Adapt version-handling functions to DTLS

2025-11-03 20:22:59 -05:00 · 2014-02-10 13:43:33 +01:00 · 2014-02-10 13:43:33 +01:00 · b21ca2a69f
commit b21ca2a69f
parent e29fd4beaf
2 changed files with 53 additions and 10 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -959,6 +959,9 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint );
 * \param transport transport type:
 *                  SSL_TRANSPORT_STREAM for TLS,
 *                  SSL_TRANSPORT_DATAGRAM for DTLS.
+ *
+ * \note            If DTLS is selected and max and/or min version are less
+ *                  than TLS 1.1 (DTLS 1.0) they are upped to that value.
 */
 void ssl_set_transport( ssl_context *ssl, int transport );

@ -1122,6 +1125,9 @@ void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites );
 * \param minor         Minor version number (SSL_MINOR_VERSION_0,
 *                      SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
 *                      SSL_MINOR_VERSION_3 supported)
+ *
+ * \note                With DTLS, use SSL_MINOR_VERSION_2 for DTLS 1.0
+ *                      and SSL_MINOR_VERSION_3 for DTLS 1.2
 */
 void ssl_set_ciphersuites_for_version( ssl_context *ssl,
                                       const int *ciphersuites,
@ -1379,6 +1385,9 @@ const char *ssl_get_alpn_protocol( const ssl_context *ssl );
 * \param minor    Minor version number (SSL_MINOR_VERSION_0,
 *                 SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
 *                 SSL_MINOR_VERSION_3 supported)
+ *
+ * \note           With DTLS, use SSL_MINOR_VERSION_2 for DTLS 1.0 and
+ *                 SSL_MINOR_VERSION_3 for DTLS 1.2
 */
 void ssl_set_max_version( ssl_context *ssl, int major, int minor );

@ -1395,6 +1404,9 @@ void ssl_set_max_version( ssl_context *ssl, int major, int minor );
 * \param minor    Minor version number (SSL_MINOR_VERSION_0,
 *                 SSL_MINOR_VERSION_1 and SSL_MINOR_VERSION_2,
 *                 SSL_MINOR_VERSION_3 supported)
+ *
+ * \note           With DTLS, use SSL_MINOR_VERSION_2 for DTLS 1.0 and
+ *                 SSL_MINOR_VERSION_3 for DTLS 1.2
 */
 void ssl_set_min_version( ssl_context *ssl, int major, int minor );

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -3600,6 +3600,13 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint )
 void ssl_set_transport( ssl_context *ssl, int transport )
 {
    ssl->transport = transport;
+
+    /* DTLS starts with TLS1.1 */
+    if( ssl->min_minor_ver < SSL_MINOR_VERSION_2 )
+        ssl->min_minor_ver = SSL_MINOR_VERSION_2;
+
+    if( ssl->max_minor_ver < SSL_MINOR_VERSION_2 )
+        ssl->max_minor_ver = SSL_MINOR_VERSION_2;
 }

 void ssl_set_authmode( ssl_context *ssl, int authmode )
@ -3964,22 +3971,30 @@ const char *ssl_get_alpn_protocol( const ssl_context *ssl )

 void ssl_set_max_version( ssl_context *ssl, int major, int minor )
 {
-    if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION &&
-        minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION )
+    if( major < SSL_MIN_MAJOR_VERSION || major > SSL_MAX_MAJOR_VERSION ||
+        minor < SSL_MIN_MINOR_VERSION || minor > SSL_MAX_MINOR_VERSION ||
+        ( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
+          minor < SSL_MINOR_VERSION_2 ) )
    {
-        ssl->max_major_ver = major;
-        ssl->max_minor_ver = minor;
+        return;
    }
+
+    ssl->max_major_ver = major;
+    ssl->max_minor_ver = minor;
 }

 void ssl_set_min_version( ssl_context *ssl, int major, int minor )
 {
-    if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION &&
-        minor >= SSL_MIN_MINOR_VERSION && minor <= SSL_MAX_MINOR_VERSION )
+    if( major < SSL_MIN_MAJOR_VERSION || major > SSL_MAX_MAJOR_VERSION ||
+        minor < SSL_MIN_MINOR_VERSION || minor > SSL_MAX_MINOR_VERSION ||
+        ( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
+          minor < SSL_MINOR_VERSION_2 ) )
    {
-        ssl->min_major_ver = major;
-        ssl->min_minor_ver = minor;
+        return;
    }
+
+    ssl->min_major_ver = major;
+    ssl->min_minor_ver = minor;
 }

 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
@ -4067,6 +4082,23 @@ const char *ssl_get_ciphersuite( const ssl_context *ssl )

 const char *ssl_get_version( const ssl_context *ssl )
 {
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM )
+    {
+        switch( ssl->minor_ver )
+        {
+            case SSL_MINOR_VERSION_2:
+                return( "DTLSv1.0" );
+
+            case SSL_MINOR_VERSION_3:
+                return( "DTLSv1.2" );
+
+            default:
+                return( "unknown (DTLS)" );
+        }
+    }
+#endif
+
    switch( ssl->minor_ver )
    {
        case SSL_MINOR_VERSION_0:
@ -4082,9 +4114,8 @@ const char *ssl_get_version( const ssl_context *ssl )
            return( "TLSv1.2" );

        default:
-            break;
+            return( "unknown" );
    }
-    return( "unknown" );
 }

 #if defined(POLARSSL_X509_CRT_PARSE_C)