Adding DTLS13 support

Author: lealem47

examples/client.py

@@ -121,7 +121,8 @@ def get_SSLmethod(index):
 def get_DTLSmethod(index):
     return (
         wolfssl.PROTOCOL_DTLSv1,
-        wolfssl.PROTOCOL_DTLSv1_2
+        wolfssl.PROTOCOL_DTLSv1_2,
+        wolfssl.PROTOCOL_DTLSv1_3
     )[index]
 
 def main():

examples/server.py

@@ -110,7 +110,8 @@ def get_SSLmethod(index):
 def get_DTLSmethod(index):
     return (
         wolfssl.PROTOCOL_DTLSv1,
-        wolfssl.PROTOCOL_DTLSv1_2
+        wolfssl.PROTOCOL_DTLSv1_2,
+        wolfssl.PROTOCOL_DTLSv1_3
     )[index]
 
 

wolfssl/__init__.py

@@ -52,7 +52,7 @@
     PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLSv1,
     PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2, PROTOCOL_TLSv1_3,
     PROTOCOL_TLS, PROTOCOL_DTLSv1, PROTOCOL_DTLSv1_2,
-    WolfSSLMethod as _WolfSSLMethod
+    PROTOCOL_DTLSv1_3, WolfSSLMethod as _WolfSSLMethod
 )
 
 CERT_NONE = 0

wolfssl/_build_ffi.py

@@ -153,15 +153,18 @@ def make_flags(prefix, debug):
     flags.append("--disable-shared")
     flags.append("--disable-examples")
 
-    # tls 1.3
-    flags.append("--enable-tls13")
+    # dtls 1.3
+    flags.append("--enable-dtls13")
 
     # dtls
     flags.append("--enable-dtls")
 
     # crl
     flags.append("--enable-crl")
 
+    # openssl extra
+    flags.append("--enable-opensslextra")
+
     # for urllib3 - requires SNI (tlsx), options (openssl compat), peer cert
     flags.append("--enable-tlsx")
     flags.append("--enable-opensslextra")
@@ -205,7 +208,7 @@ def make(configure_flags):
         call("make install")
 
 
-def build_wolfssl(ref, debug=True):
+def build_wolfssl(ref, debug=False):
     prefix = local_path("lib/wolfssl/{}/{}".format(
         get_platform(), ref))
     libfile = os.path.join(prefix, 'lib/libwolfssl.la')
@@ -384,6 +387,9 @@ def generate_libwolfssl():
     cdef += """
     WOLFSSL_METHOD* wolfTLSv1_1_server_method(void);
     WOLFSSL_METHOD* wolfTLSv1_1_client_method(void);
+
+    WOLFSSL_METHOD* wolfDTLSv1_server_method(void);
+    WOLFSSL_METHOD* wolfDTLSv1_client_method(void);
     """
 
 cdef += """
@@ -398,11 +404,11 @@ def generate_libwolfssl():
 
     WOLFSSL_METHOD* wolfSSLv23_method(void);
 
-    WOLFSSL_METHOD* wolfDTLSv1_server_method(void);
-    WOLFSSL_METHOD* wolfDTLSv1_client_method(void);
-
     WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void);
     WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void);
+
+    WOLFSSL_METHOD* wolfDTLSv1_3_server_method(void);
+    WOLFSSL_METHOD* wolfDTLSv1_3_client_method(void);
     """
 if OLDTLS_ENABLED:
     cdef += """

wolfssl/_methods.py

@@ -38,10 +38,12 @@
 PROTOCOL_TLSv1_3 = 6
 PROTOCOL_DTLSv1 = 7
 PROTOCOL_DTLSv1_2 = 8
+PROTOCOL_DTLSv1_3 = 9
 
 _PROTOCOL_LIST = [PROTOCOL_SSLv23, PROTOCOL_SSLv3, PROTOCOL_TLS,
                   PROTOCOL_TLSv1, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2,
-                  PROTOCOL_TLSv1_3, PROTOCOL_DTLSv1, PROTOCOL_DTLSv1_2]
+                  PROTOCOL_TLSv1_3, PROTOCOL_DTLSv1, PROTOCOL_DTLSv1_2,
+                  PROTOCOL_DTLSv1_3]
 
 _DYNAMIC_TYPE_METHOD = 11
 
@@ -89,6 +91,8 @@ def __init__(self, protocol, server_side):
                 _lib.wolfSSLv23_client_method()
 
         elif protocol == PROTOCOL_DTLSv1:
+            if not _lib.OLDTLS_ENABLED:
+                raise ValueError("wolfSSL not built with old TLS support")
             self.native_object =                                    \
                 _lib.wolfDTLSv1_server_method() if server_side else \
                 _lib.wolfDTLSv1_client_method()
@@ -98,6 +102,10 @@ def __init__(self, protocol, server_side):
                 _lib.wolfDTLSv1_2_server_method() if server_side else \
                 _lib.wolfDTLSv1_2_client_method()
 
+        elif protocol == PROTOCOL_DTLSv1_3:
+            self.native_object =                                     \
+                _lib.wolfDTLSv1_3_server_method() if server_side else \
+                _lib.wolfDTLSv1_3_client_method()
 
         if self.native_object == _ffi.NULL:
             raise MemoryError("Unnable to allocate method object")