diff options
| author | Jack Lloyd <[email protected]> | 2015-10-25 22:25:40 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2015-10-25 22:25:40 -0400 |
| commit | b2da74ca508745f00bb3d6b35cbe34d5031e27e7 (patch) | |
| tree | 032fafd34f178af3b66877d52897f2e14359adaf /src/lib/tls/tls_handshake_io.h | |
| parent | 2d078053b1ac7c1e2316892d8634c386288ee159 (diff) | |
TLS improvements
Use constant time operations when checking CBC padding in TLS decryption
Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes
from working: on decode the session id and hello cookie would be
swapped, causing confusion between client and server.
Various changes in the service of finding the above DTLS bug that
should have been done before now anyway - better control of handshake
timeouts (via TLS::Policy), better reporting of handshake state in the
case of an error, and finally expose the facility for per-message
application callbacks.
Diffstat (limited to 'src/lib/tls/tls_handshake_io.h')
| -rw-r--r-- | src/lib/tls/tls_handshake_io.h | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/lib/tls/tls_handshake_io.h b/src/lib/tls/tls_handshake_io.h index 00074a744..a1c1c5ce3 100644 --- a/src/lib/tls/tls_handshake_io.h +++ b/src/lib/tls/tls_handshake_io.h @@ -100,8 +100,14 @@ class Datagram_Handshake_IO : public Handshake_IO Datagram_Handshake_IO(writer_fn writer, class Connection_Sequence_Numbers& seq, - u16bit mtu) : - m_seqs(seq), m_flights(1), m_send_hs(writer), m_mtu(mtu) {} + u16bit mtu, u64bit initial_timeout_ms, u64bit max_timeout_ms) : + m_seqs(seq), + m_flights(1), + m_initial_timeout(initial_timeout_ms), + m_max_timeout(max_timeout_ms), + m_send_hs(writer), + m_mtu(mtu) + {} Protocol_Version initial_record_version() const override; @@ -120,6 +126,9 @@ class Datagram_Handshake_IO : public Handshake_IO std::pair<Handshake_Type, std::vector<byte>> get_next_record(bool expecting_ccs) override; private: + void retransmit_flight(size_t flight); + void retransmit_last_flight(); + std::vector<byte> format_fragment( const byte fragment[], size_t fragment_len, @@ -183,6 +192,9 @@ class Datagram_Handshake_IO : public Handshake_IO std::vector<std::vector<u16bit>> m_flights; std::map<u16bit, Message_Info> m_flight_data; + u64bit m_initial_timeout = 0; + u64bit m_max_timeout = 0; + u64bit m_last_write = 0; u64bit m_next_timeout = 0; |