767c69561b
Drop out-of-sequence ChangeCipherSpec messages
2014-10-21 16:32:29 +02:00
93017de47e
Minor optim: don't resend on duplicated HVR
2014-10-21 16:32:29 +02:00
c715aed744
Fix epoch swapping
2014-10-21 16:32:28 +02:00
6a2bdfaf73
Actually resend flights
2014-10-21 16:32:28 +02:00
5d8ba53ace
Expand and fix resend infrastructure
2014-10-21 16:32:28 +02:00
ffa67be698
Infrastructure for buffering & resending flights
2014-10-21 16:32:27 +02:00
9d9b003a9a
Add net_recv_timeout()
2014-10-21 16:32:26 +02:00
8fa6dfd560
Introduce f_recv_timeout callback
2014-10-21 16:32:26 +02:00
e6bdc4497c
Merge I/O contexts into one
2014-10-21 16:32:25 +02:00
f4acfe1808
Document previous API changes in this branch
2014-10-21 16:32:23 +02:00
d92d6a1b5b
ssl_parse_server_key_exchange() cleanups
2014-10-21 16:30:32 +02:00
5ee96546de
Add length checks in parse_certificate_verify()
2014-10-21 16:30:32 +02:00
72226214b1
Merge checks in ssl_parse_certificate_verify()
2014-10-21 16:30:32 +02:00
ca6440b246
Small cleanups in parse_finished()
2014-10-21 16:30:31 +02:00
624bcb5260
No memmove: done, rm temporary things
2014-10-21 16:30:31 +02:00
000d5aec13
No memmove: parse_new_session_ticket()
2014-10-21 16:30:31 +02:00
0b3400dafa
No memmove: ssl_parse_server_hello()
2014-10-21 16:30:31 +02:00
069eb79043
No memmove: ssl_parse_hello_verify_request()
2014-10-21 16:30:30 +02:00
04c1b4ece1
No memmove: certificate_request + server_hello_done
2014-10-21 16:30:30 +02:00
f4830b5092
No memmove: ssl_parse_server_key_exchange()
2014-10-21 16:30:30 +02:00
4528f3f5c0
No memmove: parse_certificate_verify()
2014-10-21 16:30:30 +02:00
2114d724dc
No memmove: ssl_parse_client_key_exchange()
2014-10-21 16:30:29 +02:00
f49a7daa1a
No memmove: ssl_parse_certificate()
2014-10-21 16:30:29 +02:00
4abc32734e
No memmove: ssl_parse_finished()
2014-10-21 16:30:29 +02:00
f899583f94
Prepare moving away from memmove() on incoming HS
2014-10-21 16:30:29 +02:00
4a1753657c
Fix missing return in error check
2014-10-21 16:30:28 +02:00
19d438f4ff
Get rid of memmove for DTLS in parse_client_hello()
2014-10-21 16:30:28 +02:00
63eca930d7
Drop invalid records with DTLS
2014-10-21 16:30:28 +02:00
167a37632d
Split two functions out of ssl_read_record()
2014-10-21 16:30:27 +02:00
990f9e428a
Handle late handshake messages gracefully
2014-10-21 16:30:26 +02:00
60ca5afaec
Drop records from wrong epoch
2014-10-21 16:30:25 +02:00
1aa586e41d
Check handshake message_seq field
2014-10-21 16:30:24 +02:00
9d1d7196e4
Check length before reading handshake header
2014-10-21 16:30:24 +02:00
d9ba0d96b6
Prepare for checking incoming handshake seqnum
2014-10-21 16:30:23 +02:00
ac03052f22
Fix segfault with some very short fragments
2014-10-21 16:30:23 +02:00
64dffc5d14
Make handshake reassembly work with openssl
2014-10-21 16:30:22 +02:00
502bf30fb5
Handle reassembly of handshake messages
...
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.
Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
ed79a4bb14
Prepare for DTLS handshake reassembly
2014-10-21 16:30:21 +02:00
edcbe549fd
Reorder checks in ssl_read_record
2014-10-21 16:30:21 +02:00
0557bd5fa4
Fix message_seq with server-initiated renego
2014-10-21 16:30:21 +02:00
c392b240c4
Fix server-initiated renegotiation with DTLS
2014-10-21 16:30:21 +02:00
30d16eb429
Fix client-initiated renegotiation with DTLS
2014-10-21 16:30:20 +02:00
b35fe5638a
Fix HelloVerifyRequest version handling
2014-10-21 16:30:20 +02:00
562eb787ec
Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL
2014-10-21 16:30:20 +02:00
bef8f09899
Make cookie timeout configurable
2014-10-21 16:30:19 +02:00
e90308178f
Add timestamp/serial to cookies, with timeout
2014-10-21 16:30:19 +02:00
445a1ec6cd
Change internal names
2014-10-21 16:30:19 +02:00
29ad7e8fc0
Add check for missing ssl_set_client_transport_id()
2014-10-21 16:30:18 +02:00
a64acd4f84
Add separate SSL_COOKIE_C define
2014-10-21 16:30:18 +02:00
7d38d215b1
Allow disabling HelloVerifyRequest
2014-10-21 16:30:18 +02:00
