ba958b8bdc
Add test for server-initiated renego
...
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
46fb942046
Fix warning about function that should be static
2014-10-21 16:32:49 +02:00
f1e9b09a0c
Fix missing #ifdef's
2014-10-21 16:32:48 +02:00
4e2f245752
Fix timer issues
...
- timer not firing when constantly receiving bad messages
- timer not reset on failed reads
- timer incorrectly restarted on resend during read
2014-10-21 16:32:47 +02:00
df9a0a8460
Drop unexpected ApplicationData
...
This is likely to happen on resumption if client speaks first at the
application level.
2014-10-21 16:32:46 +02:00
6b65141718
Implement ssl_read() timeout (DTLS only for now)
2014-10-21 16:32:46 +02:00
2707430a4d
Fix types and comments about read_timeout
2014-10-21 16:32:45 +02:00
6c1fa3a184
Fix misplaced initialisation of timeout
2014-10-21 16:32:45 +02:00
c8d8e97cbd
Move to milliseconds in recv_timeout()
2014-10-21 16:32:44 +02:00
905dd2425c
Add ssl_set_handshake_timeout()
2014-10-21 16:32:43 +02:00
0ac247fd88
Implement timeout back-off (fixed range for now)
2014-10-21 16:32:43 +02:00
7de3c9eecb
Count timeout per flight, not per message
2014-10-21 16:32:41 +02:00
db2858ce96
Preparation for timers
...
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
2014-10-21 16:32:41 +02:00
08a1d4bce1
Fix bug with client auth with DTLS
2014-10-21 16:32:39 +02:00
23b7b703aa
Fix issue with renego & resend
2014-10-21 16:32:38 +02:00
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
8464a46b6b
Make DTLS_ANTI_REPLAY depends on PROTO_DTLS
2014-10-21 16:32:35 +02:00
246c13a05f
Fix epoch checking
2014-10-21 16:32:34 +02:00
b47368a00a
Add replay detection
2014-10-21 16:32:34 +02:00
4956fd7437
Test and fix anti-replay functions
2014-10-21 16:32:34 +02:00
7a7e140d4e
Add functions for replay protection
2014-10-21 16:32:33 +02:00
ea22ce577e
Rm unneeded counter increment with DTLS
2014-10-21 16:32:33 +02:00
abf16240dd
Add ability to resend last flight
2014-10-21 16:32:31 +02:00
767c69561b
Drop out-of-sequence ChangeCipherSpec messages
2014-10-21 16:32:29 +02:00
93017de47e
Minor optim: don't resend on duplicated HVR
2014-10-21 16:32:29 +02:00
c715aed744
Fix epoch swapping
2014-10-21 16:32:28 +02:00
6a2bdfaf73
Actually resend flights
2014-10-21 16:32:28 +02:00
5d8ba53ace
Expand and fix resend infrastructure
2014-10-21 16:32:28 +02:00
ffa67be698
Infrastructure for buffering & resending flights
2014-10-21 16:32:27 +02:00
8fa6dfd560
Introduce f_recv_timeout callback
2014-10-21 16:32:26 +02:00
e6bdc4497c
Merge I/O contexts into one
2014-10-21 16:32:25 +02:00
ca6440b246
Small cleanups in parse_finished()
2014-10-21 16:30:31 +02:00
624bcb5260
No memmove: done, rm temporary things
2014-10-21 16:30:31 +02:00
f49a7daa1a
No memmove: ssl_parse_certificate()
2014-10-21 16:30:29 +02:00
4abc32734e
No memmove: ssl_parse_finished()
2014-10-21 16:30:29 +02:00
f899583f94
Prepare moving away from memmove() on incoming HS
2014-10-21 16:30:29 +02:00
4a1753657c
Fix missing return in error check
2014-10-21 16:30:28 +02:00
63eca930d7
Drop invalid records with DTLS
2014-10-21 16:30:28 +02:00
167a37632d
Split two functions out of ssl_read_record()
2014-10-21 16:30:27 +02:00
990f9e428a
Handle late handshake messages gracefully
2014-10-21 16:30:26 +02:00
60ca5afaec
Drop records from wrong epoch
2014-10-21 16:30:25 +02:00
1aa586e41d
Check handshake message_seq field
2014-10-21 16:30:24 +02:00
9d1d7196e4
Check length before reading handshake header
2014-10-21 16:30:24 +02:00
d9ba0d96b6
Prepare for checking incoming handshake seqnum
2014-10-21 16:30:23 +02:00
ac03052f22
Fix segfault with some very short fragments
2014-10-21 16:30:23 +02:00
64dffc5d14
Make handshake reassembly work with openssl
2014-10-21 16:30:22 +02:00
502bf30fb5
Handle reassembly of handshake messages
...
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.
Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
ed79a4bb14
Prepare for DTLS handshake reassembly
2014-10-21 16:30:21 +02:00
edcbe549fd
Reorder checks in ssl_read_record
2014-10-21 16:30:21 +02:00
0557bd5fa4
Fix message_seq with server-initiated renego
2014-10-21 16:30:21 +02:00
