Commit graph

1627 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 08a1d4bce1 Fix bug with client auth with DTLS 2014-10-21 16:32:39 +02:00
Manuel Pégourié-Gonnard 23b7b703aa Fix issue with renego & resend 2014-10-21 16:32:38 +02:00
Manuel Pégourié-Gonnard f03c7aa469 Add replay detection in parse_client_hello() 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 2739313cea Make anti-replay a runtime option 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 8464a46b6b Make DTLS_ANTI_REPLAY depends on PROTO_DTLS 2014-10-21 16:32:35 +02:00
Manuel Pégourié-Gonnard 246c13a05f Fix epoch checking 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard b47368a00a Add replay detection 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard 4956fd7437 Test and fix anti-replay functions 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard 7a7e140d4e Add functions for replay protection 2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard ea22ce577e Rm unneeded counter increment with DTLS 2014-10-21 16:32:33 +02:00
Manuel Pégourié-Gonnard abf16240dd Add ability to resend last flight 2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard cd32a50d67 Fix NewSesssionTicket vs ChangeCipherSpec bug
Since we were cheating on state, ssl_read_record() wasn't able to drop
out-of-sequence ChangeCipherSpec messages. Cheat a bit less.
2014-10-21 16:32:31 +02:00
Manuel Pégourié-Gonnard 767c69561b Drop out-of-sequence ChangeCipherSpec messages 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard 93017de47e Minor optim: don't resend on duplicated HVR 2014-10-21 16:32:29 +02:00
Manuel Pégourié-Gonnard c715aed744 Fix epoch swapping 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard 6a2bdfaf73 Actually resend flights 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard 5d8ba53ace Expand and fix resend infrastructure 2014-10-21 16:32:28 +02:00
Manuel Pégourié-Gonnard ffa67be698 Infrastructure for buffering & resending flights 2014-10-21 16:32:27 +02:00
Manuel Pégourié-Gonnard 9d9b003a9a Add net_recv_timeout() 2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard 8fa6dfd560 Introduce f_recv_timeout callback 2014-10-21 16:32:26 +02:00
Manuel Pégourié-Gonnard e6bdc4497c Merge I/O contexts into one 2014-10-21 16:32:25 +02:00
Manuel Pégourié-Gonnard f4acfe1808 Document previous API changes in this branch 2014-10-21 16:32:23 +02:00
Manuel Pégourié-Gonnard d92d6a1b5b ssl_parse_server_key_exchange() cleanups 2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard 5ee96546de Add length checks in parse_certificate_verify() 2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard 72226214b1 Merge checks in ssl_parse_certificate_verify() 2014-10-21 16:30:32 +02:00
Manuel Pégourié-Gonnard ca6440b246 Small cleanups in parse_finished() 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard 624bcb5260 No memmove: done, rm temporary things 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard 000d5aec13 No memmove: parse_new_session_ticket() 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard 0b3400dafa No memmove: ssl_parse_server_hello() 2014-10-21 16:30:31 +02:00
Manuel Pégourié-Gonnard 069eb79043 No memmove: ssl_parse_hello_verify_request() 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard 04c1b4ece1 No memmove: certificate_request + server_hello_done 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard f4830b5092 No memmove: ssl_parse_server_key_exchange() 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard 4528f3f5c0 No memmove: parse_certificate_verify() 2014-10-21 16:30:30 +02:00
Manuel Pégourié-Gonnard 2114d724dc No memmove: ssl_parse_client_key_exchange() 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard f49a7daa1a No memmove: ssl_parse_certificate() 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard 4abc32734e No memmove: ssl_parse_finished() 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard f899583f94 Prepare moving away from memmove() on incoming HS 2014-10-21 16:30:29 +02:00
Manuel Pégourié-Gonnard 4a1753657c Fix missing return in error check 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard 19d438f4ff Get rid of memmove for DTLS in parse_client_hello() 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard 63eca930d7 Drop invalid records with DTLS 2014-10-21 16:30:28 +02:00
Manuel Pégourié-Gonnard 167a37632d Split two functions out of ssl_read_record() 2014-10-21 16:30:27 +02:00
Manuel Pégourié-Gonnard 990f9e428a Handle late handshake messages gracefully 2014-10-21 16:30:26 +02:00
Manuel Pégourié-Gonnard 60ca5afaec Drop records from wrong epoch 2014-10-21 16:30:25 +02:00
Manuel Pégourié-Gonnard 1aa586e41d Check handshake message_seq field 2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard 9d1d7196e4 Check length before reading handshake header 2014-10-21 16:30:24 +02:00
Manuel Pégourié-Gonnard d9ba0d96b6 Prepare for checking incoming handshake seqnum 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard ac03052f22 Fix segfault with some very short fragments 2014-10-21 16:30:23 +02:00
Manuel Pégourié-Gonnard 64dffc5d14 Make handshake reassembly work with openssl 2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard 502bf30fb5 Handle reassembly of handshake messages
Works only with GnuTLS for now, OpenSSL packs other records in the same
datagram after the last fragmented one, which we don't handle yet.

Also, ssl-opt.sh fails the tests with valgrind for now: we're so slow with
valgrind that gnutls-serv retransmits some messages, and we don't handle
duplicated messages yet.
2014-10-21 16:30:22 +02:00
Manuel Pégourié-Gonnard ed79a4bb14 Prepare for DTLS handshake reassembly 2014-10-21 16:30:21 +02:00