]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Several updates for DTLS (client side only) to work.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 18 Feb 2011 22:59:36 +0000 (23:59 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 18 Feb 2011 22:59:36 +0000 (23:59 +0100)
25 files changed:
lib/auth_cert.c
lib/debug.c
lib/gnutls_algorithms.c
lib/gnutls_buffers.c
lib/gnutls_buffers.h
lib/gnutls_cipher.c
lib/gnutls_cipher.h
lib/gnutls_dtls.c
lib/gnutls_dtls.h
lib/gnutls_errors.h
lib/gnutls_handshake.c
lib/gnutls_int.h
lib/gnutls_mbuffers.h
lib/gnutls_num.c
lib/gnutls_num.h
lib/gnutls_record.c
lib/gnutls_record.h
lib/gnutls_state.c
lib/includes/gnutls/gnutls.h.in
lib/system.c
lib/system.h
src/cli-gaa.c
src/cli-gaa.h
src/cli.c
src/cli.gaa

index 60bb9892641b27816645a803ba34dec91ff3789d..9f644b18d8055c0eb14979bfff16e63fde2bc6a9 100644 (file)
@@ -2064,7 +2064,6 @@ _gnutls_server_select_cert (gnutls_session_t session,
 
   idx = -1;                     /* default is use no certificate */
 
-
   _gnutls_handshake_log("HSK[%p]: Requested PK algorithm: %s (%d) -- ctype: %s (%d)\n", session, 
     gnutls_pk_get_name(requested_algo), requested_algo, 
     gnutls_certificate_type_get_name(session->security_parameters.cert_type), session->security_parameters.cert_type);
@@ -2077,6 +2076,7 @@ _gnutls_server_select_cert (gnutls_session_t session,
         gnutls_pk_get_name(cred->cert_list[i][0].subject_pk_algorithm), cred->cert_list[i][0].subject_pk_algorithm,
         gnutls_certificate_type_get_name(cred->cert_list[i][0].cert_type), cred->cert_list[i][0].cert_type,
         gnutls_sign_get_name(cred->cert_list[i][0].sign_algo), cred->cert_list[i][0].sign_algo);
+
       if (requested_algo == GNUTLS_PK_ANY ||
           requested_algo == cred->cert_list[i][0].subject_pk_algorithm)
         {
index c9b367d0352d3186adb5097565aa05cce92a7a15..92b70d95156d9e392a0b37b052aeda0110c6b165 100644 (file)
@@ -111,6 +111,9 @@ _gnutls_handshake2str (gnutls_handshake_description_t handshake)
     case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
       return "NEW SESSION TICKET";
       break;
+    case GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC:
+      return "CHANGE CIPHER SPEC";
+      break;
     default:
       return "Unknown Handshake packet";
 
index ed0d610ddf66ccd31aad4073e9e9e42ae5eab6ed..84fb1184d5a26075ed38deb96c972b1575c8310b 100644 (file)
@@ -1398,6 +1398,7 @@ _gnutls_version_has_selectable_prf (gnutls_protocol_t version)
 {
   switch (version)
     {
+    case GNUTLS_DTLS1_0:
     case GNUTLS_TLS1_1:
     case GNUTLS_TLS1_0:
     case GNUTLS_SSL3:
@@ -1489,6 +1490,9 @@ _gnutls_map_kx_get_kx (gnutls_credentials_type_t type, int server)
   return ret;
 }
 
+/* Returns the credentials type required for this
+ * Key exchange method.
+ */
 gnutls_credentials_type_t
 _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm, int server)
 {
@@ -1525,7 +1529,7 @@ _gnutls_cipher_suite_is_version_supported (gnutls_session_t session, const ciphe
   
   GNUTLS_CIPHER_SUITE_ALG_LOOP (if (version >= p->min_version
                                  && version <= p->max_version) ret = 1;
-                                 if (IS_DTLS && p->dtls==0) ret = 0;);
+                                 if (IS_DTLS(session) && p->dtls==0) ret = 0;);
   return ret;
 }
 
index 9e078455c98599b86d3404e4e7b8f7c07f46434d..a57784f63320b300a0d6700adcb49f0991e5604f 100644 (file)
@@ -272,8 +272,8 @@ static ssize_t
 _gnutls_dgram_read (gnutls_session_t session, mbuffer_st **bufel,
                    gnutls_pull_func pull_func)
 {
-  ssize_t i;
-  char *ptr = alloca (MAX_RECV_SIZE);
+  ssize_t i, ret;
+  char *ptr;
   gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
 
   if (!bufel)
@@ -282,11 +282,15 @@ _gnutls_dgram_read (gnutls_session_t session, mbuffer_st **bufel,
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
+  ptr = gnutls_malloc(MAX_RECV_SIZE(session));
+  if (ptr == NULL)
+    return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
   session->internals.direction = 0;
 
   reset_errno (session);
 
-  i = pull_func (fd, ptr, MAX_RECV_SIZE);
+  i = pull_func (fd, ptr, MAX_RECV_SIZE(session));
 
   if (i < 0)
     {
@@ -296,13 +300,20 @@ _gnutls_dgram_read (gnutls_session_t session, mbuffer_st **bufel,
                        (int) i, fd, errno, session->internals.errnum);
 
       if (err == EAGAIN)
-       return GNUTLS_E_AGAIN;
+        {
+         ret = GNUTLS_E_AGAIN;
+         goto cleanup;
+        }
       else if (err == EINTR)
-       return GNUTLS_E_INTERRUPTED;
+        {
+         ret = GNUTLS_E_INTERRUPTED;
+         goto cleanup;
+        }
       else
        {
          gnutls_assert ();
-         return GNUTLS_E_PULL_ERROR;
+         ret = GNUTLS_E_PULL_ERROR;
+         goto cleanup;
        }
     }
   else
@@ -312,23 +323,28 @@ _gnutls_dgram_read (gnutls_session_t session, mbuffer_st **bufel,
        /* If we get here, we likely have a stream socket.
         * FIXME: this probably breaks DCCP. */
        gnutls_assert ();
-       return GNUTLS_E_INTERNAL_ERROR;
+       ret = GNUTLS_E_INTERNAL_ERROR;
+       goto cleanup;
       }
 
       *bufel = _mbuffer_alloc (0, i);
       if (!*bufel)
        {
          gnutls_assert ();
-         return GNUTLS_E_MEMORY_ERROR;
+         ret = GNUTLS_E_MEMORY_ERROR;
+         goto cleanup;
        }
 
       _mbuffer_append_data (*bufel, ptr, i);
     }
 
-  if (_gnutls_log_level >= 7)
-    _gnutls_read_log ("READ: read %d bytes from %p\n", (int) i, fd);
-
-  return i;
+  _gnutls_read_log ("READ: read %d bytes from %p\n", (int) i, fd);
+  
+  ret = i;
+  
+cleanup:
+  gnutls_free(ptr);
+  return ret;
 }
 
 static ssize_t
@@ -406,13 +422,9 @@ _gnutls_stream_read (gnutls_session_t session, mbuffer_st **bufel,
 
 finish:
 
-  if (_gnutls_log_level >= 7)
-    {
-      _gnutls_read_log ("READ: read %d bytes from %p\n",
+  _gnutls_read_log ("READ: read %d bytes from %p\n",
                         (int) (size - left), fd);
 
-    }
-
   return (size - left);
 }
 
@@ -550,7 +562,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
   mbuffer_st *bufel = NULL;
   size_t recvlowat, recvdata, readsize;
 
-  if (total > MAX_RECV_SIZE || total == 0)
+  if (total > MAX_RECV_SIZE(session) || total == 0)
     {
       gnutls_assert ();         /* internal error */
       return GNUTLS_E_INVALID_REQUEST;
@@ -611,7 +623,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total,
    * receive are longer than the maximum receive buffer size.
    */
   if ((session->internals.record_recv_buffer.byte_length + recvdata) >
-      MAX_RECV_SIZE)
+      MAX_RECV_SIZE(session))
     {
       gnutls_assert ();         /* internal error */
       return GNUTLS_E_INVALID_REQUEST;
@@ -824,6 +836,29 @@ _gnutls_io_write_flush (gnutls_session_t session)
   return sent;
 }
 
+#include "debug.h"
+/* Checks whether there are received data within
+ * a timeframe.
+ *
+ * Returns 0 if data were received, GNUTLS_E_TIMEDOUT
+ * on timeout and a negative value on error.
+ */
+int
+_gnutls_io_check_recv (gnutls_session_t session, int ms)
+{
+  gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
+  int ret;
+  
+  
+  ret = system_recv_timeout(fd, ms);
+  if (ret == -1)
+    return gnutls_assert_val(GNUTLS_E_PULL_ERROR);
+  
+  if (ret > 0)
+    return 0;
+  else return GNUTLS_E_TIMEDOUT;
+}
+
 /* This function writes the data that are left in the
  * Handshake write buffer (ie. because the previous write was
  * interrupted.
@@ -842,17 +877,17 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session)
   _gnutls_write_log ("HWRITE FLUSH: %d bytes in buffer.\n",
                      (int) send_buffer->byte_length);
 
-  if (IS_DTLS)
+  if (IS_DTLS(session))
     return _gnutls_dtls_transmit(session);
 
 
   for (cur = _mbuffer_get_first (send_buffer, &msg);
        cur != NULL; cur = _mbuffer_get_first (send_buffer, &msg))
     {
-      ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE,
-                              session->internals.handshake_send_buffer_htype,
+      ret = _gnutls_send_int (session, cur->type,
+                              cur->htype,
                               EPOCH_WRITE_CURRENT,
-                              msg.data, msg.size, 0 /* do not flush */ );
+                              msg.data, msg.size, 0);
 
       if (ret >= 0)
         {
@@ -889,14 +924,19 @@ _gnutls_handshake_io_cache_int (gnutls_session_t session,
 {
   mbuffer_head_st * send_buffer;
   
-  if (IS_DTLS)
+  if (IS_DTLS(session))
     return _gnutls_dtls_handshake_enqueue(session, bufel, htype, session->internals.dtls.hsk_write_seq-1);
   
   send_buffer =
     &session->internals.handshake_send_buffer;
 
+  bufel->htype = htype;
+  if (bufel->htype == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC)
+    bufel->type = GNUTLS_CHANGE_CIPHER_SPEC;
+  else
+    bufel->type = GNUTLS_HANDSHAKE;
+
   _mbuffer_enqueue (send_buffer, bufel);
-  session->internals.handshake_send_buffer_htype = htype;
 
   _gnutls_write_log
     ("HWRITE: enqueued %d. Total %d bytes.\n",
index 3546fc6e58ef5e2b052d6abb333e3eb4ec9358e1..8028f734ef01cb59a8043d8ad81d97eccfda9a6b 100644 (file)
@@ -60,6 +60,7 @@ int _gnutls_handshake_io_cache_int (gnutls_session_t,
                                      gnutls_handshake_description_t,
                                      mbuffer_st * bufel);
 ssize_t _gnutls_io_write_flush (gnutls_session_t session);
+int _gnutls_io_check_recv (gnutls_session_t session, int ms);
 ssize_t _gnutls_handshake_io_write_flush (gnutls_session_t session);
 
 #endif
index eeee430934d8991c07f2a1e337c2c253288129f6..0f569c3162ea4e4909f66aecae2cb3db4760e7e0 100644 (file)
@@ -46,7 +46,7 @@
 static int _gnutls_compressed2ciphertext (gnutls_session_t session,
                                    opaque * cipher_data, int cipher_size,
                                    gnutls_datum_t compressed,
-                                   content_type_t _type, int random_pad,
+                                   content_type_t _type, 
                                    record_parameters_st * params);
 static int _gnutls_ciphertext2compressed (gnutls_session_t session,
                                    opaque * compress_data,
@@ -82,7 +82,7 @@ int
 _gnutls_encrypt (gnutls_session_t session, const opaque * headers,
                  size_t headers_size, const opaque * data,
                  size_t data_size, opaque * ciphertext,
-                 size_t ciphertext_size, content_type_t type, int random_pad,
+                 size_t ciphertext_size, content_type_t type, 
                  record_parameters_st * params)
 {
   gnutls_datum_t plain;
@@ -115,7 +115,7 @@ _gnutls_encrypt (gnutls_session_t session, const opaque * headers,
 
   ret = _gnutls_compressed2ciphertext (session, &ciphertext[headers_size],
                                        ciphertext_size - headers_size,
-                                       comp, type, random_pad, params);
+                                       comp, type, params);
 
   if (free_comp)
     _gnutls_free_datum (&comp);
@@ -310,7 +310,7 @@ static int
 _gnutls_compressed2ciphertext (gnutls_session_t session,
                                opaque * cipher_data, int cipher_size,
                                gnutls_datum_t compressed,
-                               content_type_t type, int random_pad,
+                               content_type_t type, 
                                record_parameters_st * params)
 {
   uint8_t * tag_ptr = NULL;
@@ -326,8 +326,11 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
   int ver = gnutls_protocol_get_version (session);
   int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version);
   int auth_cipher = _gnutls_auth_cipher_is_aead(&params->write.cipher_state);
+  int random_pad = (session->internals.priorities.no_padding == 0) ? 1 : 0;
   
-
+  _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
+    session, gnutls_cipher_get_name(params->cipher_algorithm), gnutls_mac_get_name(params->mac_algorithm),
+    (unsigned int)params->epoch);
   preamble_size =
     make_preamble (UINT64DATA
                    (params->write.sequence_number),
@@ -572,8 +575,7 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
        * MAC.
        */
       preamble_size =
-        make_preamble (UINT64DATA
-                       (params->read.sequence_number), type,
+        make_preamble (UINT64DATA(*sequence), type,
                        length, ver, preamble);
       _gnutls_auth_cipher_add_auth (&params->read.cipher_state, preamble, preamble_size);
       _gnutls_auth_cipher_add_auth (&params->read.cipher_state, ciphertext.data, length);
index 19667de4bb11e719d04c797f023abb5b6bde9dd6..0af1935266a44a9a5c24d6314cfb48963b4954ca 100644 (file)
@@ -27,7 +27,7 @@ int _gnutls_encrypt (gnutls_session_t session, const opaque * headers,
                      size_t headers_size, const opaque * data,
                      size_t data_size, opaque * ciphertext,
                      size_t ciphertext_size, content_type_t type,
-                     int random_pad, record_parameters_st * params);
+                     record_parameters_st * params);
 
 int _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
                      size_t ciphertext_size, uint8_t * data, size_t data_size,
index 20d238e4f2d9c909350cd4d314948bd53f887860..b01f92a64e66c2615369d571ee04e3b179e10f47 100644 (file)
@@ -31,6 +31,8 @@
 #include "gnutls_dtls.h"
 #include "gnutls_record.h"
 #include <gnutls_mbuffers.h>
+#include <gnutls_buffers.h>
+#include <gnutls_constate.h>
 
 /* This function is called once a handshake message is ready to be
  * queued in the next outgoing flight. The actual transmission occurs
@@ -45,6 +47,12 @@ _gnutls_dtls_handshake_enqueue (gnutls_session_t session,
                                uint16_t sequence)
 {
   dtls_hsk_retransmit_buffer *msg;
+  record_parameters_st * params;
+  int ret;
+
+  ret = _gnutls_epoch_get( session, EPOCH_WRITE_CURRENT, &params);
+  if (ret < 0)
+    return gnutls_assert_val(ret);
 
   msg = gnutls_malloc (sizeof(dtls_hsk_retransmit_buffer));
   if (msg == NULL)
@@ -56,8 +64,8 @@ _gnutls_dtls_handshake_enqueue (gnutls_session_t session,
   msg->bufel = bufel;
 
   msg->next = NULL;
-  /* FIXME: dummy epoch */
-  msg->epoch = 0;
+
+  msg->epoch = params->epoch;
   msg->type = type;
   msg->sequence = sequence;
 
@@ -82,6 +90,14 @@ transmit_message (gnutls_session_t session,
   unsigned int offset, frag_len, data_size;
   const uint mtu = session->internals.dtls.hsk_mtu;
 
+  if (msg->type == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC)
+    {
+      return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1,
+        msg->epoch, 
+        _mbuffer_get_uhead_ptr(msg->bufel), 
+        _mbuffer_get_uhead_size(msg->bufel), 0);
+    }
+
   mtu_data = gnutls_malloc(mtu + DTLS_HANDSHAKE_HEADER_SIZE);
   if (mtu_data == NULL)
     return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
@@ -106,9 +122,9 @@ transmit_message (gnutls_session_t session,
     {
       /* Calculate fragment length */
       if(offset + mtu > data_size)
-       frag_len = data_size - offset;
+        frag_len = data_size - offset;
       else
-       frag_len = mtu;
+        frag_len = mtu;
 
       /* Fragment offset */
       _gnutls_write_uint24 (offset, &mtu_data[6]);
@@ -126,10 +142,11 @@ transmit_message (gnutls_session_t session,
                        msg->type, data_size, offset, frag_len);
 
       /* FIXME: We should collaborate with the record layer to pack as
-        many records possible into a single datagram. We should also
-        tell the record layer which epoch to use for encryption. */
-      ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE, msg->type, EPOCH_WRITE_CURRENT,
-                       mtu_data, DTLS_HANDSHAKE_HEADER_SIZE + frag_len, 0);
+       * many records possible into a single datagram. We should also
+       * tell the record layer which epoch to use for encryption. 
+       */
+      ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE, msg->type, msg->epoch,
+        mtu_data, DTLS_HANDSHAKE_HEADER_SIZE + frag_len, 0);
       if (ret < 0)
         break;
    }
@@ -147,15 +164,26 @@ transmit_message (gnutls_session_t session,
 int
 _gnutls_dtls_transmit (gnutls_session_t session)
 {
+int ret;
+
   /* PREPARING -> SENDING state transition */
   dtls_hsk_retransmit_buffer *msg;
 
+restart:
   _gnutls_dtls_log ("DTLS[%p]: Start of flight transmission.\n", session);
 
   for (msg = session->internals.dtls.retransmit; msg != NULL; msg = msg->next)
     transmit_message (session, msg);
-  _gnutls_io_write_flush (session);
 
+  ret = _gnutls_io_write_flush (session);
+  if (ret < 0)
+    return gnutls_assert_val(ret);
+
+  ret = _gnutls_io_check_recv(session, 100);
+  if (ret == GNUTLS_E_TIMEDOUT)
+    goto restart;
+  else if (ret < 0)
+    return gnutls_assert_val(ret);
 
   _gnutls_dtls_log ("DTLS[%p]: End of flight transmission.\n", session);
 
@@ -187,6 +215,7 @@ _gnutls_dtls_clear_outgoing_buffer (gnutls_session_t session)
   session->internals.dtls.retransmit = NULL;
 }
 
+#if 0
 void
 _gnutls_dtls_split_sequence (const uint64 *input,
                             uint16_t *epoch, uint64_t *sequence)
@@ -196,3 +225,4 @@ _gnutls_dtls_split_sequence (const uint64 *input,
 
 //  fprintf(stderr, "%04x:%012lx\n", *epoch, *sequence);
 }
+#endif
index 4a9aa127ca4efc243f4b20c7dc11c950c0cae64b..80958dd6f25f2ad322c048e9c34c46175542d55b 100644 (file)
@@ -35,6 +35,5 @@ _gnutls_dtls_handshake_enqueue (gnutls_session_t session,
 
 int _gnutls_dtls_transmit(gnutls_session_t session);
 void _gnutls_dtls_clear_outgoing_buffer(gnutls_session_t session);
-void _gnutls_dtls_split_sequence(const uint64 *input, uint16_t *epoch, uint64_t *sequence);
 
 #endif
index 54440423ef5dd414ddfaae53593db27c319186f0..1af2517048d0441622f1bc166f187f7d9c3cdb6d 100644 (file)
@@ -65,7 +65,7 @@ _gnutls_log (int, const char *fmt, ...)
 #define _gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__)
 #define _gnutls_hard_log(...) LEVEL(9, __VA_ARGS__)
 #define _gnutls_record_log(...) LEVEL(4, __VA_ARGS__)
-# define _gnutls_dtls_log(...) LEVEL(6, __VA_ARGS__)
+#define _gnutls_dtls_log(...) LEVEL(6, __VA_ARGS__)
 #define _gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__)
 #define _gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__)
 #define _gnutls_x509_log(...) LEVEL(1, __VA_ARGS__)
@@ -76,7 +76,7 @@ _gnutls_log (int, const char *fmt, ...)
 #define _gnutls_buffers_log _gnutls_null_log
 #define _gnutls_hard_log _gnutls_null_log
 #define _gnutls_record_log _gnutls_null_log
-# define _gnutls_dtls_log _gnutls_null_log
+#define _gnutls_dtls_log _gnutls_null_log
 #define _gnutls_read_log _gnutls_null_log
 #define _gnutls_write_log _gnutls_null_log
 #define _gnutls_x509_log _gnutls_null_log
index 34d30fbed867a658e1bc33caa753448f321d0f35..9889c3bd513002826a6a6da3e9e6945c91e3ea1e 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
- * 2009, 2010 Free Software Foundation, Inc.
+ * 2009, 2010, 2011 Free Software Foundation, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -839,7 +839,7 @@ _gnutls_recv_finished (gnutls_session_t session)
  * RSA algorithms, PK_DSA if DSS, and PK_ANY for both or PK_NONE for none.
  */
 static int
-_gnutls_server_find_pk_algos_in_ciphersuites (const opaque *
+server_find_pk_algos_in_ciphersuites (const opaque *
                                               data, unsigned int datalen)
 {
   unsigned int j;
@@ -910,7 +910,7 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data,
         }
     }
 
-  pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen);
+  pk_algo = server_find_pk_algos_in_ciphersuites (data, datalen);
 
   x = _gnutls_supported_ciphersuites (session, &ciphers);
   if (x < 0)
@@ -1295,7 +1295,7 @@ _gnutls_recv_handshake_header (gnutls_session_t session,
   int ret;
   uint32_t length32 = 0;
   uint8_t *dataptr = NULL;      /* for realloc */
-  size_t handshake_header_size = HANDSHAKE_HEADER_SIZE;
+  size_t handshake_header_size = HANDSHAKE_HEADER_SIZE(session);
 
   /* if we have data into the buffer then return them, do not read the next packet.
    * In order to return we need a full TLS handshake header, or in case of a version 2
@@ -1358,7 +1358,7 @@ _gnutls_recv_handshake_header (gnutls_session_t session,
                                        [session->
                                         internals.handshake_header_buffer.
                                         header_size],
-                                       HANDSHAKE_HEADER_SIZE -
+                                       HANDSHAKE_HEADER_SIZE(session) -
                                        session->
                                        internals.handshake_header_buffer.
                                        header_size);
@@ -1368,7 +1368,7 @@ _gnutls_recv_handshake_header (gnutls_session_t session,
           return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
         }
       if ((size_t) ret !=
-          HANDSHAKE_HEADER_SIZE -
+          HANDSHAKE_HEADER_SIZE(session) -
           session->internals.handshake_header_buffer.header_size)
         {
           gnutls_assert ();
@@ -1380,11 +1380,11 @@ _gnutls_recv_handshake_header (gnutls_session_t session,
        * that the packet has enough data.
        */
       length32 = _gnutls_read_uint24 (&dataptr[1]);
-      handshake_header_size = HANDSHAKE_HEADER_SIZE;
+      handshake_header_size = HANDSHAKE_HEADER_SIZE(session);
 
       _gnutls_handshake_log ("HSK[%p]: %s was received [%ld bytes]\n",
                              session, _gnutls_handshake2str (dataptr[0]),
-                             (long int) (length32 + HANDSHAKE_HEADER_SIZE));
+                             (long int) (length32 + HANDSHAKE_HEADER_SIZE(session)));
 
     }
   else
@@ -2973,6 +2973,51 @@ _gnutls_handshake_client (gnutls_session_t session)
   return 0;
 }
 
+
+
+/* This function is to be called if the handshake was successfully 
+ * completed. This sends a Change Cipher Spec packet to the peer.
+ */
+static ssize_t
+send_change_cipher_spec (gnutls_session_t session, int again)
+{
+  opaque* data;
+  mbuffer_st * bufel;
+  int ret;
+  
+  if (again == 0)
+    {
+      bufel = _gnutls_handshake_alloc (session, 1, 1);
+      if (bufel == NULL)
+        return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+      _mbuffer_set_uhead_size(bufel, 1);
+      _mbuffer_set_udata_size(bufel, 0);
+
+      data = _mbuffer_get_uhead_ptr (bufel);
+      
+      data[0] = 1;
+
+      ret = _gnutls_handshake_io_cache_int (session, GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC, bufel);
+      if (ret < 0)
+        {
+          _mbuffer_xfree(&bufel);
+          return gnutls_assert_val(ret);
+        }
+
+      if (!IS_DTLS(session)) /* remove once combined */
+        {
+          ret = _gnutls_handshake_io_write_flush (session);
+          if (ret < 0)
+            return gnutls_assert_val(ret);
+        }
+
+      _gnutls_handshake_log ("REC[%p]: Sent ChangeCipherSpec\n", session);
+    }
+
+    return 0;
+}
+
 /* This function sends the final handshake packets and initializes connection 
  */
 static int
@@ -2986,19 +3031,8 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init)
     {
     case STATE0:
     case STATE20:
-
-      STATE = STATE20;
-
-      ret = _gnutls_handshake_io_write_flush (session);
-      if (ret < 0)
-        {
-          gnutls_assert ();
-          return ret;
-        }
-
-    case STATE21:
-      ret = _gnutls_send_change_cipher_spec (session, AGAIN (STATE21));
-      STATE = STATE21;
+      ret = send_change_cipher_spec (session, AGAIN (STATE20));
+      STATE = STATE0;
 
       if (ret < 0)
         {
@@ -3025,10 +3059,10 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init)
           return ret;
         }
 
-    case STATE22:
+    case STATE21:
       /* send the finished message */
-      ret = _gnutls_send_finished (session, AGAIN (STATE22));
-      STATE = STATE22;
+      ret = _gnutls_send_finished (session, AGAIN (STATE21));
+      STATE = STATE21;
       if (ret < 0)
         {
           ERR ("send Finished", ret);
index 7cd9a326890e86be6cd1f1a2ce914daa1644d140..20d74222fead8bd85eb6456d6c681475008d266e 100644 (file)
@@ -57,11 +57,6 @@ typedef struct
   unsigned char i[8];
 } uint64;
 
-typedef struct
-{
-  unsigned char i[6];
-} uint48;
-
 #include <gnutls/gnutls.h>
 
 /*
@@ -151,12 +146,12 @@ typedef enum transport_t
 } transport_t;
 
 /* the maximum size of encrypted packets */
-#define IS_DTLS (session->internals.transport == GNUTLS_DGRAM)
+#define IS_DTLS(session) (session->internals.transport == GNUTLS_DGRAM)
 
 #define DEFAULT_MAX_RECORD_SIZE 16384
 #define TLS_RECORD_HEADER_SIZE 5
 #define DTLS_RECORD_HEADER_SIZE (TLS_RECORD_HEADER_SIZE+8)
-#define RECORD_HEADER_SIZE (IS_DTLS ? DTLS_RECORD_HEADER_SIZE : TLS_RECORD_HEADER_SIZE)
+#define RECORD_HEADER_SIZE(session) (IS_DTLS(session) ? DTLS_RECORD_HEADER_SIZE : TLS_RECORD_HEADER_SIZE)
 #define MAX_RECORD_HEADER_SIZE DTLS_RECORD_HEADER_SIZE
 
 #define MAX_RECORD_SEND_SIZE (size_t)session->security_parameters.max_record_send_size
@@ -164,11 +159,11 @@ typedef enum transport_t
 #define MAX_PAD_SIZE 255
 #define EXTRA_COMP_SIZE 2048
 #define MAX_RECORD_OVERHEAD (MAX_CIPHER_BLOCK_SIZE/*iv*/+MAX_PAD_SIZE+EXTRA_COMP_SIZE)
-#define MAX_RECV_SIZE (MAX_RECORD_OVERHEAD+MAX_RECORD_RECV_SIZE+RECORD_HEADER_SIZE)
+#define MAX_RECV_SIZE(session) (MAX_RECORD_OVERHEAD+MAX_RECORD_RECV_SIZE+RECORD_HEADER_SIZE(session))
 
 #define TLS_HANDSHAKE_HEADER_SIZE 4
 #define DTLS_HANDSHAKE_HEADER_SIZE (TLS_HANDSHAKE_HEADER_SIZE+8)
-#define HANDSHAKE_HEADER_SIZE (IS_DTLS ? DTLS_HANDSHAKE_HEADER_SIZE : TLS_HANDSHAKE_HEADER_SIZE)
+#define HANDSHAKE_HEADER_SIZE(session) (IS_DTLS(session) ? DTLS_HANDSHAKE_HEADER_SIZE : TLS_HANDSHAKE_HEADER_SIZE)
 #define MAX_HANDSHAKE_HEADER_SIZE DTLS_HANDSHAKE_HEADER_SIZE
 
 /* This is the maximum handshake message size we send without
@@ -208,10 +203,6 @@ typedef struct
 
 #include <gnutls_mpi.h>
 
-typedef enum change_cipher_spec_t
-{ GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1
-} change_cipher_spec_t;
-
 typedef enum handshake_state_t
 { STATE0 = 0, STATE1, STATE2,
   STATE3, STATE4, STATE5,
@@ -273,6 +264,9 @@ typedef struct mbuffer_st
   size_t mark;
   unsigned int user_mark;       /* only used during fill in */
   size_t maximum_size;
+  
+  gnutls_handshake_description_t htype;
+  content_type_t type;
 } mbuffer_st;
 
 typedef struct mbuffer_head_st
@@ -651,7 +645,6 @@ typedef struct
    * protocol only. freed using _gnutls_handshake_io_buffer_clear();
    */
   mbuffer_head_st handshake_send_buffer;
-  gnutls_handshake_description_t handshake_send_buffer_htype;
   content_type_t handshake_recv_buffer_type;
   gnutls_handshake_description_t handshake_recv_buffer_htype;
   gnutls_buffer_st handshake_recv_buffer;
index 6b3f42485953d56ee172efbbc1155948d8129d51..571e46729e3b3ae8a47fdd2398083d4947ce09d2 100644 (file)
@@ -95,13 +95,13 @@ _mbuffer_set_uhead_size (mbuffer_st * bufel, size_t size)
 inline static mbuffer_st *
 _gnutls_handshake_alloc (gnutls_session_t session, size_t size, size_t maximum)
 {
-  mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE + size,
-                                    HANDSHAKE_HEADER_SIZE + maximum);
+  mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE(session) + size,
+                                    HANDSHAKE_HEADER_SIZE(session) + maximum);
 
   if (!ret)
     return NULL;
 
-  _mbuffer_set_uhead_size (ret, HANDSHAKE_HEADER_SIZE);
+  _mbuffer_set_uhead_size (ret, HANDSHAKE_HEADER_SIZE(session));
 
   return ret;
 }
index 786cf4d007c1df4f0b328dfbe8a6e15e8938665f..2528447564850753db134fb3c5223bf4641147c3 100644 (file)
@@ -67,27 +67,17 @@ _gnutls_uint64pp (uint64 * x)
  * has been reached.
  */
 int
-_gnutls_uint48pp (uint48 * x)
+_gnutls_uint48pp (uint64 * x)
 {
-  register int i, y = 0;
-
-  for (i = 5; i >= 0; i--)
-    {
-      y = 0;
-      if (x->i[i] == 0xff)
-       {
-         x->i[i] = 0;
-         y = 1;
-       }
-      else
-       x->i[i]++;
-
-      if (y == 0)
-       break;
-    }
-  if (y != 0)
-    return -1;                 /* over 48 bits! meh... */
-
+  int ret;
+  
+  ret = _gnutls_uint64pp(x);
+  if (ret != 0)
+    return ret;
+  
+  if (x->i[6] != 0)
+    return -1;
+    
   return 0;
 }
 
@@ -114,20 +104,6 @@ _gnutls_uint32touint24 (uint32_t num)
 
 }
 
-uint64_t
-_gnutls_uint48touint64 (uint48 num)
-{
-  uint64_t ret=0;
-
-  ((uint8_t *) & ret)[2] = num.i[0];
-  ((uint8_t *) & ret)[3] = num.i[1];
-  ((uint8_t *) & ret)[4] = num.i[2];
-  ((uint8_t *) & ret)[5] = num.i[3];
-  ((uint8_t *) & ret)[6] = num.i[4];
-  ((uint8_t *) & ret)[7] = num.i[5];
-  return ret;
-}
-
 /* data should be at least 3 bytes */
 uint32_t
 _gnutls_read_uint24 (const opaque * data)
@@ -237,18 +213,3 @@ _gnutls_uint64touint32 (const uint64 * num)
   return ret;
 }
 
-uint64_t
-_gnutls_read_uint48 (const opaque * data)
-{
-  uint64_t ret;
-  uint48 num;
-
-  memcpy(num.i, data, 6);
-
-  ret = _gnutls_uint48touint64 (num);
-#ifndef WORDS_BIGENDIAN
-  ret = bswap_64 (ret);
-#endif
-
-  return ret;
-}
index 8e8aaea977efe0ab9341ad7ded019faffdd64a41..456e34e5884540257cb7bb8e59f1f64f9cc5f90e 100644 (file)
@@ -32,7 +32,6 @@
 
 uint32_t _gnutls_uint24touint32 (uint24 num);
 uint24 _gnutls_uint32touint24 (uint32_t num);
-uint64_t _gnutls_uint48touint64 (uint48 num);
 uint64_t _gnutls_read_uint48 (const opaque * data);
 uint32_t _gnutls_read_uint32 (const opaque * data);
 uint16_t _gnutls_read_uint16 (const opaque * data);
@@ -45,8 +44,8 @@ void _gnutls_write_uint16 (uint16_t num, opaque * data);
 uint32_t _gnutls_uint64touint32 (const uint64 *);
 
 int _gnutls_uint64pp (uint64 *);
-int _gnutls_uint48pp (uint48 *);
-# define _gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0
+int _gnutls_uint48pp (uint64 *);
+
 # define UINT64DATA(x) ((x).i)
 
 #endif /* GNUTLS_NUM_H */
index a543b230c732ee7586023067d10b31f47147e1fd..d1ba96a1b1dddae6216641139d3a677c13b94845 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
- * 2009, 2010 Free Software Foundation, Inc.
+ * 2009, 2010, 2011 Free Software Foundation, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -327,7 +327,7 @@ sequence_increment (gnutls_session_t session,
 {
   if (_gnutls_is_dtls(session))
     {
-      return _gnutls_uint48pp((uint48*)&value->i[2]);
+      return _gnutls_uint48pp(value);
     }
   else
     {
@@ -422,7 +422,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type,
    */
   copy_record_version (session, htype, &headers[1]);
 
-  header_size = RECORD_HEADER_SIZE;
+  header_size = RECORD_HEADER_SIZE(session);
   /* Adjust header length and add sequence for DTLS */
     sequence_write(&record_state->sequence_number, &headers[3]);
 
@@ -465,9 +465,7 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type,
       cipher_size =
         _gnutls_encrypt (session, headers, header_size, data,
                          data2send_size, _mbuffer_get_udata_ptr (bufel),
-                         cipher_size, type,
-                         (session->internals.priorities.no_padding ==
-                          0) ? 1 : 0, record_params);
+                         cipher_size, type, record_params);
       if (cipher_size <= 0)
         {
           gnutls_assert ();
@@ -528,25 +526,6 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type,
   return retval;
 }
 
-/* This function is to be called if the handshake was successfully 
- * completed. This sends a Change Cipher Spec packet to the peer.
- */
-ssize_t
-_gnutls_send_change_cipher_spec (gnutls_session_t session, int again)
-{
-  static const opaque data[1] = { GNUTLS_TYPE_CHANGE_CIPHER_SPEC };
-
-  _gnutls_handshake_log ("REC[%p]: Sent ChangeCipherSpec\n", session);
-
-  if (again == 0)
-    return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1,
-                             EPOCH_WRITE_CURRENT, data, 1, MBUFFER_FLUSH);
-  else
-    {
-      return _gnutls_io_write_flush (session);
-    }
-}
-
 inline static int
 check_recv_type (content_type_t recv_type)
 {
@@ -685,7 +664,7 @@ record_check_version (gnutls_session_t session,
     {
       /* Reject hello packets with major version higher than 3.
        */
-      if (version[0] > 3)
+      if (!(IS_DTLS(session)) && version[0] > 3)
         {
           gnutls_assert ();
           _gnutls_record_log
@@ -968,7 +947,7 @@ begin:
 
 /* default headers for TLS 1.0
  */
-  header_size = RECORD_HEADER_SIZE;
+  header_size = RECORD_HEADER_SIZE(session);
 
   if ((ret =
        _gnutls_io_read_buffered (session, header_size, -1)) != header_size)
@@ -1047,7 +1026,7 @@ begin:
                       _gnutls_uint64touint32 (&record_state->sequence_number),
                       _gnutls_packet2str (recv_type), recv_type, length);
 
-  if (length > MAX_RECV_SIZE)
+  if (length > MAX_RECV_SIZE(session))
     {
       _gnutls_record_log
         ("REC[%p]: FATAL ERROR: Received packet with length: %d\n",
@@ -1094,8 +1073,10 @@ begin:
       return ret;
     }
 
-  decrypt_sequence =
-    _gnutls_is_dtls(session) ? &dtls_sequence : &record_state->sequence_number;
+  if (IS_DTLS(session))
+    decrypt_sequence = &dtls_sequence;
+  else
+    decrypt_sequence = &record_state->sequence_number;
 
 /* decrypt the data we got. 
  */
index 32773143fc23425ea7c6acb6583473c8489b8e8c..b24b390c501bd0248876fbbb38f77b0f31f151d8 100644 (file)
@@ -36,6 +36,5 @@ ssize_t _gnutls_send_int (gnutls_session_t session, content_type_t type,
 ssize_t _gnutls_recv_int (gnutls_session_t session, content_type_t type,
                           gnutls_handshake_description_t, opaque * data,
                           size_t sizeofdata);
-ssize_t _gnutls_send_change_cipher_spec (gnutls_session_t session, int again);
 
 #endif
index afdbb02009dfdc7d870c2ee116ad381044209269..d1f074295f6d46409f881fe9e76fd3aa10e9635c 100644 (file)
@@ -77,7 +77,11 @@ gnutls_cipher_algorithm_t
 gnutls_cipher_get (gnutls_session_t session)
 {
   record_parameters_st *record_params;
-  _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+  int ret;
+  
+  ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+  if (ret < 0)
+    return gnutls_assert_val(GNUTLS_CIPHER_NULL);
 
   return record_params->cipher_algorithm;
 }
@@ -126,7 +130,11 @@ gnutls_mac_algorithm_t
 gnutls_mac_get (gnutls_session_t session)
 {
   record_parameters_st *record_params;
-  _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+  int ret;
+  
+  ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+  if (ret < 0)
+    return gnutls_assert_val(GNUTLS_MAC_NULL);
 
   return record_params->mac_algorithm;
 }
@@ -144,7 +152,11 @@ gnutls_compression_method_t
 gnutls_compression_get (gnutls_session_t session)
 {
   record_parameters_st *record_params;
-  _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+  int ret;
+  
+  ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+  if (ret < 0)
+    return gnutls_assert_val(GNUTLS_COMP_NULL);
 
   return record_params->compression_algorithm;
 }
index 581acf3eddd1f36d7a226cafa642137cc9fd4866..7518c2414c3be76e9c0bf04401de1b1c96fb3fd5 100644 (file)
@@ -385,6 +385,7 @@ extern "C"
   /**
    * gnutls_handshake_description_t:
    * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
+   * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
    * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
    * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
    * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
@@ -396,6 +397,7 @@ extern "C"
    * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
    * @GNUTLS_HANDSHAKE_FINISHED: Finished.
    * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
+   * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec
    *
    * Enumeration of different TLS handshake packets.
    */
@@ -413,7 +415,8 @@ extern "C"
     GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
     GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
     GNUTLS_HANDSHAKE_FINISHED = 20,
-    GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23
+    GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23,
+    GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254
   } gnutls_handshake_description_t;
 
   /**
@@ -1738,6 +1741,8 @@ extern "C"
 
 #define GNUTLS_E_CRYPTO_INIT_FAILED -318
 
+#define GNUTLS_E_TIMEDOUT -319
+
 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
 
 
index f3bed5f7b72cc7fa6bcb0d2ac07832b0433bce08..d89c283709afe0590d1b45c38564c6428fa406ce 100644 (file)
@@ -105,6 +105,22 @@ system_read_peek (gnutls_transport_ptr ptr, void *data, size_t data_size)
   return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, MSG_PEEK);
 }
 
+/* Wait for data to be received within a timeout period in milliseconds
+ */
+int system_recv_timeout(gnutls_transport_ptr ptr, size_t ms)
+{
+fd_set rfds;
+struct timeval tv;
+
+  FD_ZERO(&rfds);
+  FD_SET(GNUTLS_POINTER_TO_INT(ptr), &rfds);
+  
+  tv.tv_sec = 0;
+  tv.tv_usec = ms * 1000;
+  
+  return select(GNUTLS_POINTER_TO_INT(ptr)+1, &rfds, NULL, NULL, &tv);
+}
+
 /* Thread stuff */
 
 #ifdef HAVE_WIN32_LOCKS
index 860bca80f9746290921ca9942bf2a5f007e07cf0..6ec4e8320435ea3e183f62f51bc6cba6f0eac2a9 100644 (file)
@@ -8,6 +8,7 @@
 #endif
 
 int system_errno (gnutls_transport_ptr);
+int system_recv_timeout(gnutls_transport_ptr ptr, size_t ms);
 
 #ifdef _WIN32
 ssize_t system_write (gnutls_transport_ptr ptr, const void *data,
index aab764e025b49b1136fcef8c1c254a7509bfe8ad..fd9e0e455ac6e67311a59adafd635da5c7667c00 100644 (file)
@@ -132,7 +132,7 @@ void gaa_help(void)
        __gaa_helpsingle('e', "rehandshake", "", "Connect, establish a session and rehandshake immediately.");
        __gaa_helpsingle(0, "noticket", "", "Doesn't accept session tickets.");
        __gaa_helpsingle('s', "starttls", "", "Connect, establish a plain session and start TLS when EOF or a SIGALRM is received.");
-       __gaa_helpsingle('u', "dtls", "", "Use DTLS (datagram TLS).");
+       __gaa_helpsingle('u', "udp", "", "Use DTLS (datagram TLS).");
        __gaa_helpsingle(0, "crlf", "", "Send CR LF instead of LF.");
        __gaa_helpsingle(0, "x509fmtder", "", "Use DER format for certificates to read from.");
        __gaa_helpsingle('f', "fingerprint", "", "Send the openpgp fingerprint, instead of the key.");
@@ -219,7 +219,7 @@ struct _gaainfo
 #line 32 "cli.gaa"
        int crlf;
 #line 29 "cli.gaa"
-       int dtls;
+       int udp;
 #line 26 "cli.gaa"
        int starttls;
 #line 23 "cli.gaa"
@@ -310,7 +310,7 @@ static int gaa_error = 0;
 #define GAAOPTID_fingerprint   23
 #define GAAOPTID_x509fmtder    24
 #define GAAOPTID_crlf  25
-#define GAAOPTID_dtls  26
+#define GAAOPTID_udp   26
 #define GAAOPTID_starttls      27
 #define GAAOPTID_noticket      28
 #define GAAOPTID_rehandshake   29
@@ -662,7 +662,7 @@ static int gaa_get_option_num(char *str, int status)
                        GAA_CHECK1STR("f", GAAOPTID_fingerprint);
                        GAA_CHECK1STR("", GAAOPTID_x509fmtder);
                        GAA_CHECK1STR("", GAAOPTID_crlf);
-                       GAA_CHECK1STR("u", GAAOPTID_dtls);
+                       GAA_CHECK1STR("u", GAAOPTID_udp);
                        GAA_CHECK1STR("s", GAAOPTID_starttls);
                        GAA_CHECK1STR("", GAAOPTID_noticket);
                        GAA_CHECK1STR("e", GAAOPTID_rehandshake);
@@ -696,7 +696,7 @@ static int gaa_get_option_num(char *str, int status)
                        GAA_CHECKSTR("fingerprint", GAAOPTID_fingerprint);
                        GAA_CHECKSTR("x509fmtder", GAAOPTID_x509fmtder);
                        GAA_CHECKSTR("crlf", GAAOPTID_crlf);
-                       GAA_CHECKSTR("dtls", GAAOPTID_dtls);
+                       GAA_CHECKSTR("udp", GAAOPTID_udp);
                        GAA_CHECKSTR("starttls", GAAOPTID_starttls);
                        GAA_CHECKSTR("noticket", GAAOPTID_noticket);
                        GAA_CHECKSTR("rehandshake", GAAOPTID_rehandshake);
@@ -970,10 +970,10 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 
                return GAA_OK;
                break;
-       case GAAOPTID_dtls:
+       case GAAOPTID_udp:
        OK = 0;
 #line 30 "cli.gaa"
-{ gaaval->dtls = 1 ;};
+{ gaaval->udp = 1 ;};
 
                return GAA_OK;
                break;
@@ -1057,7 +1057,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
        gaaval->srp_username=NULL; gaaval->srp_passwd=NULL; gaaval->fmtder = 0; gaaval->starttls =0; 
        gaaval->debug = 0; gaaval->print_cert = 0; gaaval->verbose = 0; gaaval->psk_key = NULL; 
        gaaval->psk_username = NULL; gaaval->priorities = NULL;
-       gaaval->pgp_subkey = NULL; gaaval->rehandshake = 0; gaaval->dtls = 0; ;};
+       gaaval->pgp_subkey = NULL; gaaval->rehandshake = 0; gaaval->udp = 0; ;};
 
     }
     inited = 1;
index 07f409b505b5bdf2a696f0e54a7d79ad5f15178c..aba523ef3c87f1d03330d28743beeb36ec98837d 100644 (file)
@@ -55,7 +55,7 @@ struct _gaainfo
 #line 32 "cli.gaa"
        int crlf;
 #line 29 "cli.gaa"
-       int dtls;
+       int udp;
 #line 26 "cli.gaa"
        int starttls;
 #line 23 "cli.gaa"
index 762146c94cf1296a51f22f9f84e937721bf72264..6f8339be9868f1a2c4afadd69fb93a0e13a32624 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -53,7 +53,7 @@
 #define MAX_BUF 4096
 
 /* global stuff here */
-int resume, starttls, insecure, rehandshake, dtls;
+int resume, starttls, insecure, rehandshake, udp;
 const char *hostname = NULL;
 char *service;
 int record_max_size;
@@ -551,7 +551,7 @@ init_tls_session (const char *hostname)
 
   gnutls_session_t session;
 
-  if (dtls)
+  if (udp)
     gnutls_init_dtls (&session, GNUTLS_CLIENT, 0);
   else
     gnutls_init (&session, GNUTLS_CLIENT);
@@ -977,7 +977,7 @@ gaa_parser (int argc, char **argv)
   resume = info.resume;
   rehandshake = info.rehandshake;
   insecure = info.insecure;
-  dtls = info.dtls;
+  udp = info.udp;
   service = info.port;
   record_max_size = info.record_size;
   fingerprint = info.fingerprint;
@@ -1396,7 +1396,7 @@ socket_open (socket_st * hd, const char *hostname, const char *service)
   printf ("Resolving '%s'...\n", hostname);
   /* get server name */
   memset (&hints, 0, sizeof (hints));
-  hints.ai_socktype = dtls ? SOCK_DGRAM : SOCK_STREAM;
+  hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
   if ((err = getaddrinfo (hostname, service, &hints, &res)))
     {
       fprintf (stderr, "Cannot resolve %s:%s: %s\n", hostname, service,
index c7de0957a460fec888d991b64cb1d3106f4ca396..9b3aa786baa057d7ac129bf305ef82cd010d69e1 100644 (file)
@@ -26,8 +26,8 @@ option (noticket) { $noticket = 1 } "Doesn't accept session tickets."
 #int starttls;
 option (s, starttls) { $starttls = 1 } "Connect, establish a plain session and start TLS when EOF or a SIGALRM is received."
 
-#int dtls;
-option (u, dtls) { $dtls = 1 } "Use DTLS (datagram TLS)."
+#int udp;
+option (u, udp) { $udp = 1 } "Use DTLS (datagram TLS)."
 
 #int crlf;
 option (crlf) { $crlf = 1 } "Send CR LF instead of LF."
@@ -111,4 +111,4 @@ init { $resume=0; $noticket=0; $port="443"; $rest_args=NULL;
        $srp_username=NULL; $srp_passwd=NULL; $fmtder = 0; $starttls =0; 
        $debug = 0; $print_cert = 0; $verbose = 0; $psk_key = NULL; 
        $psk_username = NULL; $priorities = NULL;
-       $pgp_subkey = NULL; $rehandshake = 0; $dtls = 0; }
+       $pgp_subkey = NULL; $rehandshake = 0; $udp = 0; }