Manuel Pégourié-Gonnard
f899583f94
Prepare moving away from memmove() on incoming HS
2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard
9d1d7196e4
Check length before reading handshake header
2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard
d9ba0d96b6
Prepare for checking incoming handshake seqnum
2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard
64dffc5d14
Make handshake reassembly work with openssl
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
502bf30fb5
Handle reassembly of handshake messages
...
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.
Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard
562eb787ec
Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL
2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard
bef8f09899
Make cookie timeout configurable
2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
e90308178f
Add timestamp/serial to cookies, with timeout
2014-10-21 16:30:19 +02:00
Manuel Pégourié-Gonnard
a64acd4f84
Add separate SSL_COOKIE_C define
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
7d38d215b1
Allow disabling HelloVerifyRequest
2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard
232edd46be
Move cookie callbacks implementation to own module
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d485d194f9
Move to a callback interface for DTLS cookies
2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard
d7f9bc5091
Refactor cookie to prepare for external callbacks
...
Also adds flexibility to the verification process.
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
82202f0a9c
Make DTLS_HELLO_VERIFY a compile option
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
98545f128a
Generate random key for HelloVerifyRequest
2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard
43c021874d
Add ssl_set_client_transport_id()
2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard
2c9ee81f6e
Start adding srv support for hello verify request
...
Dummy fixed content for now.
Also, seems to be a race condition in the way the socket is closed and
reopened, leading to a few "random" failures in compat.sh. A fix is planned
for later.
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
a0e1632b79
Do not use compression with DTLS
2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard
67427c07b2
Fix checksum computation with HelloVerifyRequest
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
74848811b4
Implement HelloVerifyRequest on client
2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard
b2f3be8757
Support multiple records in one datagram
2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard
34c1011b3d
Fix a few warnings in reduced configs
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
fe98aceb70
Adapt ssl_fetch_input() for UDP
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
f5a1312eaa
Add UDP support to the NET module
2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard
e89bcf05da
Write new DTLS handshake fields correctly
2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard
0619348288
Add explicit counter in DTLS record header
2014-10-21 16:30:06 +02:00
Manuel Pégourié-Gonnard
7ee6f0e6e5
Preparation: allow {in,out}_ctr != {in,out}_buf
2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
abc7e3b4ba
Handle DTLS version encoding and fix some checks
2014-10-21 16:30:05 +02:00
Manuel Pégourié-Gonnard
864a81fdc0
More ssl_set_XXX() functions can return BAD_INPUT
2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard
b21ca2a69f
Adapt version-handling functions to DTLS
2014-10-21 16:30:04 +02:00
Manuel Pégourié-Gonnard
d66645130c
Add a ciphersuite NODTLS flag
2014-10-21 16:30:03 +02:00
Manuel Pégourié-Gonnard
0b1ff29328
Add basic flags for DTLS
2014-10-21 16:30:03 +02:00
Paul Bakker
9eac4f7c4e
Prepare for release 1.3.9
2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard
da1b4de0e4
Increase MPI_MAX_BYTES to allow RSA 8192
2014-10-15 22:06:46 +02:00
Paul Bakker
9e4ff953de
Clarified len parameter of ssl_read()
2014-09-24 11:13:11 +02:00
Sander Niemeijer
ef5087d150
Added explicit casts to prevent compiler warnings when trying to build for iOS
2014-08-21 23:48:14 +02:00
Manuel Pégourié-Gonnard
44ade654c5
Implement (partial) renego delay on client
2014-08-19 13:58:40 +02:00
Manuel Pégourié-Gonnard
6591962f06
Allow delay on renego on client
...
Currently unbounded: will be fixed later
2014-08-19 12:50:30 +02:00
Manuel Pégourié-Gonnard
55e4ff2ace
Tune comments
2014-08-19 11:52:33 +02:00
Manuel Pégourié-Gonnard
8d4ad07706
SHA-2 ciphersuites now require TLS 1.x
2014-08-14 11:34:34 +02:00
Paul Bakker
8dcb2d7d7e
Support escaping of commas in x509_string_to_names()
2014-08-11 11:59:52 +02:00
Paul Bakker
ec3a617d40
Make ready for release of 1.3.8 and soversion 7
2014-07-09 10:21:28 +02:00
Paul Bakker
84bbeb58df
Adapt cipher and MD layer with _init() and _free()
2014-07-09 10:19:24 +02:00
Paul Bakker
accaffe2c3
Restructure ssl_handshake_init() and small fixes
2014-07-09 10:19:24 +02:00
Paul Bakker
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
8f870b047c
Add dhm_init()
2014-07-09 10:19:23 +02:00
Paul Bakker
fff0366bba
Add ctr_drbg_free()
2014-07-09 10:19:23 +02:00
Paul Bakker
5b4af39a36
Add _init() and _free() for hash modules
2014-07-09 10:19:23 +02:00
Paul Bakker
c7ea99af4f
Add _init() and _free() for cipher modules
2014-07-09 10:19:22 +02:00
Manuel Pégourié-Gonnard
08e81e0c8f
Change selection of hash algorithm for TLS 1.2
2014-07-08 14:20:26 +02:00