502bf30fb5
Handle reassembly of handshake messages
...
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.
Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
ed79a4bb14
Prepare for DTLS handshake reassembly
2014-10-21 16:30:21 +02:00
edcbe549fd
Reorder checks in ssl_read_record
2014-10-21 16:30:21 +02:00
0557bd5fa4
Fix message_seq with server-initiated renego
2014-10-21 16:30:21 +02:00
c392b240c4
Fix server-initiated renegotiation with DTLS
2014-10-21 16:30:21 +02:00
30d16eb429
Fix client-initiated renegotiation with DTLS
2014-10-21 16:30:20 +02:00
b35fe5638a
Fix HelloVerifyRequest version handling
2014-10-21 16:30:20 +02:00
562eb787ec
Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL
2014-10-21 16:30:20 +02:00
bef8f09899
Make cookie timeout configurable
2014-10-21 16:30:19 +02:00
e90308178f
Add timestamp/serial to cookies, with timeout
2014-10-21 16:30:19 +02:00
445a1ec6cd
Change internal names
2014-10-21 16:30:19 +02:00
29ad7e8fc0
Add check for missing ssl_set_client_transport_id()
2014-10-21 16:30:18 +02:00
a64acd4f84
Add separate SSL_COOKIE_C define
2014-10-21 16:30:18 +02:00
7d38d215b1
Allow disabling HelloVerifyRequest
2014-10-21 16:30:18 +02:00
e4de06145a
Fix cookie context usage
2014-10-21 16:30:17 +02:00
232edd46be
Move cookie callbacks implementation to own module
2014-10-21 16:30:17 +02:00
d485d194f9
Move to a callback interface for DTLS cookies
2014-10-21 16:30:17 +02:00
d7f9bc5091
Refactor cookie to prepare for external callbacks
...
Also adds flexibility to the verification process.
2014-10-21 16:30:16 +02:00
82202f0a9c
Make DTLS_HELLO_VERIFY a compile option
2014-10-21 16:30:16 +02:00
98545f128a
Generate random key for HelloVerifyRequest
2014-10-21 16:30:16 +02:00
dd3cdb0fbc
Start using client IP in HelloVerifyRequest
...
Dummy fixed key for now.
2014-10-21 16:30:15 +02:00
43c021874d
Add ssl_set_client_transport_id()
2014-10-21 16:30:15 +02:00
fb2d22371f
Reuse random when responding to a verify request
2014-10-21 16:30:14 +02:00
b760f001d7
Extract generate client random to a function
2014-10-21 16:30:14 +02:00
2c9ee81f6e
Start adding srv support for hello verify request
...
Dummy fixed content for now.
Also, seems to be a race condition in the way the socket is closed and
reopened, leading to a few "random" failures in compat.sh. A fix is planned
for later.
2014-10-21 16:30:13 +02:00
a0e1632b79
Do not use compression with DTLS
2014-10-21 16:30:13 +02:00
5d53cbef3a
Fix length check in ssl_write_ticket()
2014-10-21 16:30:13 +02:00
879a4f9623
Abort on DTLS epoch wrap
2014-10-21 16:30:12 +02:00
805e2300af
Fix error message and return code
2014-10-21 16:30:12 +02:00
67427c07b2
Fix checksum computation with HelloVerifyRequest
2014-10-21 16:30:11 +02:00
74848811b4
Implement HelloVerifyRequest on client
2014-10-21 16:30:11 +02:00
b2f3be8757
Support multiple records in one datagram
2014-10-21 16:30:10 +02:00
34c1011b3d
Fix a few warnings in reduced configs
2014-10-21 16:30:09 +02:00
fe98aceb70
Adapt ssl_fetch_input() for UDP
2014-10-21 16:30:09 +02:00
f5a1312eaa
Add UDP support to the NET module
2014-10-21 16:30:09 +02:00
d6b721c7ee
More ssl_parse_client_hello() adjustments
2014-10-21 16:30:08 +02:00
4128aa71ee
Add the 'cookie' field of DTLS ClientHello
2014-10-21 16:30:08 +02:00
8933a65d5c
Rework ssl_parse_client_hello() a bit
...
- make it more linear
- check lengths better
- prepare for optional "cookie" field
2014-10-21 16:30:08 +02:00
e89bcf05da
Write new DTLS handshake fields correctly
2014-10-21 16:30:07 +02:00
ce441b3442
Add space for new DTLS fields in handshake
2014-10-21 16:30:07 +02:00
a59543af30
Minor refactoring in ssl_read_record()
2014-10-21 16:30:07 +02:00
f302fb52e1
Fix hmac computation for DTLS
2014-10-21 16:30:06 +02:00
5afb167e2c
Implement DTLS epochs
2014-10-21 16:30:06 +02:00
0619348288
Add explicit counter in DTLS record header
2014-10-21 16:30:06 +02:00
507e1e410a
Prep: allow {in,out}_len != {in,out}_hdr + 3
2014-10-21 16:30:06 +02:00
7ee6f0e6e5
Preparation: allow {in,out}_ctr != {in,out}_buf
2014-10-21 16:30:05 +02:00
abc7e3b4ba
Handle DTLS version encoding and fix some checks
2014-10-21 16:30:05 +02:00
864a81fdc0
More ssl_set_XXX() functions can return BAD_INPUT
2014-10-21 16:30:04 +02:00
b21ca2a69f
Adapt version-handling functions to DTLS
2014-10-21 16:30:04 +02:00
d66645130c
Add a ciphersuite NODTLS flag
2014-10-21 16:30:03 +02:00
