0975ad928d
Merge branch 'etm' into dtls
...
* etm:
Fix some more warnings in reduced configs
Fix typo causing MSVC errors
2014-11-17 15:07:17 +01:00
8e4b3374d7
Fix some more warnings in reduced configs
2014-11-17 15:06:13 +01:00
e5b0fc1847
Make malloc-init script a bit happier
2014-11-13 12:42:12 +01:00
27e3edbe2c
Check key/cert pair in ssl_set_own_cert()
2014-11-06 18:25:51 +01:00
d056ce0e3e
Use seq_num as AEAD nonce by default
2014-11-06 18:23:49 +01:00
f9d778d635
Merge branch 'etm' into dtls
...
* etm:
Fix warning in reduced config
Update Changelog for EtM
Keep EtM state across renegotiations
Adjust minimum length for EtM
Don't send back EtM extension if not using CBC
Fix for the RFC erratum
Implement EtM
Preparation for EtM
Implement initial negotiation of EtM
Conflicts:
include/polarssl/check_config.h
2014-11-06 01:36:32 +01:00
56d985d0a6
Merge branch 'session-hash' into dtls
...
* session-hash:
Update Changelog for session-hash
Make session-hash depend on TLS versions
Forbid extended master secret with SSLv3
compat.sh: allow git version of gnutls
compat.sh: make options a bit more robust
Implement extended master secret
Add negotiation of Extended Master Secret
Conflicts:
include/polarssl/check_config.h
programs/ssl/ssl_server2.c
2014-11-06 01:25:09 +01:00
9d7821d774
Fix warning in reduced config
2014-11-06 01:19:52 +01:00
fedba98ede
Merge branch 'fb-scsv' into dtls
...
* fb-scsv:
Update Changelog for FALLBACK_SCSV
Implement FALLBACK_SCSV server-side
Implement FALLBACK_SCSV client-side
2014-11-05 16:12:09 +01:00
1a03473576
Keep EtM state across renegotiations
2014-11-05 16:00:50 +01:00
169dd6a514
Adjust minimum length for EtM
2014-11-05 16:00:50 +01:00
08558e5b46
Fix for the RFC erratum
2014-11-05 16:00:50 +01:00
313d796e80
Implement EtM
2014-11-05 16:00:50 +01:00
0098e7dc70
Preparation for EtM
2014-11-05 16:00:50 +01:00
699cafaea2
Implement initial negotiation of EtM
...
Not implemented yet:
- actually using EtM
- conditions on renegotiation
2014-11-05 16:00:50 +01:00
ada3030485
Implement extended master secret
2014-11-05 16:00:49 +01:00
1cbd39dbeb
Implement FALLBACK_SCSV client-side
2014-11-05 16:00:49 +01:00
367381fddd
Add negotiation of Extended Master Secret
...
(But not the actual thing yet.)
2014-11-05 16:00:49 +01:00
6b875fc7e5
Fix potential memory leak (from clang-analyzer)
2014-10-21 16:33:00 +02:00
df3acd82e2
Limit HelloRequest retransmission if not enforced
2014-10-21 16:32:58 +02:00
26a4cf63ec
Add retransmission of HelloRequest
2014-10-21 16:32:57 +02:00
74a1378175
Avoid false positive in ssl-opt.sh with memcheck
2014-10-21 16:32:56 +02:00
8e704f0f74
DTLS depends on TIMING_C for now
2014-10-21 16:32:56 +02:00
b0643d152d
Add ssl_set_dtls_badmac_limit()
2014-10-21 16:32:55 +02:00
9b35f18f66
Add ssl_get_record_expansion()
2014-10-21 16:32:55 +02:00
37e08e1689
Fix max_fragment_length with DTLS
2014-10-21 16:32:53 +02:00
23cad339c4
Fail cleanly on unhandled case
2014-10-21 16:32:52 +02:00
fc572dd4f6
Retransmit only on last message from prev flight
...
Be a good network citizen, try to avoid causing congestion by causing a
retransmission explosion.
2014-10-21 16:32:51 +02:00
8a7cf2543a
Add a few #ifdefs
2014-10-21 16:32:51 +02:00
ba958b8bdc
Add test for server-initiated renego
...
Just assuming the HelloRequest isn't lost for now
2014-10-21 16:32:50 +02:00
46fb942046
Fix warning about function that should be static
2014-10-21 16:32:49 +02:00
f1e9b09a0c
Fix missing #ifdef's
2014-10-21 16:32:48 +02:00
4e2f245752
Fix timer issues
...
- timer not firing when constantly receiving bad messages
- timer not reset on failed reads
- timer incorrectly restarted on resend during read
2014-10-21 16:32:47 +02:00
df9a0a8460
Drop unexpected ApplicationData
...
This is likely to happen on resumption if client speaks first at the
application level.
2014-10-21 16:32:46 +02:00
6b65141718
Implement ssl_read() timeout (DTLS only for now)
2014-10-21 16:32:46 +02:00
2707430a4d
Fix types and comments about read_timeout
2014-10-21 16:32:45 +02:00
6c1fa3a184
Fix misplaced initialisation of timeout
2014-10-21 16:32:45 +02:00
c8d8e97cbd
Move to milliseconds in recv_timeout()
2014-10-21 16:32:44 +02:00
905dd2425c
Add ssl_set_handshake_timeout()
2014-10-21 16:32:43 +02:00
0ac247fd88
Implement timeout back-off (fixed range for now)
2014-10-21 16:32:43 +02:00
7de3c9eecb
Count timeout per flight, not per message
2014-10-21 16:32:41 +02:00
db2858ce96
Preparation for timers
...
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
2014-10-21 16:32:41 +02:00
08a1d4bce1
Fix bug with client auth with DTLS
2014-10-21 16:32:39 +02:00
23b7b703aa
Fix issue with renego & resend
2014-10-21 16:32:38 +02:00
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
8464a46b6b
Make DTLS_ANTI_REPLAY depends on PROTO_DTLS
2014-10-21 16:32:35 +02:00
246c13a05f
Fix epoch checking
2014-10-21 16:32:34 +02:00
b47368a00a
Add replay detection
2014-10-21 16:32:34 +02:00
4956fd7437
Test and fix anti-replay functions
2014-10-21 16:32:34 +02:00
7a7e140d4e
Add functions for replay protection
2014-10-21 16:32:33 +02:00
