							Add test for server-initiated renego  
						
						... 
						
						
						
						Just assuming the HelloRequest isn't lost for now 
						
						
					 
					
						2014-10-21 16:32:50 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						46fb942046 
					 
					
						
						
							
							Fix warning about function that should be static  
						
						
						
						
					 
					
						2014-10-21 16:32:49 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						f1e9b09a0c 
					 
					
						
						
							
							Fix missing #ifdef's  
						
						
						
						
					 
					
						2014-10-21 16:32:48 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						4e2f245752 
					 
					
						
						
							
							Fix timer issues  
						
						... 
						
						
						
						- timer not firing when constantly receiving bad messages
- timer not reset on failed reads
- timer incorrectly restarted on resend during read 
						
						
					 
					
						2014-10-21 16:32:47 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						df9a0a8460 
					 
					
						
						
							
							Drop unexpected ApplicationData  
						
						... 
						
						
						
						This is likely to happen on resumption if client speaks first at the
application level. 
						
						
					 
					
						2014-10-21 16:32:46 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6b65141718 
					 
					
						
						
							
							Implement ssl_read() timeout (DTLS only for now)  
						
						
						
						
					 
					
						2014-10-21 16:32:46 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						2707430a4d 
					 
					
						
						
							
							Fix types and comments about read_timeout  
						
						
						
						
					 
					
						2014-10-21 16:32:45 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6c1fa3a184 
					 
					
						
						
							
							Fix misplaced initialisation of timeout  
						
						
						
						
					 
					
						2014-10-21 16:32:45 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						c8d8e97cbd 
					 
					
						
						
							
							Move to milliseconds in recv_timeout()  
						
						
						
						
					 
					
						2014-10-21 16:32:44 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						905dd2425c 
					 
					
						
						
							
							Add ssl_set_handshake_timeout()  
						
						
						
						
					 
					
						2014-10-21 16:32:43 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						0ac247fd88 
					 
					
						
						
							
							Implement timeout back-off (fixed range for now)  
						
						
						
						
					 
					
						2014-10-21 16:32:43 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						7de3c9eecb 
					 
					
						
						
							
							Count timeout per flight, not per message  
						
						
						
						
					 
					
						2014-10-21 16:32:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						db2858ce96 
					 
					
						
						
							
							Preparation for timers  
						
						... 
						
						
						
						Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working. 
						
						
					 
					
						2014-10-21 16:32:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						08a1d4bce1 
					 
					
						
						
							
							Fix bug with client auth with DTLS  
						
						
						
						
					 
					
						2014-10-21 16:32:39 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						23b7b703aa 
					 
					
						
						
							
							Fix issue with renego & resend  
						
						
						
						
					 
					
						2014-10-21 16:32:38 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						2739313cea 
					 
					
						
						
							
							Make anti-replay a runtime option  
						
						
						
						
					 
					
						2014-10-21 16:32:35 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						8464a46b6b 
					 
					
						
						
							
							Make DTLS_ANTI_REPLAY depends on PROTO_DTLS  
						
						
						
						
					 
					
						2014-10-21 16:32:35 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						246c13a05f 
					 
					
						
						
							
							Fix epoch checking  
						
						
						
						
					 
					
						2014-10-21 16:32:34 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						b47368a00a 
					 
					
						
						
							
							Add replay detection  
						
						
						
						
					 
					
						2014-10-21 16:32:34 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						4956fd7437 
					 
					
						
						
							
							Test and fix anti-replay functions  
						
						
						
						
					 
					
						2014-10-21 16:32:34 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						7a7e140d4e 
					 
					
						
						
							
							Add functions for replay protection  
						
						
						
						
					 
					
						2014-10-21 16:32:33 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ea22ce577e 
					 
					
						
						
							
							Rm unneeded counter increment with DTLS  
						
						
						
						
					 
					
						2014-10-21 16:32:33 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						abf16240dd 
					 
					
						
						
							
							Add ability to resend last flight  
						
						
						
						
					 
					
						2014-10-21 16:32:31 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						767c69561b 
					 
					
						
						
							
							Drop out-of-sequence ChangeCipherSpec messages  
						
						
						
						
					 
					
						2014-10-21 16:32:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						93017de47e 
					 
					
						
						
							
							Minor optim: don't resend on duplicated HVR  
						
						
						
						
					 
					
						2014-10-21 16:32:29 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						c715aed744 
					 
					
						
						
							
							Fix epoch swapping  
						
						
						
						
					 
					
						2014-10-21 16:32:28 +02:00