diff --git a/src/ssl.c b/src/ssl.c index 2fb0d17ed..f9a459c10 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -547,6 +547,91 @@ int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz) return SSL_NOT_IMPLEMENTED; #endif } + + +int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned int newMtu) +{ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP) + if (ssl == NULL) + return SSL_FAILURE; + + if (newMtu > MAX_RECORD_SIZE) { + ssl->error = BAD_FUNC_ARG; + return SSL_FAILURE; + } + + return SSL_SUCCESS; +#else /* WOLFSSL_DTLS && WOLFSSL_SCTP */ + (void)ssl; + (void)newMtu; + return SSL_NOT_IMPLEMENTED; +#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */ +} + + +int wolfSSL_dtls_enable_retransmission(WOLFSSL* ssl, unsigned int options) +{ + (void)options; + +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP) + if (ssl == NULL) + return SSL_FAILURE; + + ssl->options.dtlsRetxEnable = 1; + return SSL_SUCCESS; +#else /* WOLFSSL_DTLS && WOLFSSL_SCTP */ + (void)ssl; + return SSL_NOT_IMPLEMENTED; +#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */ +} + + +int wolfSSL_dtls_disable_retransmission(WOLFSSL* ssl) +{ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP) + if (ssl == NULL) + return SSL_FAILURE; + + ssl->options.dtlsRetxEnable = 0; + return SSL_SUCCESS; +#else /* WOLFSSL_DTLS && WOLFSSL_SCTP */ + (void)ssl; + return SSL_NOT_IMPLEMENTED; +#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */ +} + + +int wolfSSL_dtls_enable_replay_detection(WOLFSSL* ssl, unsigned int options) +{ + (void)options; + +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP) + if (ssl == NULL) + return SSL_FAILURE; + + ssl->options.dtlsReplayEnable = 1; + return SSL_SUCCESS; +#else /* WOLFSSL_DTLS && WOLFSSL_SCTP */ + (void)ssl; + return SSL_NOT_IMPLEMENTED; +#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */ +} + + +int wolfSSL_dtls_disable_replay_detection(WOLFSSL* ssl) +{ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP) + if (ssl == NULL) + return SSL_FAILURE; + + ssl->options.dtlsReplayEnable = 0; + return SSL_SUCCESS; +#else /* WOLFSSL_DTLS && WOLFSSL_SCTP */ + (void)ssl; + return SSL_NOT_IMPLEMENTED; +#endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */ +} + #endif /* WOLFSSL_LEANPSK */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 3a3e00635..65ca2b5b8 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2405,6 +2405,10 @@ typedef struct Options { #endif #ifdef WOLFSSL_DTLS word16 dtlsHsRetain:1; /* DTLS retaining HS data */ +#ifdef WOLFSSL_SCTP + word16 dtlsRetxEnable:1; /* DTLS HS retransmission enable */ + word16 dtlsReplayEnable:1; /* DTLS Replay detection enable */ +#endif /* WOLFSSL_SCTP */ #endif /* need full byte values for this section */ @@ -2744,6 +2748,9 @@ struct WOLFSSL { void* IOCB_CookieCtx; /* gen cookie ctx */ word32 dtls_expected_rx; wc_dtls_export dtls_export; /* export function for session */ +#ifdef WOLFSSL_SCTP + word32 mtu_size; +#endif /* WOLFSSL_SCTP */ #endif #ifdef WOLFSSL_CALLBACKS HandShakeInfo handShakeInfo; /* info saved during handshake */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 2af2dfffa..63373d15a 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -409,6 +409,12 @@ WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int); WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*); +WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned int); +WOLFSSL_API int wolfSSL_dtls_enable_retransmission(WOLFSSL*, unsigned int); +WOLFSSL_API int wolfSSL_dtls_disable_retransmission(WOLFSSL*); +WOLFSSL_API int wolfSSL_dtls_enable_replay_detection(WOLFSSL*, unsigned int); +WOLFSSL_API int wolfSSL_dtls_disable_replay_detection(WOLFSSL*); + WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err); WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*); WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,