Commit c3b344e3 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Provisional DTLS 1.2 support. 

Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
parent 9cf0f187

apps/s_apps.h

+1 −1
Original line number Diff line number Diff line
@@ -148,7 +148,7 @@ typedef fd_mask fd_set; 
#define PORT_STR        "4433"

#define PROTOCOL        "tcp"



int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int naccept);

int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept);

#ifdef HEADER_X509_H

int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);

#endif

apps/s_client.c

+6 −1
Original line number Diff line number Diff line
@@ -886,6 +886,11 @@ static char *jpake_secret = NULL; 
			meth=DTLSv1_client_method();

			socket_type=SOCK_DGRAM;

			}

		else if	(strcmp(*argv,"-dtls1_2") == 0)

			{

			meth=DTLSv1_2_client_method();

			socket_type=SOCK_DGRAM;

			}

		else if (strcmp(*argv,"-timeout") == 0)

			enable_timeouts=1;

		else if (strcmp(*argv,"-mtu") == 0)
@@ -1376,7 +1381,7 @@ re_start: 
#endif                                              

	if (c_Pause & 0x01) SSL_set_debug(con, 1);



	if ( SSL_version(con) == DTLS1_VERSION)

	if (socket_type == SOCK_DGRAM)

		{



		sbio=BIO_new_dgram(s,BIO_NOCLOSE);

apps/s_server.c

+13 −7
Original line number Diff line number Diff line
@@ -205,9 +205,9 @@ typedef unsigned int u_int; 
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);

#endif

static int not_resumable_sess_cb(SSL *s, int is_forward_secure);

static int sv_body(char *hostname, int s, unsigned char *context);

static int www_body(char *hostname, int s, unsigned char *context);

static int rev_body(char *hostname, int s, unsigned char *context);

static int sv_body(char *hostname, int s, int stype, unsigned char *context);

static int www_body(char *hostname, int s, int stype, unsigned char *context);

static int rev_body(char *hostname, int s, int stype, unsigned char *context);

static void close_accept_socket(void );

static void sv_usage(void);

static int init_ssl_connection(SSL *s);
@@ -533,6 +533,7 @@ static void sv_usage(void) 
	BIO_printf(bio_err," -tls1_1       - Just talk TLSv1.1\n");

	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");

	BIO_printf(bio_err," -dtls1        - Just talk DTLSv1\n");

	BIO_printf(bio_err," -dtls1_2      - Just talk DTLSv1.2\n");

	BIO_printf(bio_err," -timeout      - Enable timeouts\n");

	BIO_printf(bio_err," -mtu          - Set link layer MTU\n");

	BIO_printf(bio_err," -chain        - Read a certificate chain\n");
@@ -1366,6 +1367,11 @@ int MAIN(int argc, char *argv[]) 
			meth=DTLSv1_server_method();

			socket_type = SOCK_DGRAM;

			}

		else if	(strcmp(*argv,"-dtls1_2") == 0)

			{ 

			meth=DTLSv1_2_server_method();

			socket_type = SOCK_DGRAM;

			}

		else if (strcmp(*argv,"-timeout") == 0)

			enable_timeouts = 1;

		else if (strcmp(*argv,"-mtu") == 0)
@@ -2070,7 +2076,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) 
		SSL_CTX_sess_get_cache_size(ssl_ctx));

	}



static int sv_body(char *hostname, int s, unsigned char *context)

static int sv_body(char *hostname, int s, int stype, unsigned char *context)

	{

	char *buf=NULL;

	fd_set readfds;
@@ -2140,7 +2146,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) 
#endif

#endif



	if (SSL_version(con) == DTLS1_VERSION)

	if (stype == SOCK_DGRAM)

		{



		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
@@ -2681,7 +2687,7 @@ static int load_CA(SSL_CTX *ctx, char *file) 
	}

#endif



static int www_body(char *hostname, int s, unsigned char *context)

static int www_body(char *hostname, int s, int stype, unsigned char *context)

	{

	char *buf=NULL;

	int ret=1;
@@ -3115,7 +3121,7 @@ err: 
	return(ret);

	}



static int rev_body(char *hostname, int s, unsigned char *context)

static int rev_body(char *hostname, int s, int stype, unsigned char *context)

	{

	char *buf=NULL;

	int i;

apps/s_socket.c

+2 −2
Original line number Diff line number Diff line
@@ -280,7 +280,7 @@ static int init_client_ip(int *sock, const unsigned char ip[4], int port, 
	return(1);

	}



int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int naccept)

int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept)

	{

	int sock;

	char *name = NULL;
@@ -310,7 +310,7 @@ int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, uns 
			}

		else

			sock = accept_socket;

		i=(*cb)(name,sock, context);

		i=(*cb)(name,sock, type, context);

		if (name != NULL) OPENSSL_free(name);

		if (type==SOCK_STREAM)

			SHUTDOWN2(sock);

ssl/d1_clnt.c

+9 −0
Original line number Diff line number Diff line
@@ -135,6 +135,8 @@ static const SSL_METHOD *dtls1_get_client_method(int ver) 
	{

	if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)

		return(DTLSv1_client_method());

	else if (ver == DTLS1_2_VERSION)

		return(DTLSv1_2_client_method());

	else

		return(NULL);

	}
@@ -146,6 +148,13 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, 
			dtls1_get_client_method,

			DTLSv1_enc_data)



IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,

			DTLSv1_2_client_method,

			ssl_undefined_function,

			dtls1_connect,

			dtls1_get_client_method,

			DTLSv1_2_enc_data)



int dtls1_connect(SSL *s)

	{

	BUF_MEM *buf=NULL;