37e08e1689
Fix max_fragment_length with DTLS
2014-10-21 16:32:53 +02:00
2707430a4d
Fix types and comments about read_timeout
2014-10-21 16:32:45 +02:00
6c1fa3a184
Fix misplaced initialisation of timeout
2014-10-21 16:32:45 +02:00
c8d8e97cbd
Move to milliseconds in recv_timeout()
2014-10-21 16:32:44 +02:00
905dd2425c
Add ssl_set_handshake_timeout()
2014-10-21 16:32:43 +02:00
0ac247fd88
Implement timeout back-off (fixed range for now)
2014-10-21 16:32:43 +02:00
579950c2bb
Fix bug with non-blocking I/O and cookies
2014-10-21 16:32:42 +02:00
7de3c9eecb
Count timeout per flight, not per message
2014-10-21 16:32:41 +02:00
db2858ce96
Preparation for timers
...
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
2014-10-21 16:32:41 +02:00
23b7b703aa
Fix issue with renego & resend
2014-10-21 16:32:38 +02:00
2739313cea
Make anti-replay a runtime option
2014-10-21 16:32:35 +02:00
8464a46b6b
Make DTLS_ANTI_REPLAY depends on PROTO_DTLS
2014-10-21 16:32:35 +02:00
246c13a05f
Fix epoch checking
2014-10-21 16:32:34 +02:00
7a7e140d4e
Add functions for replay protection
2014-10-21 16:32:33 +02:00
5d8ba53ace
Expand and fix resend infrastructure
2014-10-21 16:32:28 +02:00
ffa67be698
Infrastructure for buffering & resending flights
2014-10-21 16:32:27 +02:00
57fa314412
Fix depend documentation
2014-10-21 16:32:27 +02:00
9d9b003a9a
Add net_recv_timeout()
2014-10-21 16:32:26 +02:00
8fa6dfd560
Introduce f_recv_timeout callback
2014-10-21 16:32:26 +02:00
e6bdc4497c
Merge I/O contexts into one
2014-10-21 16:32:25 +02:00
624bcb5260
No memmove: done, rm temporary things
2014-10-21 16:30:31 +02:00
f899583f94
Prepare moving away from memmove() on incoming HS
2014-10-21 16:30:29 +02:00
9d1d7196e4
Check length before reading handshake header
2014-10-21 16:30:24 +02:00
d9ba0d96b6
Prepare for checking incoming handshake seqnum
2014-10-21 16:30:23 +02:00
64dffc5d14
Make handshake reassembly work with openssl
2014-10-21 16:30:22 +02:00
502bf30fb5
Handle reassembly of handshake messages
...
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.
Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
562eb787ec
Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL
2014-10-21 16:30:20 +02:00
bef8f09899
Make cookie timeout configurable
2014-10-21 16:30:19 +02:00
e90308178f
Add timestamp/serial to cookies, with timeout
2014-10-21 16:30:19 +02:00
a64acd4f84
Add separate SSL_COOKIE_C define
2014-10-21 16:30:18 +02:00
7d38d215b1
Allow disabling HelloVerifyRequest
2014-10-21 16:30:18 +02:00
232edd46be
Move cookie callbacks implementation to own module
2014-10-21 16:30:17 +02:00
d485d194f9
Move to a callback interface for DTLS cookies
2014-10-21 16:30:17 +02:00
d7f9bc5091
Refactor cookie to prepare for external callbacks
...
Also adds flexibility to the verification process.
2014-10-21 16:30:16 +02:00
82202f0a9c
Make DTLS_HELLO_VERIFY a compile option
2014-10-21 16:30:16 +02:00
98545f128a
Generate random key for HelloVerifyRequest
2014-10-21 16:30:16 +02:00
43c021874d
Add ssl_set_client_transport_id()
2014-10-21 16:30:15 +02:00
2c9ee81f6e
Start adding srv support for hello verify request
...
Dummy fixed content for now.
Also, seems to be a race condition in the way the socket is closed and
reopened, leading to a few "random" failures in compat.sh. A fix is planned
for later.
2014-10-21 16:30:13 +02:00
a0e1632b79
Do not use compression with DTLS
2014-10-21 16:30:13 +02:00
67427c07b2
Fix checksum computation with HelloVerifyRequest
2014-10-21 16:30:11 +02:00
74848811b4
Implement HelloVerifyRequest on client
2014-10-21 16:30:11 +02:00
b2f3be8757
Support multiple records in one datagram
2014-10-21 16:30:10 +02:00
34c1011b3d
Fix a few warnings in reduced configs
2014-10-21 16:30:09 +02:00
fe98aceb70
Adapt ssl_fetch_input() for UDP
2014-10-21 16:30:09 +02:00
f5a1312eaa
Add UDP support to the NET module
2014-10-21 16:30:09 +02:00
e89bcf05da
Write new DTLS handshake fields correctly
2014-10-21 16:30:07 +02:00
0619348288
Add explicit counter in DTLS record header
2014-10-21 16:30:06 +02:00
7ee6f0e6e5
Preparation: allow {in,out}_ctr != {in,out}_buf
2014-10-21 16:30:05 +02:00
abc7e3b4ba
Handle DTLS version encoding and fix some checks
2014-10-21 16:30:05 +02:00
864a81fdc0
More ssl_set_XXX() functions can return BAD_INPUT
2014-10-21 16:30:04 +02:00
