yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 04:41:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
2818 commits 88 branches 205 tags 69 MiB
Commit graph

257 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 56d985d0a6 Merge branch 'session-hash' into dtls 
* session-hash:
  Update Changelog for session-hash
  Make session-hash depend on TLS versions
  Forbid extended master secret with SSLv3
  compat.sh: allow git version of gnutls
  compat.sh: make options a bit more robust
  Implement extended master secret
  Add negotiation of Extended Master Secret

Conflicts:
	include/polarssl/check_config.h
	programs/ssl/ssl_server2.c
 2014-11-06 01:25:09 +01:00
Manuel Pégourié-Gonnard fedba98ede Merge branch 'fb-scsv' into dtls 
* fb-scsv:
  Update Changelog for FALLBACK_SCSV
  Implement FALLBACK_SCSV server-side
  Implement FALLBACK_SCSV client-side
 2014-11-05 16:12:09 +01:00
Manuel Pégourié-Gonnard 01b2699198 Implement FALLBACK_SCSV server-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 1cbd39dbeb Implement FALLBACK_SCSV client-side 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard 367381fddd Add negotiation of Extended Master Secret 
(But not the actual thing yet.)
 2014-11-05 16:00:49 +01:00
Manuel Pégourié-Gonnard ef88e68188 Deprecate ssl_set_bio() 2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard df3acd82e2 Limit HelloRequest retransmission if not enforced 2014-10-21 16:32:58 +02:00
Manuel Pégourié-Gonnard 8e704f0f74 DTLS depends on TIMING_C for now 2014-10-21 16:32:56 +02:00
Manuel Pégourié-Gonnard b0643d152d Add ssl_set_dtls_badmac_limit() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard 9b35f18f66 Add ssl_get_record_expansion() 2014-10-21 16:32:55 +02:00
Manuel Pégourié-Gonnard a6fcffe516 Add warnings about disabling replay detection 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard 37e08e1689 Fix max_fragment_length with DTLS 2014-10-21 16:32:53 +02:00
Manuel Pégourié-Gonnard 2707430a4d Fix types and comments about read_timeout 2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard 6c1fa3a184 Fix misplaced initialisation of timeout 2014-10-21 16:32:45 +02:00
Manuel Pégourié-Gonnard c8d8e97cbd Move to milliseconds in recv_timeout() 2014-10-21 16:32:44 +02:00
Manuel Pégourié-Gonnard 905dd2425c Add ssl_set_handshake_timeout() 2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard 0ac247fd88 Implement timeout back-off (fixed range for now) 2014-10-21 16:32:43 +02:00
Manuel Pégourié-Gonnard 579950c2bb Fix bug with non-blocking I/O and cookies 2014-10-21 16:32:42 +02:00
Manuel Pégourié-Gonnard 7de3c9eecb Count timeout per flight, not per message 2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard db2858ce96 Preparation for timers 
Currently directly using timing.c, plan to use callbacks later to loosen
coupling, but first just get things working.
 2014-10-21 16:32:41 +02:00
Manuel Pégourié-Gonnard 23b7b703aa Fix issue with renego & resend 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard 2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 246c13a05f Fix epoch checking 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard 7a7e140d4e Add functions for replay protection 2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard 5d8ba53ace Expand and fix resend infrastructure 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard ffa67be698 Infrastructure for buffering & resending flights 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard 8fa6dfd560 Introduce f_recv_timeout callback 2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard e6bdc4497c Merge I/O contexts into one 2014-10-21 16:32:25 +02:00
Manuel Pégourié-Gonnard 624bcb5260 No memmove: done, rm temporary things 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard f899583f94 Prepare moving away from memmove() on incoming HS 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard 9d1d7196e4 Check length before reading handshake header 2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard d9ba0d96b6 Prepare for checking incoming handshake seqnum 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard 64dffc5d14 Make handshake reassembly work with openssl 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard 502bf30fb5 Handle reassembly of handshake messages 
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.

Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard 562eb787ec Add and use POLARSSL_ERR_SSL_BUFFER_TOO_SMALL 2014-10-21 16:30:20 +02:00
Manuel Pégourié-Gonnard 7d38d215b1 Allow disabling HelloVerifyRequest 2014-10-21 16:30:18 +02:00
Manuel Pégourié-Gonnard 232edd46be Move cookie callbacks implementation to own module 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard d485d194f9 Move to a callback interface for DTLS cookies 2014-10-21 16:30:17 +02:00
Manuel Pégourié-Gonnard d7f9bc5091 Refactor cookie to prepare for external callbacks 
Also adds flexibility to the verification process.
 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 82202f0a9c Make DTLS_HELLO_VERIFY a compile option 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 98545f128a Generate random key for HelloVerifyRequest 2014-10-21 16:30:16 +02:00
Manuel Pégourié-Gonnard 43c021874d Add ssl_set_client_transport_id() 2014-10-21 16:30:15 +02:00
Manuel Pégourié-Gonnard 2c9ee81f6e Start adding srv support for hello verify request 
Dummy fixed content for now.

Also, seems to be a race condition in the way the socket is closed and
reopened, leading to a few "random" failures in compat.sh. A fix is planned
for later.
 2014-10-21 16:30:13 +02:00
Manuel Pégourié-Gonnard 67427c07b2 Fix checksum computation with HelloVerifyRequest 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard 74848811b4 Implement HelloVerifyRequest on client 2014-10-21 16:30:11 +02:00
Manuel Pégourié-Gonnard b2f3be8757 Support multiple records in one datagram 2014-10-21 16:30:10 +02:00
Manuel Pégourié-Gonnard 34c1011b3d Fix a few warnings in reduced configs 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard fe98aceb70 Adapt ssl_fetch_input() for UDP 2014-10-21 16:30:09 +02:00
Manuel Pégourié-Gonnard e89bcf05da Write new DTLS handshake fields correctly 2014-10-21 16:30:07 +02:00
Manuel Pégourié-Gonnard 0619348288 Add explicit counter in DTLS record header 2014-10-21 16:30:06 +02:00