lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-05-10 05:41:33 +03:00
Code
8,463 Commits 172 Branches 267 Tags
Commit Graph

868 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
56d985d0a6 Merge branch 'session-hash' into dtls 
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
 2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard
9d7821d774 Fix warning in reduced config 2014-11-06 01:19:52 +01:00
Manuel Pégourié-Gonnard
fedba98ede Merge branch 'fb-scsv' into dtls 
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
 2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard
1a03473576 Keep EtM state across renegotiations 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
169dd6a514 Adjust minimum length for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
08558e5b46 Fix for the RFC erratum 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
313d796e80 Implement EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
0098e7dc70 Preparation for EtM 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
699cafaea2 Implement initial negotiation of EtM 
Not implemented yet:
- actually using EtM
- conditions on renegotiation
 2014-11-05 16:00:50 +01:00
Manuel Pégourié-Gonnard
ada3030485 Implement extended master secret 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
367381fddd Add negotiation of Extended Master Secret 
(But not the actual thing yet.)
 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard
6b875fc7e5 Fix potential memory leak (from clang-analyzer) 2014-10-21 16:33:00 +02:00
Manuel Pégourié-Gonnard
df3acd82e2 Limit HelloRequest retransmission if not enforced 2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard
26a4cf63ec Add retransmission of HelloRequest 2014-10-21 16:32:57 +02:00
Manuel Pégourié-Gonnard
74a1378175 Avoid false positive in ssl-opt.sh with memcheck 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
8e704f0f74 DTLS depends on TIMING_C for now 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard
b0643d152d Add ssl_set_dtls_badmac_limit() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
9b35f18f66 Add ssl_get_record_expansion() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard
37e08e1689 Fix max_fragment_length with DTLS 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard
23cad339c4 Fail cleanly on unhandled case 2014-10-21 16:32:52 +02:00
Manuel Pégourié-Gonnard
fc572dd4f6 Retransmit only on last message from prev flight 
Be a good network citizen, try to avoid causing congestion by causing a
retransmission explosion.
 2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
8a7cf2543a Add a few #ifdefs 2014-10-21 16:32:51 +02:00
Manuel Pégourié-Gonnard
ba958b8bdc Add test for server-initiated renego 
Just assuming the HelloRequest isn't lost for now
 2014-10-21 16:32:50 +02:00
Manuel Pégourié-Gonnard
46fb942046 Fix warning about function that should be static 2014-10-21 16:32:49 +02:00
Manuel Pégourié-Gonnard
f1e9b09a0c Fix missing #ifdef's 2014-10-21 16:32:48 +02:00
Manuel Pégourié-Gonnard
4e2f245752 Fix timer issues 
- timer not firing when constantly receiving bad messages
- timer not reset on failed reads
- timer incorrectly restarted on resend during read
 2014-10-21 16:32:47 +02:00
Manuel Pégourié-Gonnard
df9a0a8460 Drop unexpected ApplicationData 
This is likely to happen on resumption if client speaks first at the
application level.
 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
6b65141718 Implement ssl_read() timeout (DTLS only for now) 2014-10-21 16:32:46 +02:00
Manuel Pégourié-Gonnard
2707430a4d Fix types and comments about read_timeout 2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
6c1fa3a184 Fix misplaced initialisation of timeout 2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard
c8d8e97cbd Move to milliseconds in recv_timeout() 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard
905dd2425c Add ssl_set_handshake_timeout() 2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
0ac247fd88 Implement timeout back-off (fixed range for now) 2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard
7de3c9eecb Count timeout per flight, not per message 2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
db2858ce96 Preparation for timers 
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
 2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard
08a1d4bce1 Fix bug with client auth with DTLS 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard
23b7b703aa Fix issue with renego & resend 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard
2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
8464a46b6b Make DTLS_ANTI_REPLAY depends on PROTO_DTLS 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard
246c13a05f Fix epoch checking 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
b47368a00a Add replay detection 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
4956fd7437 Test and fix anti-replay functions 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
7a7e140d4e Add functions for replay protection 2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard
ea22ce577e Rm unneeded counter increment with DTLS 2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard
abf16240dd Add ability to resend last flight 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard
767c69561b Drop out-of-sequence ChangeCipherSpec messages 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
93017de47e Minor optim: don't resend on duplicated HVR 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard
c715aed744 Fix epoch swapping 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard
6a2bdfaf73 Actually resend flights 2014-10-21 16:32:28 +02:00