Move to a callback interface for DTLS cookies

2014-07-23 14:56:15 +02:00 · 2014-07-23 14:56:15 +02:00 · d485d194f9
commit d485d194f9
parent d7f9bc5091
4 changed files with 152 additions and 30 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -601,6 +601,9 @@ int main( int argc, char *argv[] )
 #endif
    const char *pers = "ssl_server2";
    unsigned char client_ip[16] = { 0 };
+#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
+    ssl_cookie_ctx cookie_ctx;
+#endif

    entropy_context entropy;
    ctr_drbg_context ctr_drbg;
@ -658,6 +661,9 @@ int main( int argc, char *argv[] )
 #if defined(POLARSSL_SSL_ALPN)
    memset( (void *) alpn_list, 0, sizeof( alpn_list ) );
 #endif
+#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
+    ssl_cookie_init( &cookie_ctx );
+#endif

 #if !defined(_WIN32)
    /* Abort cleanly on SIGTERM */
@ -1345,11 +1351,17 @@ int main( int argc, char *argv[] )
 #endif

 #if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
-    if( opt.transport == SSL_TRANSPORT_DATAGRAM &&
-        ( ret = ssl_setup_hvr_key( &ssl ) ) != 0 )
+    if( opt.transport == SSL_TRANSPORT_DATAGRAM )
    {
-        printf( " failed\n  ! ssl_setup_hvr_key returned %d\n\n", ret );
-        goto exit;
+        if( ( ret = ssl_cookie_setup( &cookie_ctx,
+                                      ctr_drbg_random, &ctr_drbg ) ) != 0 )
+        {
+            printf( " failed\n  ! ssl_setup_hvr_key returned %d\n\n", ret );
+            goto exit;
+        }
+
+        ssl_set_dtls_cookies( &ssl, ssl_cookie_write, ssl_cookie_check,
+                                   &cookie_ctx );
    }
 #endif

@ -1844,6 +1856,9 @@ exit:
 #if defined(POLARSSL_SSL_CACHE_C)
    ssl_cache_free( &cache );
 #endif
+#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
+    ssl_cookie_free( &cookie_ctx );
+#endif

 #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
 #if defined(POLARSSL_MEMORY_DEBUG)