summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2011-02-18 23:59:36 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2011-02-18 23:59:36 +0100
commit258d52ffb0112f457fa2503493b9f353d08bdf24 (patch)
treee5351adf2e783ac727c136a67f7cc9aa250e561b
parent09e0737359ca51974b427ad12bb5bec4ed031e8b (diff)
downloadgnutls-258d52ffb0112f457fa2503493b9f353d08bdf24.tar.gz
Several updates for DTLS (client side only) to work.
Diffstat
-rw-r--r--lib/auth_cert.c2
-rw-r--r--lib/debug.c3
-rw-r--r--lib/gnutls_algorithms.c6
-rw-r--r--lib/gnutls_buffers.c90
-rw-r--r--lib/gnutls_buffers.h1
-rw-r--r--lib/gnutls_cipher.c16
-rw-r--r--lib/gnutls_cipher.h2
-rw-r--r--lib/gnutls_dtls.c48
-rw-r--r--lib/gnutls_dtls.h1
-rw-r--r--lib/gnutls_errors.h4
-rw-r--r--lib/gnutls_handshake.c82
-rw-r--r--lib/gnutls_int.h21
-rw-r--r--lib/gnutls_mbuffers.h6
-rw-r--r--lib/gnutls_num.c59
-rw-r--r--lib/gnutls_num.h5
-rw-r--r--lib/gnutls_record.c41
-rw-r--r--lib/gnutls_record.h1
-rw-r--r--lib/gnutls_state.c18
-rw-r--r--lib/includes/gnutls/gnutls.h.in7
-rw-r--r--lib/system.c16
-rw-r--r--lib/system.h1
-rw-r--r--src/cli-gaa.c16
-rw-r--r--src/cli-gaa.h2
-rw-r--r--src/cli.c8
-rw-r--r--src/cli.gaa6
25 files changed, 271 insertions, 191 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 60bb989264..9f644b18d8 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -2064,7 +2064,6 @@ _gnutls_server_select_cert (gnutls_session_t session,
idx = -1; /* default is use no certificate */
-
_gnutls_handshake_log("HSK[%p]: Requested PK algorithm: %s (%d) -- ctype: %s (%d)\n", session,
gnutls_pk_get_name(requested_algo), requested_algo,
gnutls_certificate_type_get_name(session->security_parameters.cert_type), session->security_parameters.cert_type);
@@ -2077,6 +2076,7 @@ _gnutls_server_select_cert (gnutls_session_t session,
gnutls_pk_get_name(cred->cert_list[i][0].subject_pk_algorithm), cred->cert_list[i][0].subject_pk_algorithm,
gnutls_certificate_type_get_name(cred->cert_list[i][0].cert_type), cred->cert_list[i][0].cert_type,
gnutls_sign_get_name(cred->cert_list[i][0].sign_algo), cred->cert_list[i][0].sign_algo);
+
if (requested_algo == GNUTLS_PK_ANY ||
requested_algo == cred->cert_list[i][0].subject_pk_algorithm)
{
diff --git a/lib/debug.c b/lib/debug.c
index c9b367d035..92b70d9515 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -111,6 +111,9 @@ _gnutls_handshake2str (gnutls_handshake_description_t handshake)
case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
return "NEW SESSION TICKET";
break;
+ case GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC:
+ return "CHANGE CIPHER SPEC";
+ break;
default:
return "Unknown Handshake packet";
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index ed0d610ddf..84fb1184d5 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -1398,6 +1398,7 @@ _gnutls_version_has_selectable_prf (gnutls_protocol_t version)
{
switch (version)
{
+ case GNUTLS_DTLS1_0:
case GNUTLS_TLS1_1:
case GNUTLS_TLS1_0:
case GNUTLS_SSL3:
@@ -1489,6 +1490,9 @@ _gnutls_map_kx_get_kx (gnutls_credentials_type_t type, int server)
return ret;
}
+/* Returns the credentials type required for this
+ * Key exchange method.
+ */
gnutls_credentials_type_t
_gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm, int server)
{
@@ -1525,7 +1529,7 @@ _gnutls_cipher_suite_is_version_supported (gnutls_session_t session, const ciphe
GNUTLS_CIPHER_SUITE_ALG_LOOP (if (version >= p->min_version
&& version <= p->max_version) ret = 1;
- if (IS_DTLS && p->dtls==0) ret = 0;);
+ if (IS_DTLS(session) && p->dtls==0) ret = 0;);
return ret;
}
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 9e078455c9..a57784f633 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -272,8 +272,8 @@ static ssize_t
_gnutls_dgram_read (gnutls_session_t session, mbuffer_st **bufel,
gnutls_pull_func pull_func)
{
- ssize_t i;
- char *ptr = alloca (MAX_RECV_SIZE);
+ ssize_t i, ret;
+ char *ptr;
gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
if (!bufel)
@@ -282,11 +282,15 @@ _gnutls_dgram_read (gnutls_session_t session, mbuffer_st **bufel,
return GNUTLS_E_INTERNAL_ERROR;
}
+ ptr = gnutls_malloc(MAX_RECV_SIZE(session));
+ if (ptr == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
session->internals.direction = 0;
reset_errno (session);
- i = pull_func (fd, ptr, MAX_RECV_SIZE);
+ i = pull_func (fd, ptr, MAX_RECV_SIZE(session));
if (i < 0)
{
@@ -296,13 +300,20 @@ _gnutls_dgram_read (gnutls_session_t session, mbuffer_st **bufel,
(int) i, fd, errno, session->internals.errnum);
if (err == EAGAIN)
- return GNUTLS_E_AGAIN;
+ {
+ ret = GNUTLS_E_AGAIN;
+ goto cleanup;
+ }
else if (err == EINTR)
- return GNUTLS_E_INTERRUPTED;
+ {
+ ret = GNUTLS_E_INTERRUPTED;
+ goto cleanup;
+ }
else
{
gnutls_assert ();
- return GNUTLS_E_PULL_ERROR;
+ ret = GNUTLS_E_PULL_ERROR;
+ goto cleanup;
}
}
else
@@ -312,23 +323,28 @@ _gnutls_dgram_read (gnutls_session_t session, mbuffer_st **bufel,
/* If we get here, we likely have a stream socket.
* FIXME: this probably breaks DCCP. */
gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
}
*bufel = _mbuffer_alloc (0, i);
if (!*bufel)
{
gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
}
_mbuffer_append_data (*bufel, ptr, i);
}
- if (_gnutls_log_level >= 7)
- _gnutls_read_log ("READ: read %d bytes from %p\n", (int) i, fd);
-
- return i;
+ _gnutls_read_log ("READ: read %d bytes from %p\n", (int) i, fd);
+
+ ret = i;
+
+cleanup:
+ gnutls_free(ptr);
+ return ret;
}
static ssize_t
@@ -406,13 +422,9 @@ _gnutls_stream_read (gnutls_session_t session, mbuffer_st **bufel,
finish:
- if (_gnutls_log_level >= 7)
- {
- _gnutls_read_log ("READ: read %d bytes from %p\n",
+ _gnutls_read_log ("READ: read %d bytes from %p\n",
(int) (size - left), fd);
- }
-
return (size - left);
}
@@ -550,7 +562,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
mbuffer_st *bufel = NULL;
size_t recvlowat, recvdata, readsize;
- if (total > MAX_RECV_SIZE || total == 0)
+ if (total > MAX_RECV_SIZE(session) || total == 0)
{
gnutls_assert (); /* internal error */
return GNUTLS_E_INVALID_REQUEST;
@@ -611,7 +623,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
* receive are longer than the maximum receive buffer size.
*/
if ((session->internals.record_recv_buffer.byte_length + recvdata) >
- MAX_RECV_SIZE)
+ MAX_RECV_SIZE(session))
{
gnutls_assert (); /* internal error */
return GNUTLS_E_INVALID_REQUEST;
@@ -824,6 +836,29 @@ _gnutls_io_write_flush (gnutls_session_t session)
return sent;
}
+#include "debug.h"
+/* Checks whether there are received data within
+ * a timeframe.
+ *
+ * Returns 0 if data were received, GNUTLS_E_TIMEDOUT
+ * on timeout and a negative value on error.
+ */
+int
+_gnutls_io_check_recv (gnutls_session_t session, int ms)
+{
+ gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
+ int ret;
+
+
+ ret = system_recv_timeout(fd, ms);
+ if (ret == -1)
+ return gnutls_assert_val(GNUTLS_E_PULL_ERROR);
+
+ if (ret > 0)
+ return 0;
+ else return GNUTLS_E_TIMEDOUT;
+}
+
/* This function writes the data that are left in the
* Handshake write buffer (ie. because the previous write was
* interrupted.
@@ -842,17 +877,17 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session)
_gnutls_write_log ("HWRITE FLUSH: %d bytes in buffer.\n",
(int) send_buffer->byte_length);
- if (IS_DTLS)
+ if (IS_DTLS(session))
return _gnutls_dtls_transmit(session);
for (cur = _mbuffer_get_first (send_buffer, &msg);
cur != NULL; cur = _mbuffer_get_first (send_buffer, &msg))
{
- ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE,
- session->internals.handshake_send_buffer_htype,
+ ret = _gnutls_send_int (session, cur->type,
+ cur->htype,
EPOCH_WRITE_CURRENT,
- msg.data, msg.size, 0 /* do not flush */ );
+ msg.data, msg.size, 0);
if (ret >= 0)
{
@@ -889,14 +924,19 @@ _gnutls_handshake_io_cache_int (gnutls_session_t session,
{
mbuffer_head_st * send_buffer;
- if (IS_DTLS)
+ if (IS_DTLS(session))
return _gnutls_dtls_handshake_enqueue(session, bufel, htype, session->internals.dtls.hsk_write_seq-1);
send_buffer =
&session->internals.handshake_send_buffer;
+ bufel->htype = htype;
+ if (bufel->htype == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC)
+ bufel->type = GNUTLS_CHANGE_CIPHER_SPEC;
+ else
+ bufel->type = GNUTLS_HANDSHAKE;
+
_mbuffer_enqueue (send_buffer, bufel);
- session->internals.handshake_send_buffer_htype = htype;
_gnutls_write_log
("HWRITE: enqueued %d. Total %d bytes.\n",
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index 3546fc6e58..8028f734ef 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -60,6 +60,7 @@ int _gnutls_handshake_io_cache_int (gnutls_session_t,
gnutls_handshake_description_t,
mbuffer_st * bufel);
ssize_t _gnutls_io_write_flush (gnutls_session_t session);
+int _gnutls_io_check_recv (gnutls_session_t session, int ms);
ssize_t _gnutls_handshake_io_write_flush (gnutls_session_t session);
#endif
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index eeee430934..0f569c3162 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -46,7 +46,7 @@
static int _gnutls_compressed2ciphertext (gnutls_session_t session,
opaque * cipher_data, int cipher_size,
gnutls_datum_t compressed,
- content_type_t _type, int random_pad,
+ content_type_t _type,
record_parameters_st * params);
static int _gnutls_ciphertext2compressed (gnutls_session_t session,
opaque * compress_data,
@@ -82,7 +82,7 @@ int
_gnutls_encrypt (gnutls_session_t session, const opaque * headers,
size_t headers_size, const opaque * data,
size_t data_size, opaque * ciphertext,
- size_t ciphertext_size, content_type_t type, int random_pad,
+ size_t ciphertext_size, content_type_t type,
record_parameters_st * params)
{
gnutls_datum_t plain;
@@ -115,7 +115,7 @@ _gnutls_encrypt (gnutls_session_t session, const opaque * headers,
ret = _gnutls_compressed2ciphertext (session, &ciphertext[headers_size],
ciphertext_size - headers_size,
- comp, type, random_pad, params);
+ comp, type, params);
if (free_comp)
_gnutls_free_datum (&comp);
@@ -310,7 +310,7 @@ static int
_gnutls_compressed2ciphertext (gnutls_session_t session,
opaque * cipher_data, int cipher_size,
gnutls_datum_t compressed,
- content_type_t type, int random_pad,
+ content_type_t type,
record_parameters_st * params)
{
uint8_t * tag_ptr = NULL;
@@ -326,8 +326,11 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
int ver = gnutls_protocol_get_version (session);
int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version);
int auth_cipher = _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
+ int random_pad = (session->internals.priorities.no_padding == 0) ? 1 : 0;
-
+ _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
+ session, gnutls_cipher_get_name(params->cipher_algorithm), gnutls_mac_get_name(params->mac_algorithm),
+ (unsigned int)params->epoch);
preamble_size =
make_preamble (UINT64DATA
(params->write.sequence_number),
@@ -572,8 +575,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
* MAC.
*/
preamble_size =
- make_preamble (UINT64DATA
- (params->read.sequence_number), type,
+ make_preamble (UINT64DATA(*sequence), type,
length, ver, preamble);
_gnutls_auth_cipher_add_auth (&params->read.cipher_state, preamble, preamble_size);
_gnutls_auth_cipher_add_auth (&params->read.cipher_state, ciphertext.data, length);
diff --git a/lib/gnutls_cipher.h b/lib/gnutls_cipher.h
index 19667de4bb..0af1935266 100644
--- a/lib/gnutls_cipher.h
+++ b/lib/gnutls_cipher.h
@@ -27,7 +27,7 @@ int _gnutls_encrypt (gnutls_session_t session, const opaque * headers,
size_t headers_size, const opaque * data,
size_t data_size, opaque * ciphertext,
size_t ciphertext_size, content_type_t type,
- int random_pad, record_parameters_st * params);
+ record_parameters_st * params);
int _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
size_t ciphertext_size, uint8_t * data, size_t data_size,
diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c
index 20d238e4f2..b01f92a64e 100644
--- a/lib/gnutls_dtls.c
+++ b/lib/gnutls_dtls.c
@@ -31,6 +31,8 @@
#include "gnutls_dtls.h"
#include "gnutls_record.h"
#include <gnutls_mbuffers.h>
+#include <gnutls_buffers.h>
+#include <gnutls_constate.h>
/* This function is called once a handshake message is ready to be
* queued in the next outgoing flight. The actual transmission occurs
@@ -45,6 +47,12 @@ _gnutls_dtls_handshake_enqueue (gnutls_session_t session,
uint16_t sequence)
{
dtls_hsk_retransmit_buffer *msg;
+ record_parameters_st * params;
+ int ret;
+
+ ret = _gnutls_epoch_get( session, EPOCH_WRITE_CURRENT, &params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
msg = gnutls_malloc (sizeof(dtls_hsk_retransmit_buffer));
if (msg == NULL)
@@ -56,8 +64,8 @@ _gnutls_dtls_handshake_enqueue (gnutls_session_t session,
msg->bufel = bufel;
msg->next = NULL;
- /* FIXME: dummy epoch */
- msg->epoch = 0;
+
+ msg->epoch = params->epoch;
msg->type = type;
msg->sequence = sequence;
@@ -82,6 +90,14 @@ transmit_message (gnutls_session_t session,
unsigned int offset, frag_len, data_size;
const uint mtu = session->internals.dtls.hsk_mtu;
+ if (msg->type == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC)
+ {
+ return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1,
+ msg->epoch,
+ _mbuffer_get_uhead_ptr(msg->bufel),
+ _mbuffer_get_uhead_size(msg->bufel), 0);
+ }
+
mtu_data = gnutls_malloc(mtu + DTLS_HANDSHAKE_HEADER_SIZE);
if (mtu_data == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
@@ -106,9 +122,9 @@ transmit_message (gnutls_session_t session,
{
/* Calculate fragment length */
if(offset + mtu > data_size)
- frag_len = data_size - offset;
+ frag_len = data_size - offset;
else
- frag_len = mtu;
+ frag_len = mtu;
/* Fragment offset */
_gnutls_write_uint24 (offset, &mtu_data[6]);
@@ -126,10 +142,11 @@ transmit_message (gnutls_session_t session,
msg->type, data_size, offset, frag_len);
/* FIXME: We should collaborate with the record layer to pack as
- many records possible into a single datagram. We should also
- tell the record layer which epoch to use for encryption. */
- ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE, msg->type, EPOCH_WRITE_CURRENT,
- mtu_data, DTLS_HANDSHAKE_HEADER_SIZE + frag_len, 0);
+ * many records possible into a single datagram. We should also
+ * tell the record layer which epoch to use for encryption.
+ */
+ ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE, msg->type, msg->epoch,
+ mtu_data, DTLS_HANDSHAKE_HEADER_SIZE + frag_len, 0);
if (ret < 0)
break;
}
@@ -147,15 +164,26 @@ transmit_message (gnutls_session_t session,
int
_gnutls_dtls_transmit (gnutls_session_t session)
{
+int ret;
+
/* PREPARING -> SENDING state transition */
dtls_hsk_retransmit_buffer *msg;
+restart:
_gnutls_dtls_log ("DTLS[%p]: Start of flight transmission.\n", session);
for (msg = session->internals.dtls.retransmit; msg != NULL; msg = msg->next)
transmit_message (session, msg);
- _gnutls_io_write_flush (session);
+ ret = _gnutls_io_write_flush (session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_io_check_recv(session, 100);
+ if (ret == GNUTLS_E_TIMEDOUT)
+ goto restart;
+ else if (ret < 0)
+ return gnutls_assert_val(ret);
_gnutls_dtls_log ("DTLS[%p]: End of flight transmission.\n", session);
@@ -187,6 +215,7 @@ _gnutls_dtls_clear_outgoing_buffer (gnutls_session_t session)
session->internals.dtls.retransmit = NULL;
}
+#if 0
void
_gnutls_dtls_split_sequence (const uint64 *input,
uint16_t *epoch, uint64_t *sequence)
@@ -196,3 +225,4 @@ _gnutls_dtls_split_sequence (const uint64 *input,
// fprintf(stderr, "%04x:%012lx\n", *epoch, *sequence);
}
+#endif
diff --git a/lib/gnutls_dtls.h b/lib/gnutls_dtls.h
index 4a9aa127ca..80958dd6f2 100644
--- a/lib/gnutls_dtls.h
+++ b/lib/gnutls_dtls.h
@@ -35,6 +35,5 @@ _gnutls_dtls_handshake_enqueue (gnutls_session_t session,
int _gnutls_dtls_transmit(gnutls_session_t session);
void _gnutls_dtls_clear_outgoing_buffer(gnutls_session_t session);
-void _gnutls_dtls_split_sequence(const uint64 *input, uint16_t *epoch, uint64_t *sequence);
#endif
diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h
index 54440423ef..1af2517048 100644
--- a/lib/gnutls_errors.h
+++ b/lib/gnutls_errors.h
@@ -65,7 +65,7 @@ _gnutls_log (int, const char *fmt, ...)
#define _gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__)
#define _gnutls_hard_log(...) LEVEL(9, __VA_ARGS__)
#define _gnutls_record_log(...) LEVEL(4, __VA_ARGS__)
-# define _gnutls_dtls_log(...) LEVEL(6, __VA_ARGS__)
+#define _gnutls_dtls_log(...) LEVEL(6, __VA_ARGS__)
#define _gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__)
#define _gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__)
#define _gnutls_x509_log(...) LEVEL(1, __VA_ARGS__)
@@ -76,7 +76,7 @@ _gnutls_log (int, const char *fmt, ...)
#define _gnutls_buffers_log _gnutls_null_log
#define _gnutls_hard_log _gnutls_null_log
#define _gnutls_record_log _gnutls_null_log
-# define _gnutls_dtls_log _gnutls_null_log
+#define _gnutls_dtls_log _gnutls_null_log
#define _gnutls_read_log _gnutls_null_log
#define _gnutls_write_log _gnutls_null_log
#define _gnutls_x509_log _gnutls_null_log
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 34d30fbed8..9889c3bd51 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
- * 2009, 2010 Free Software Foundation, Inc.
+ * 2009, 2010, 2011 Free Software Foundation, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
@@ -839,7 +839,7 @@ _gnutls_recv_finished (gnutls_session_t session)
* RSA algorithms, PK_DSA if DSS, and PK_ANY for both or PK_NONE for none.
*/
static int
-_gnutls_server_find_pk_algos_in_ciphersuites (const opaque *
+server_find_pk_algos_in_ciphersuites (const opaque *
data, unsigned int datalen)
{
unsigned int j;
@@ -910,7 +910,7 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data,
}
}
- pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen);
+ pk_algo = server_find_pk_algos_in_ciphersuites (data, datalen);
x = _gnutls_supported_ciphersuites (session, &ciphers);
if (x < 0)
@@ -1295,7 +1295,7 @@ _gnutls_recv_handshake_header (gnutls_session_t session,
int ret;
uint32_t length32 = 0;
uint8_t *dataptr = NULL; /* for realloc */
- size_t handshake_header_size = HANDSHAKE_HEADER_SIZE;
+ size_t handshake_header_size = HANDSHAKE_HEADER_SIZE(session);
/* if we have data into the buffer then return them, do not read the next packet.
* In order to return we need a full TLS handshake header, or in case of a version 2
@@ -1358,7 +1358,7 @@ _gnutls_recv_handshake_header (gnutls_session_t session,
[session->
internals.handshake_header_buffer.
header_size],
- HANDSHAKE_HEADER_SIZE -
+ HANDSHAKE_HEADER_SIZE(session) -
session->
internals.handshake_header_buffer.
header_size);
@@ -1368,7 +1368,7 @@ _gnutls_recv_handshake_header (gnutls_session_t session,
return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
if ((size_t) ret !=
- HANDSHAKE_HEADER_SIZE -
+ HANDSHAKE_HEADER_SIZE(session) -
session->internals.handshake_header_buffer.header_size)
{
gnutls_assert ();
@@ -1380,11 +1380,11 @@ _gnutls_recv_handshake_header (gnutls_session_t session,
* that the packet has enough data.
*/
length32 = _gnutls_read_uint24 (&dataptr[1]);
- handshake_header_size = HANDSHAKE_HEADER_SIZE;
+ handshake_header_size = HANDSHAKE_HEADER_SIZE(session);
_gnutls_handshake_log ("HSK[%p]: %s was received [%ld bytes]\n",
session, _gnutls_handshake2str (dataptr[0]),
- (long int) (length32 + HANDSHAKE_HEADER_SIZE));
+ (long int) (length32 + HANDSHAKE_HEADER_SIZE(session)));
}
else
@@ -2973,6 +2973,51 @@ _gnutls_handshake_client (gnutls_session_t session)
return 0;
}
+
+
+/* This function is to be called if the handshake was successfully
+ * completed. This sends a Change Cipher Spec packet to the peer.
+ */
+static ssize_t
+send_change_cipher_spec (gnutls_session_t session, int again)
+{
+ opaque* data;
+ mbuffer_st * bufel;
+ int ret;
+
+ if (again == 0)
+ {
+ bufel = _gnutls_handshake_alloc (session, 1, 1);
+ if (bufel == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ _mbuffer_set_uhead_size(bufel, 1);
+ _mbuffer_set_udata_size(bufel, 0);
+
+ data = _mbuffer_get_uhead_ptr (bufel);
+
+ data[0] = 1;
+
+ ret = _gnutls_handshake_io_cache_int (session, GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC, bufel);
+ if (ret < 0)
+ {
+ _mbuffer_xfree(&bufel);
+ return gnutls_assert_val(ret);
+ }
+
+ if (!IS_DTLS(session)) /* remove once combined */
+ {
+ ret = _gnutls_handshake_io_write_flush (session);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
+
+ _gnutls_handshake_log ("REC[%p]: Sent ChangeCipherSpec\n", session);
+ }
+
+ return 0;
+}
+
/* This function sends the final handshake packets and initializes connection
*/
static int
@@ -2986,19 +3031,8 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init)
{
case STATE0:
case STATE20:
-
- STATE = STATE20;
-
- ret = _gnutls_handshake_io_write_flush (session);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- case STATE21:
- ret = _gnutls_send_change_cipher_spec (session, AGAIN (STATE21));
- STATE = STATE21;
+ ret = send_change_cipher_spec (session, AGAIN (STATE20));
+ STATE = STATE0;
if (ret < 0)
{
@@ -3025,10 +3059,10 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init)
return ret;
}
- case STATE22:
+ case STATE21:
/* send the finished message */
- ret = _gnutls_send_finished (session, AGAIN (STATE22));
- STATE = STATE22;
+ ret = _gnutls_send_finished (session, AGAIN (STATE21));
+ STATE = STATE21;
if (ret < 0)
{
ERR ("send Finished", ret);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 7cd9a32689..20d74222fe 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -57,11 +57,6 @@ typedef struct
unsigned char i[8];
} uint64;
-typedef struct
-{
- unsigned char i[6];
-} uint48;
-
#include <gnutls/gnutls.h>
/*
@@ -151,12 +146,12 @@ typedef enum transport_t
} transport_t;
/* the maximum size of encrypted packets */
-#define IS_DTLS (session->internals.transport == GNUTLS_DGRAM)
+#define IS_DTLS(session) (session->internals.transport == GNUTLS_DGRAM)
#define DEFAULT_MAX_RECORD_SIZE 16384
#define TLS_RECORD_HEADER_SIZE 5
#define DTLS_RECORD_HEADER_SIZE (TLS_RECORD_HEADER_SIZE+8)
-#define RECORD_HEADER_SIZE (IS_DTLS ? DTLS_RECORD_HEADER_SIZE : TLS_RECORD_HEADER_SIZE)
+#define RECORD_HEADER_SIZE(session) (IS_DTLS(session) ? DTLS_RECORD_HEADER_SIZE : TLS_RECORD_HEADER_SIZE)
#define MAX_RECORD_HEADER_SIZE DTLS_RECORD_HEADER_SIZE
#define MAX_RECORD_SEND_SIZE (size_t)session->security_parameters.max_record_send_size
@@ -164,11 +159,11 @@ typedef enum transport_t
#define MAX_PAD_SIZE 255
#define EXTRA_COMP_SIZE 2048
#define MAX_RECORD_OVERHEAD (MAX_CIPHER_BLOCK_SIZE/*iv*/+MAX_PAD_SIZE+EXTRA_COMP_SIZE)
-#define MAX_RECV_SIZE (MAX_RECORD_OVERHEAD+MAX_RECORD_RECV_SIZE+RECORD_HEADER_SIZE)
+#define MAX_RECV_SIZE(session) (MAX_RECORD_OVERHEAD+MAX_RECORD_RECV_SIZE+RECORD_HEADER_SIZE(session))
#define TLS_HANDSHAKE_HEADER_SIZE 4
#define DTLS_HANDSHAKE_HEADER_SIZE (TLS_HANDSHAKE_HEADER_SIZE+8)
-#define HANDSHAKE_HEADER_SIZE (IS_DTLS ? DTLS_HANDSHAKE_HEADER_SIZE : TLS_HANDSHAKE_HEADER_SIZE)
+#define HANDSHAKE_HEADER_SIZE(session) (IS_DTLS(session) ? DTLS_HANDSHAKE_HEADER_SIZE : TLS_HANDSHAKE_HEADER_SIZE)
#define MAX_HANDSHAKE_HEADER_SIZE DTLS_HANDSHAKE_HEADER_SIZE
/* This is the maximum handshake message size we send without
@@ -208,10 +203,6 @@ typedef struct
#include <gnutls_mpi.h>
-typedef enum change_cipher_spec_t
-{ GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1
-} change_cipher_spec_t;
-
typedef enum handshake_state_t
{ STATE0 = 0, STATE1, STATE2,
STATE3, STATE4, STATE5,
@@ -273,6 +264,9 @@ typedef struct mbuffer_st
size_t mark;
unsigned int user_mark; /* only used during fill in */
size_t maximum_size;
+
+ gnutls_handshake_description_t htype;
+ content_type_t type;
} mbuffer_st;
typedef struct mbuffer_head_st
@@ -651,7 +645,6 @@ typedef struct
* protocol only. freed using _gnutls_handshake_io_buffer_clear();
*/
mbuffer_head_st handshake_send_buffer;
- gnutls_handshake_description_t handshake_send_buffer_htype;
content_type_t handshake_recv_buffer_type;
gnutls_handshake_description_t handshake_recv_buffer_htype;
gnutls_buffer_st handshake_recv_buffer;
diff --git a/lib/gnutls_mbuffers.h b/lib/gnutls_mbuffers.h
index 6b3f424859..571e46729e 100644
--- a/lib/gnutls_mbuffers.h
+++ b/lib/gnutls_mbuffers.h
@@ -95,13 +95,13 @@ _mbuffer_set_uhead_size (mbuffer_st * bufel, size_t size)
inline static mbuffer_st *
_gnutls_handshake_alloc (gnutls_session_t session, size_t size, size_t maximum)
{
- mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE + size,
- HANDSHAKE_HEADER_SIZE + maximum);
+ mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE(session) + size,
+ HANDSHAKE_HEADER_SIZE(session) + maximum);
if (!ret)
return NULL;
- _mbuffer_set_uhead_size (ret, HANDSHAKE_HEADER_SIZE);
+ _mbuffer_set_uhead_size (ret, HANDSHAKE_HEADER_SIZE(session));
return ret;
}
diff --git a/lib/gnutls_num.c b/lib/gnutls_num.c
index 786cf4d007..2528447564 100644
--- a/lib/gnutls_num.c
+++ b/lib/gnutls_num.c
@@ -67,27 +67,17 @@ _gnutls_uint64pp (uint64 * x)
* has been reached.
*/
int
-_gnutls_uint48pp (uint48 * x)
+_gnutls_uint48pp (uint64 * x)
{
- register int i, y = 0;
-
- for (i = 5; i >= 0; i--)
- {
- y = 0;
- if (x->i[i] == 0xff)
- {
- x->i[i] = 0;
- y = 1;
- }
- else
- x->i[i]++;
-
- if (y == 0)
- break;
- }
- if (y != 0)
- return -1; /* over 48 bits! meh... */
-
+ int ret;
+
+ ret = _gnutls_uint64pp(x);
+ if (ret != 0)
+ return ret;
+
+ if (x->i[6] != 0)
+ return -1;
+
return 0;
}
@@ -114,20 +104,6 @@ _gnutls_uint32touint24 (uint32_t num)
}
-uint64_t
-_gnutls_uint48touint64 (uint48 num)
-{
- uint64_t ret=0;
-
- ((uint8_t *) & ret)[2] = num.i[0];
- ((uint8_t *) & ret)[3] = num.i[1];
- ((uint8_t *) & ret)[4] = num.i[2];
- ((uint8_t *) & ret)[5] = num.i[3];
- ((uint8_t *) & ret)[6] = num.i[4];
- ((uint8_t *) & ret)[7] = num.i[5];
- return ret;
-}
-
/* data should be at least 3 bytes */
uint32_t
_gnutls_read_uint24 (const opaque * data)
@@ -237,18 +213,3 @@ _gnutls_uint64touint32 (const uint64 * num)
return ret;
}
-uint64_t
-_gnutls_read_uint48 (const opaque * data)
-{
- uint64_t ret;
- uint48 num;
-
- memcpy(num.i, data, 6);
-
- ret = _gnutls_uint48touint64 (num);
-#ifndef WORDS_BIGENDIAN
- ret = bswap_64 (ret);
-#endif
-
- return ret;
-}
diff --git a/lib/gnutls_num.h b/lib/gnutls_num.h
index 8e8aaea977..456e34e588 100644
--- a/lib/gnutls_num.h
+++ b/lib/gnutls_num.h
@@ -32,7 +32,6 @@
uint32_t _gnutls_uint24touint32 (uint24 num);
uint24 _gnutls_uint32touint24 (uint32_t num);
-uint64_t _gnutls_uint48touint64 (uint48 num);
uint64_t _gnutls_read_uint48 (const opaque * data);
uint32_t _gnutls_read_uint32 (const opaque * data);
uint16_t _gnutls_read_uint16 (const opaque * data);
@@ -45,8 +44,8 @@ void _gnutls_write_uint16 (uint16_t num, opaque * data);
uint32_t _gnutls_uint64touint32 (const uint64 *);
int _gnutls_uint64pp (uint64 *);
-int _gnutls_uint48pp (uint48 *);
-# define _gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0
+int _gnutls_uint48pp (uint64 *);
+
# define UINT64DATA(x) ((x).i)
#endif /* GNUTLS_NUM_H */
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index a543b230c7..d1ba96a1b1 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
- * 2009, 2010 Free Software Foundation, Inc.
+ * 2009, 2010, 2011 Free Software Foundation, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
@@ -327,7 +327,7 @@ sequence_increment (gnutls_session_t session,
{
if (_gnutls_is_dtls(session))
{
- return _gnutls_uint48pp((uint48*)&value->i[2]);
+ return _gnutls_uint48pp(value);
}
else
{
@@ -422,7 +422,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type,
*/
copy_record_version (session, htype, &headers[1]);
- header_size = RECORD_HEADER_SIZE;
+ header_size = RECORD_HEADER_SIZE(session);
/* Adjust header length and add sequence for DTLS */
sequence_write(&record_state->sequence_number, &headers[3]);
@@ -465,9 +465,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type,
cipher_size =
_gnutls_encrypt (session, headers, header_size, data,
data2send_size, _mbuffer_get_udata_ptr (bufel),
- cipher_size, type,
- (session->internals.priorities.no_padding ==
- 0) ? 1 : 0, record_params);
+ cipher_size, type, record_params);
if (cipher_size <= 0)
{
gnutls_assert ();
@@ -528,25 +526,6 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type,
return retval;
}
-/* This function is to be called if the handshake was successfully
- * completed. This sends a Change Cipher Spec packet to the peer.
- */
-ssize_t
-_gnutls_send_change_cipher_spec (gnutls_session_t session, int again)
-{
- static const opaque data[1] = { GNUTLS_TYPE_CHANGE_CIPHER_SPEC };
-
- _gnutls_handshake_log ("REC[%p]: Sent ChangeCipherSpec\n", session);
-
- if (again == 0)
- return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1,
- EPOCH_WRITE_CURRENT, data, 1, MBUFFER_FLUSH);
- else
- {
- return _gnutls_io_write_flush (session);
- }
-}
-
inline static int
check_recv_type (content_type_t recv_type)
{
@@ -685,7 +664,7 @@ record_check_version (gnutls_session_t session,
{
/* Reject hello packets with major version higher than 3.
*/
- if (version[0] > 3)
+ if (!(IS_DTLS(session)) && version[0] > 3)
{
gnutls_assert ();
_gnutls_record_log
@@ -968,7 +947,7 @@ begin:
/* default headers for TLS 1.0
*/
- header_size = RECORD_HEADER_SIZE;
+ header_size = RECORD_HEADER_SIZE(session);
if ((ret =
_gnutls_io_read_buffered (session, header_size, -1)) != header_size)
@@ -1047,7 +1026,7 @@ begin:
_gnutls_uint64touint32 (&record_state->sequence_number),
_gnutls_packet2str (recv_type), recv_type, length);
- if (length > MAX_RECV_SIZE)
+ if (length > MAX_RECV_SIZE(session))
{
_gnutls_record_log
("REC[%p]: FATAL ERROR: Received packet with length: %d\n",
@@ -1094,8 +1073,10 @@ begin:
return ret;
}
- decrypt_sequence =
- _gnutls_is_dtls(session) ? &dtls_sequence : &record_state->sequence_number;
+ if (IS_DTLS(session))
+ decrypt_sequence = &dtls_sequence;
+ else
+ decrypt_sequence = &record_state->sequence_number;
/* decrypt the data we got.
*/
diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h
index 32773143fc..b24b390c50 100644
--- a/lib/gnutls_record.h
+++ b/lib/gnutls_record.h
@@ -36,6 +36,5 @@ ssize_t _gnutls_send_int (gnutls_session_t session, content_type_t type,
ssize_t _gnutls_recv_int (gnutls_session_t session, content_type_t type,
gnutls_handshake_description_t, opaque * data,
size_t sizeofdata);
-ssize_t _gnutls_send_change_cipher_spec (gnutls_session_t session, int again);
#endif
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index afdbb02009..d1f074295f 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -77,7 +77,11 @@ gnutls_cipher_algorithm_t
gnutls_cipher_get (gnutls_session_t session)
{
record_parameters_st *record_params;
- _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+ int ret;
+
+ ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_CIPHER_NULL);
return record_params->cipher_algorithm;
}
@@ -126,7 +130,11 @@ gnutls_mac_algorithm_t
gnutls_mac_get (gnutls_session_t session)
{
record_parameters_st *record_params;
- _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+ int ret;
+
+ ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_MAC_NULL);
return record_params->mac_algorithm;
}
@@ -144,7 +152,11 @@ gnutls_compression_method_t
gnutls_compression_get (gnutls_session_t session)
{
record_parameters_st *record_params;
- _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+ int ret;
+
+ ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ return gnutls_assert_val(GNUTLS_COMP_NULL);
return record_params->compression_algorithm;
}
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 581acf3edd..7518c2414c 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -385,6 +385,7 @@ extern "C"
/**
* gnutls_handshake_description_t:
* @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
+ * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
* @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
* @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
* @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
@@ -396,6 +397,7 @@ extern "C"
* @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
* @GNUTLS_HANDSHAKE_FINISHED: Finished.
* @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
+ * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec
*
* Enumeration of different TLS handshake packets.
*/
@@ -413,7 +415,8 @@ extern "C"
GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
GNUTLS_HANDSHAKE_FINISHED = 20,
- GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23
+ GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23,
+ GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254
} gnutls_handshake_description_t;
/**
@@ -1738,6 +1741,8 @@ extern "C"
#define GNUTLS_E_CRYPTO_INIT_FAILED -318
+#define GNUTLS_E_TIMEDOUT -319
+
#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
diff --git a/lib/system.c b/lib/system.c
index f3bed5f7b7..d89c283709 100644
--- a/lib/system.c
+++ b/lib/system.c
@@ -105,6 +105,22 @@ system_read_peek (gnutls_transport_ptr ptr, void *data, size_t data_size)
return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, MSG_PEEK);
}
+/* Wait for data to be received within a timeout period in milliseconds
+ */
+int system_recv_timeout(gnutls_transport_ptr ptr, size_t ms)
+{
+fd_set rfds;
+struct timeval tv;
+
+ FD_ZERO(&rfds);
+ FD_SET(GNUTLS_POINTER_TO_INT(ptr), &rfds);
+
+ tv.tv_sec = 0;
+ tv.tv_usec = ms * 1000;
+
+ return select(GNUTLS_POINTER_TO_INT(ptr)+1, &rfds, NULL, NULL, &tv);
+}
+
/* Thread stuff */
#ifdef HAVE_WIN32_LOCKS
diff --git a/lib/system.h b/lib/system.h
index 860bca80f9..6ec4e83204 100644
--- a/lib/system.h
+++ b/lib/system.h
@@ -8,6 +8,7 @@
#endif
int system_errno (gnutls_transport_ptr);
+int system_recv_timeout(gnutls_transport_ptr ptr, size_t ms);
#ifdef _WIN32
ssize_t system_write (gnutls_transport_ptr ptr, const void *data,
diff --git a/src/cli-gaa.c b/src/cli-gaa.c
index aab764e025..fd9e0e455a 100644
--- a/src/cli-gaa.c
+++ b/src/cli-gaa.c
@@ -132,7 +132,7 @@ void gaa_help(void)
__gaa_helpsingle('e', "rehandshake", "", "Connect, establish a session and rehandshake immediately.");
__gaa_helpsingle(0, "noticket", "", "Doesn't accept session tickets.");
__gaa_helpsingle('s', "starttls", "", "Connect, establish a plain session and start TLS when EOF or a SIGALRM is received.");
- __gaa_helpsingle('u', "dtls", "", "Use DTLS (datagram TLS).");
+ __gaa_helpsingle('u', "udp", "", "Use DTLS (datagram TLS).");
__gaa_helpsingle(0, "crlf", "", "Send CR LF instead of LF.");
__gaa_helpsingle(0, "x509fmtder", "", "Use DER format for certificates to read from.");
__gaa_helpsingle('f', "fingerprint", "", "Send the openpgp fingerprint, instead of the key.");
@@ -219,7 +219,7 @@ struct _gaainfo
#line 32 "cli.gaa"
int crlf;
#line 29 "cli.gaa"
- int dtls;
+ int udp;
#line 26 "cli.gaa"
int starttls;
#line 23 "cli.gaa"
@@ -310,7 +310,7 @@ static int gaa_error = 0;
#define GAAOPTID_fingerprint 23
#define GAAOPTID_x509fmtder 24
#define GAAOPTID_crlf 25
-#define GAAOPTID_dtls 26
+#define GAAOPTID_udp 26
#define GAAOPTID_starttls 27
#define GAAOPTID_noticket 28
#define GAAOPTID_rehandshake 29
@@ -662,7 +662,7 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECK1STR("f", GAAOPTID_fingerprint);
GAA_CHECK1STR("", GAAOPTID_x509fmtder);
GAA_CHECK1STR("", GAAOPTID_crlf);
- GAA_CHECK1STR("u", GAAOPTID_dtls);
+ GAA_CHECK1STR("u", GAAOPTID_udp);
GAA_CHECK1STR("s", GAAOPTID_starttls);
GAA_CHECK1STR("", GAAOPTID_noticket);
GAA_CHECK1STR("e", GAAOPTID_rehandshake);
@@ -696,7 +696,7 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("fingerprint", GAAOPTID_fingerprint);
GAA_CHECKSTR("x509fmtder", GAAOPTID_x509fmtder);
GAA_CHECKSTR("crlf", GAAOPTID_crlf);
- GAA_CHECKSTR("dtls", GAAOPTID_dtls);
+ GAA_CHECKSTR("udp", GAAOPTID_udp);
GAA_CHECKSTR("starttls", GAAOPTID_starttls);
GAA_CHECKSTR("noticket", GAAOPTID_noticket);
GAA_CHECKSTR("rehandshake", GAAOPTID_rehandshake);
@@ -970,10 +970,10 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
return GAA_OK;
break;
- case GAAOPTID_dtls:
+ case GAAOPTID_udp:
OK = 0;
#line 30 "cli.gaa"
-{ gaaval->dtls = 1 ;};
+{ gaaval->udp = 1 ;};
return GAA_OK;
break;
@@ -1057,7 +1057,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
gaaval->srp_username=NULL; gaaval->srp_passwd=NULL; gaaval->fmtder = 0; gaaval->starttls =0;
gaaval->debug = 0; gaaval->print_cert = 0; gaaval->verbose = 0; gaaval->psk_key = NULL;
gaaval->psk_username = NULL; gaaval->priorities = NULL;
- gaaval->pgp_subkey = NULL; gaaval->rehandshake = 0; gaaval->dtls = 0; ;};
+ gaaval->pgp_subkey = NULL; gaaval->rehandshake = 0; gaaval->udp = 0; ;};
}
inited = 1;
diff --git a/src/cli-gaa.h b/src/cli-gaa.h
index 07f409b505..aba523ef3c 100644
--- a/src/cli-gaa.h
+++ b/src/cli-gaa.h
@@ -55,7 +55,7 @@ struct _gaainfo
#line 32 "cli.gaa"
int crlf;
#line 29 "cli.gaa"
- int dtls;
+ int udp;
#line 26 "cli.gaa"
int starttls;
#line 23 "cli.gaa"
diff --git a/src/cli.c b/src/cli.c
index 762146c94c..6f8339be98 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -53,7 +53,7 @@
#define MAX_BUF 4096
/* global stuff here */
-int resume, starttls, insecure, rehandshake, dtls;
+int resume, starttls, insecure, rehandshake, udp;
const char *hostname = NULL;
char *service;
int record_max_size;
@@ -551,7 +551,7 @@ init_tls_session (const char *hostname)
gnutls_session_t session;
- if (dtls)
+ if (udp)
gnutls_init_dtls (&session, GNUTLS_CLIENT, 0);
else
gnutls_init (&session, GNUTLS_CLIENT);
@@ -977,7 +977,7 @@ gaa_parser (int argc, char **argv)
resume = info.resume;
rehandshake = info.rehandshake;
insecure = info.insecure;
- dtls = info.dtls;
+ udp = info.udp;
service = info.port;
record_max_size = info.record_size;
fingerprint = info.fingerprint;
@@ -1396,7 +1396,7 @@ socket_open (socket_st * hd, const char *hostname, const char *service)
printf ("Resolving '%s'...\n", hostname);
/* get server name */
memset (&hints, 0, sizeof (hints));
- hints.ai_socktype = dtls ? SOCK_DGRAM : SOCK_STREAM;
+ hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
if ((err = getaddrinfo (hostname, service, &hints, &res)))
{
fprintf (stderr, "Cannot resolve %s:%s: %s\n", hostname, service,
diff --git a/src/cli.gaa b/src/cli.gaa
index c7de0957a4..9b3aa786ba 100644
--- a/src/cli.gaa
+++ b/src/cli.gaa
@@ -26,8 +26,8 @@ option (noticket) { $noticket = 1 } "Doesn't accept session tickets."
#int starttls;
option (s, starttls) { $starttls = 1 } "Connect, establish a plain session and start TLS when EOF or a SIGALRM is received."
-#int dtls;
-option (u, dtls) { $dtls = 1 } "Use DTLS (datagram TLS)."
+#int udp;
+option (u, udp) { $udp = 1 } "Use DTLS (datagram TLS)."
#int crlf;
option (crlf) { $crlf = 1 } "Send CR LF instead of LF."
@@ -111,4 +111,4 @@ init { $resume=0; $noticket=0; $port="443"; $rest_args=NULL;
$srp_username=NULL; $srp_passwd=NULL; $fmtder = 0; $starttls =0;
$debug = 0; $print_cert = 0; $verbose = 0; $psk_key = NULL;
$psk_username = NULL; $priorities = NULL;
- $pgp_subkey = NULL; $rehandshake = 0; $dtls = 0; }
+ $pgp_subkey = NULL; $rehandshake = 0; $udp = 0; }
View Lorry Controller Status