simplify the SCTP options

src/internal.c

@@ -195,6 +195,20 @@ static INLINE int IsEncryptionOn(WOLFSSL* ssl, int isSend)
 }
 
 
+#ifdef WOLFSSL_DTLS
+/* If SCTP is not enabled returns the state of the dtls option.
+ * If SCTP is enabled returns dtls && sctp. */
+static INLINE int IsDtlsSctpMode(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_SCTP
+    return ssl->options.dtls && ssl->options.dtlsSctp;
+#else
+    return ssl->options.dtls;
+#endif
+}
+#endif
+
+
 #ifdef HAVE_QSH
 /* free all structs that where used with QSH */
 static int QSH_FreeAll(WOLFSSL* ssl)
@@ -1373,6 +1387,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 
     ctx->devId = INVALID_DEVID;
 
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
+    ctx->dtlsMtuSz = MAX_MTU;
+#endif
+
 #ifndef NO_CERTS
     ctx->cm = wolfSSL_CertManagerNew_ex(heap);
     if (ctx->cm == NULL) {
@@ -3336,9 +3354,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->options.processReply = doProcessInit;
 
 #ifdef WOLFSSL_DTLS
+    #ifdef WOLFSSL_SCTP
+        ssl->options.dtlsSctp           = ctx->dtlsSctp;
+    #endif
     ssl->dtls_timeout_init              = DTLS_TIMEOUT_INIT;
     ssl->dtls_timeout_max               = DTLS_TIMEOUT_MAX;
     ssl->dtls_timeout                   = ssl->dtls_timeout_init;
+    ssl->buffers.dtlsCtx.fd             = -1;
 #endif
 
     #ifndef NO_OLD_TLS
@@ -3348,10 +3370,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     #endif
 
 
-#ifdef WOLFSSL_DTLS
-    ssl->buffers.dtlsCtx.fd = -1;
-#endif
-
     ssl->cipher.ssl = ssl;
 
 #ifdef HAVE_TLS_EXTENSIONS
@@ -5055,7 +5073,7 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 
 #ifdef WOLFSSL_DTLS
-    if (ssl->options.dtls &&
+    if (IsDtlsSctpMode(ssl) &&
         (!DtlsCheckWindow(&ssl->keys.dtls_state) ||
          (ssl->options.handShakeDone && ssl->keys.dtls_state.curEpoch == 0))) {
             return SEQUENCE_ERROR;
@@ -9282,11 +9300,11 @@ int ProcessReply(WOLFSSL* ssl)
                 ssl->keys.decryptedCur = 1;
             }
 
-            if (ssl->options.dtls) {
             #ifdef WOLFSSL_DTLS
+            if (IsDtlsSctpMode(ssl)) {
                 DtlsUpdateWindow(&ssl->keys.dtls_state);
-            #endif /* WOLFSSL_DTLS */
             }
+            #endif /* WOLFSSL_DTLS */
 
             WOLFSSL_MSG("received record layer msg");
 

src/ssl.c

@@ -549,11 +549,42 @@ int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz)
 }
 
 
-int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned int newMtu)
-{
 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
+
+int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_sctp()");
+
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    ctx->dtlsSctp = 1;
+    return SSL_SUCCESS;
+}
+
+
+int wolfSSL_dtls_set_sctp(WOLFSSL* ssl)
+{
+    WOLFSSL_ENTER("wolfSSL_dtls_set_sctp()");
+
     if (ssl == NULL)
-        return SSL_FAILURE;
+        return BAD_FUNC_ARG;
+
+    ssl->options.dtlsSctp = 1;
+    return SSL_SUCCESS;
+}
+
+
+/* wolfSSL_dtls_set_mtu
+ * Sets the DTLS MTU size. For the deafult MTU of 1500, set to 1500.
+ * The maximum allowed value is 16384, the maximum record size. The MTU
+ * needs to be larger than 200, need to be able to fit in the IP/UDP/DTLS
+ * headers.
+ */
+int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, word32 newMtu)
+{
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
 
     if (newMtu > MAX_RECORD_SIZE) {
         ssl->error = BAD_FUNC_ARG;
@@ -561,76 +592,24 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned int newMtu)
     }
 
     return SSL_SUCCESS;
-#else /* WOLFSSL_DTLS && WOLFSSL_SCTP */
-    (void)ssl;
-    (void)newMtu;
-    return SSL_NOT_IMPLEMENTED;
-#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
 }
 
 
-int wolfSSL_dtls_enable_retransmission(WOLFSSL* ssl, unsigned int options)
+int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word32 newMtu)
 {
-    (void)options;
-
-#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
     if (ssl == NULL)
-        return SSL_FAILURE;
+        return BAD_FUNC_ARG;
+
+    if (newMtu > MAX_RECORD_SIZE) {
+        ssl->error = BAD_FUNC_ARG;
+        return SSL_FAILURE;
+    }
 
-    ssl->options.dtlsRetxEnable = 1;
     return SSL_SUCCESS;
-#else /* WOLFSSL_DTLS && WOLFSSL_SCTP */
-    (void)ssl;
-    return SSL_NOT_IMPLEMENTED;
-#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
 }
 
 
-int wolfSSL_dtls_disable_retransmission(WOLFSSL* ssl)
-{
-#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
-    if (ssl == NULL)
-        return SSL_FAILURE;
-
-    ssl->options.dtlsRetxEnable = 0;
-    return SSL_SUCCESS;
-#else /* WOLFSSL_DTLS && WOLFSSL_SCTP */
-    (void)ssl;
-    return SSL_NOT_IMPLEMENTED;
 #endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
-}
-
-
-int wolfSSL_dtls_enable_replay_detection(WOLFSSL* ssl, unsigned int options)
-{
-    (void)options;
-
-#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
-    if (ssl == NULL)
-        return SSL_FAILURE;
-
-    ssl->options.dtlsReplayEnable = 1;
-    return SSL_SUCCESS;
-#else /* WOLFSSL_DTLS && WOLFSSL_SCTP */
-    (void)ssl;
-    return SSL_NOT_IMPLEMENTED;
-#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
-}
-
-
-int wolfSSL_dtls_disable_replay_detection(WOLFSSL* ssl)
-{
-#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
-    if (ssl == NULL)
-        return SSL_FAILURE;
-
-    ssl->options.dtlsReplayEnable = 0;
-    return SSL_SUCCESS;
-#else /* WOLFSSL_DTLS && WOLFSSL_SCTP */
-    (void)ssl;
-    return SSL_NOT_IMPLEMENTED;
-#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
-}
 
 #endif /* WOLFSSL_LEANPSK */
 

wolfssl/internal.h

@@ -1940,6 +1940,10 @@ struct WOLFSSL_CTX {
     byte        quietShutdown;    /* don't send close notify */
     byte        groupMessages;    /* group handshake messages before sending */
     byte        minDowngrade;     /* minimum downgrade version */
+#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
+    byte        dtlsSctp;         /* DTLS-over-SCTP mode */
+    word16      dtlsMtuSz;        /* DTLS MTU size */
+#endif
 #ifndef NO_DH
     word16      minDhKeySz;       /* minimum DH key size */
 #endif
@@ -2406,9 +2410,8 @@ typedef struct Options {
 #ifdef WOLFSSL_DTLS
     word16            dtlsHsRetain:1;     /* DTLS retaining HS data */
 #ifdef WOLFSSL_SCTP
-    word16            dtlsRetxEnable:1;   /* DTLS HS retransmission enable */
-    word16            dtlsReplayEnable:1; /* DTLS Replay detection enable */
-#endif /* WOLFSSL_SCTP */
+    word16            dtlsSctp:1;         /* DTLS-over-SCTP mode */
+#endif
 #endif
 
     /* need full byte values for this section */

wolfssl/ssl.h

@@ -409,11 +409,10 @@ WOLFSSL_API int  wolfSSL_dtls(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
 WOLFSSL_API int  wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
 
+WOLFSSL_API int  wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX*);
+WOLFSSL_API int  wolfSSL_dtls_set_sctp(WOLFSSL*);
+WOLFSSL_API int  wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned int);
 WOLFSSL_API int  wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned int);
-WOLFSSL_API int  wolfSSL_dtls_enable_retransmission(WOLFSSL*, unsigned int);
-WOLFSSL_API int  wolfSSL_dtls_disable_retransmission(WOLFSSL*);
-WOLFSSL_API int  wolfSSL_dtls_enable_replay_detection(WOLFSSL*, unsigned int);
-WOLFSSL_API int  wolfSSL_dtls_disable_replay_detection(WOLFSSL*);
 
 WOLFSSL_API int   wolfSSL_ERR_GET_REASON(unsigned long err);
 WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);