Matt Caswell
71c16698fa
Remove incorrect code inadvertently introduced through commit 59669b6ab
.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-04 14:17:50 +00:00
Matt Caswell
047f21593e
Only use the fallback mtu after 2 unsuccessful retransmissions if it is less
...
than the mtu we are already using
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-03 09:24:53 +00:00
Matt Caswell
59669b6abf
Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP)
...
and instead use the value provided by the underlying BIO. Also provide some
new DTLS_CTRLs so that the library user can set the mtu without needing to
know this constant. These new DTLS_CTRLs provide the capability to set the
link level mtu to be used (i.e. including this IP/UDP overhead). The previous
DTLS_CTRLs required the library user to subtract this overhead first.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-03 09:24:12 +00:00
Matt Caswell
001235778a
The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being
...
automatically updated, and we should use the one provided instead.
Unfortunately there are a couple of locations where this is not respected.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-03 09:23:46 +00:00
Matt Caswell
8a35dbb6d8
Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask
...
PR#3608
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-11-26 10:10:21 +00:00
Bodo Moeller
cf6da05304
Support TLS_FALLBACK_SCSV.
...
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-10-15 04:03:28 +02:00
Ben Laurie
8892ce7714
Constification - mostly originally from Chromium.
2014-06-29 21:05:23 +01:00
zhu qun-ying
470990fee0
Free up s->d1->buffered_app_data.q properly.
...
PR#3286
2014-06-02 23:55:55 +01:00
Andy Polyakov
972b0dc350
bss_dgram.c,d1_lib.c: make it compile with mingw.
...
Submitted by: Roumen Petrov
2014-03-06 14:04:56 +01:00
Dr. Stephen Henson
c6913eeb76
Dual DTLS version methods.
...
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.
As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
2013-04-09 14:02:48 +01:00
Dr. Stephen Henson
04638f2fc3
Set s->d1 to NULL after freeing it.
2013-04-08 18:24:42 +01:00
Dr. Stephen Henson
4221c0dd30
Enable TLS 1.2 ciphers in DTLS 1.2.
...
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.
2013-03-28 14:14:27 +00:00
Dr. Stephen Henson
c3b344e36a
Provisional DTLS 1.2 support.
...
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.
Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
2013-03-26 15:16:41 +00:00
Dr. Stephen Henson
173e72e64c
DTLS revision.
...
Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted by accident from the DTLS code.
Specifically almost all of the record generation functions have code like
this:
some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
... Record creation stuff ...
set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);
...
write_handshake_message(ssl);
Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
in some cases has very minor differences.
By adding a few fields to SSL3_ENC to include the header length, some flags
and function pointers for handshake header setting and handshake writing the
code can cope with both cases.
Note: although this passes "make test" and some simple DTLS tests there may
be some minor differences in the DTLS code that have to be accounted for.
2013-03-18 14:36:43 +00:00
Andy Polyakov
a006fef78e
Improve WINCE support.
...
Submitted by: Pierre Delaage
2013-01-19 21:23:13 +01:00
Andy Polyakov
f469880c61
d1_lib.c,bss_dgram.c: eliminate dependency on _ftime.
2012-12-16 19:02:59 +00:00
Dr. Stephen Henson
aa09c2c631
correct error codes
2012-04-18 15:36:12 +00:00
Dr. Stephen Henson
ea6e386008
PR: 2756
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS timeout handling.
2012-03-09 15:52:33 +00:00
Dr. Stephen Henson
62b6948a27
PR: 2755
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reduce MTU after failed transmissions.
2012-03-06 13:47:43 +00:00
Dr. Stephen Henson
4817504d06
PR: 2658
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
2011-12-31 22:59:57 +00:00
Dr. Stephen Henson
7e159e0133
PR: 2535
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Add SCTP support for DTLS (RFC 6083).
2011-12-25 14:45:15 +00:00
Ben Laurie
e0af04056c
Add TLS exporter.
2011-11-15 23:50:52 +00:00
Dr. Stephen Henson
1d7392f219
PR: 2602
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:34:48 +00:00
Dr. Stephen Henson
861a7e5c9f
PR: 2543
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Correctly handle errors in DTLSv1_handle_timeout()
2011-06-22 15:30:14 +00:00
Dr. Stephen Henson
006b54a8eb
Oops use up to date patch for PR#2506
2011-05-25 14:30:20 +00:00
Dr. Stephen Henson
7832d6ab1c
PR: 2506
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fully implement SSL_clear for DTLS.
2011-05-25 12:28:06 +00:00
Dr. Stephen Henson
4058861f69
PR: 2462
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS Retransmission Buffer Bug
2011-04-03 17:14:35 +00:00
Richard Levitte
ec44f0ebfa
Taken from OpenSSL_1_0_0-stable:
...
Include proper header files for time functions.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
2010-11-22 18:25:04 +00:00
Dr. Stephen Henson
87a37cbadd
PR: 2223
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS timeout bug
2010-04-06 12:29:31 +00:00
Dr. Stephen Henson
8025e25113
PR: 2121
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Add extension support to DTLS code mainly using existing implementation for
TLS.
2009-12-08 11:37:40 +00:00
Dr. Stephen Henson
499684404c
PR: 2115
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:42:15 +00:00
Dr. Stephen Henson
1fc3ac806d
PR: 2033
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS listen support.
2009-09-09 17:05:18 +00:00
Dr. Stephen Henson
3ed3603b60
Update default dependency flags.
...
Make error name discrepancies a fatal error.
Fix error codes.
make update
2009-08-12 17:30:37 +00:00
Dr. Stephen Henson
b972fbaa8f
PR: 1997
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS timeout handling fix.
2009-08-12 13:19:54 +00:00
Dr. Stephen Henson
6cf41fec72
Update from 1.0.0-stable.
2009-05-31 17:13:09 +00:00
Dr. Stephen Henson
48fd490c6d
Update from 1.0.0-stable.
2009-05-16 11:16:43 +00:00
Dr. Stephen Henson
9289f21b7d
Update from 1.0.0 stable branch.
2009-05-16 11:15:42 +00:00
Dr. Stephen Henson
eb38b26dbc
Update from 1.0.0-stable.
2009-05-15 22:58:40 +00:00
Dr. Stephen Henson
8711efb498
Updates from 1.0.0-stable branch.
2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
e5fa864f62
Updates from 1.0.0-stable.
2009-04-15 15:27:03 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Andy Polyakov
5d58f1bbfe
Prohibit RC4 in DTLS.
2007-10-05 21:04:56 +00:00
Dr. Stephen Henson
42182852f5
Constify version strings is ssl lib.
2007-01-21 16:06:05 +00:00
Nils Larsch
01a9792f05
remove unused internal foo_base_method functions
2005-08-08 19:04:37 +00:00
Dr. Stephen Henson
f3b656b246
Initialize SSL_METHOD structures at compile time. This removes the need
...
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:56:11 +00:00
Andy Polyakov
dffdb56b7f
"Liberate" dtls from BN dependency. Fix bug in replay/update.
2005-06-07 22:21:14 +00:00
Richard Levitte
188b05792f
pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't
...
have a uniform representation for those over all architectures, so a
little bit of hackery is needed.
Contributed by nagendra modadugu <nagendra@cs.stanford.edu>
2005-05-30 22:34:37 +00:00
Ben Laurie
36d16f8ee0
Add DTLS support.
2005-04-26 16:02:40 +00:00