net/third_party/nss/ssl/ssl3gthr.c - Issue 9764001: Add DTLS support to NSS, contributed by Eric Rescorla.

Side by Side Diff: net/third_party/nss/ssl/ssl3gthr.c

Issue 9764001: Add DTLS support to NSS, contributed by Eric Rescorla. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Made a second pass, reviewed dtls1con.c only for coding style Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /*	1 /*

2 * Gather (Read) entire SSL3 records from socket into buffer.	2 * Gather (Read) entire SSL3 records from socket into buffer.

3 *	3 *

4 * *** BEGIN LICENSE BLOCK ***	4 * *** BEGIN LICENSE BLOCK ***

5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1	5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1

6 *	6 *

7 * The contents of this file are subject to the Mozilla Public License Version	7 * The contents of this file are subject to the Mozilla Public License Version

8 * 1.1 (the "License"); you may not use this file except in compliance with	8 * 1.1 (the "License"); you may not use this file except in compliance with

9 * the License. You may obtain a copy of the License at	9 * the License. You may obtain a copy of the License at

10 * http://www.mozilla.org/MPL/	10 * http://www.mozilla.org/MPL/

(...skipping 149 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
160 ** SSL3 record has been completely received.	160 ** SSL3 record has been completely received.

161 */	161 */

162 gs->state = GS_INIT;	162 gs->state = GS_INIT;

163 return 1;	163 return 1;

164 }	164 }

165 }	165 }

166	166

167 return rv;	167 return rv;

168 }	168 }

169	169

	170 /*

	171 * Read in an entire DTLS record.

	172 *

	173 * Blocks here for blocking sockets, otherwise returns -1 with

	174 * PR_WOULD_BLOCK_ERROR when socket would block.

	175 *

	176 * This is simpler than SSL because we are reading on a datagram socket

	177 * and datagrams must contain >=1 complete records.

	178 *

	179 * returns 1 if received a complete DTLS record.

	180 * returns 0 if recv returns EOF

	181 * returns -1 if recv returns <0

	182 * (The error value may have already been set to PR_WOULD_BLOCK_ERROR)

	183 *

	184 * Caller must hold the recv buf lock.

	185 *

	186 * This loop returns when either (a) an error or EOF occurs,
	Ryan Sleevi 2012/03/22 22:26:37 newline before (a) ? newline before (a) ?
	187 * (b) PR_WOULD_BLOCK_ERROR,

	188 * (c) data (entire DTLS record) has been received.

	189 */

	190 static int

	191 dtls_GatherData(sslSocket ss, sslGather gs, int flags)

	192 {

	193 int nb;

	194 int err;

	195 int rv = 1;

	196

	197 SSL_TRC(30, ("dtls_GatherData"));

	198

	199 PORT_Assert( ss->opt.noLocks \|\| ssl_HaveRecvBufLock(ss) );

	200

	201 gs->state = GS_HEADER;

	202 gs->offset = 0;

	203

	204 if (gs->dtlsPacketOffset == gs->dtlsPacket.len) { /* No data left */

	205 gs->dtlsPacketOffset = 0;

	206 gs->dtlsPacket.len = 0;

	207

	208 /* Resize to the maximum possible size so we can fit a full datagram */

	209 if (gs->dtlsPacket.space < MAX_FRAGMENT_LENGTH + 2048 + 5) {
	Ryan Sleevi 2012/03/22 22:26:37 What's the magic 2048 + 5? Should that be document What's the magic 2048 + 5? Should that be documented in the comment on line 208? wtc 2012/03/23 00:21:18 The magic constant is copied from ssl3_GatherData Show quoted text On 2012/03/22 22:26:37, Ryan Sleevi wrote: > What's the magic 2048 + 5? Should that be documented in the comment on line 208? The magic constant is copied from ssl3_GatherData on lines 134-137. I will also copy the comment here and note that 5 should be changed to 13 (the size of the record header). ekr 2012/03/23 12:46:41 I just noticed that as well. We could change that Show quoted text On 2012/03/23 00:21:18, wtc wrote: > > On 2012/03/22 22:26:37, Ryan Sleevi wrote: > > What's the magic 2048 + 5? Should that be documented in the comment on line > 208? > > The magic constant is copied from ssl3_GatherData on lines > 134-137. I will also copy the comment here and note that > 5 should be changed to 13 (the size of the record header). I just noticed that as well. We could change that in the code if you wanted (Note that in any sane network this is really way too big anyway), and the effect is simply to reduce the effective MTU if it somehow is magically as big as 16k.
	210 err = sslBuffer_Grow(&gs->dtlsPacket,

	211 MAX_FRAGMENT_LENGTH + 2048 + 5);

	212 if (err) { /* realloc has set error code to no mem. */

	213 return err;

	214 }

	215 }

	216

	217 /* recv() needs to read a full datagram at a time */

	218 nb = ssl_DefRecv(ss, gs->dtlsPacket.buf, gs->dtlsPacket.space, flags);

	219

	220 if (nb > 0) {

	221 PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb));

	222 } else if (nb == 0) {

	223 /* EOF */

	224 SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));

	225 rv = 0;

	226 return rv;

	227 } else /* if (nb < 0) */ {

	228 SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,

	229 PR_GetError()));

	230 rv = SECFailure;

	231 return rv;

	232 }

	233

	234 gs->dtlsPacket.len = nb;

	235 }

	236

	237 /* At this point we should have >=1 complete records lined up in

	238 * dtlsPacket. Read off the header.

	239 */

	240 if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < 13) {
	Ryan Sleevi 2012/03/22 22:26:37 nit: Use DTLS_RECORD_HEADER_LENGTH instead of 13 nit: Use DTLS_RECORD_HEADER_LENGTH instead of 13 throughout here, for cleanliness. wtc 2012/03/23 00:21:18 This will make line 253 hard to read gs->remai Show quoted text On 2012/03/22 22:26:37, Ryan Sleevi wrote: > > Use DTLS_RECORD_HEADER_LENGTH instead of 13 throughout here, for cleanliness. This will make line 253 hard to read gs->remainder = (gs->hdr[11] << 8) \| gs->hdr[12]; because 11 and 12 will need to become DTLS_RECORD_HEADER_LENGTH - 2 and DTLS_RECORD_HEADER_LENGTH - 1. Not sure if that's the right trade-off.
	241 SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet "

	242 "too short to contain header", SSL_GETPID(), ss->fd));

	243 PR_SetError(PR_WOULD_BLOCK_ERROR, 0);

	244 gs->dtlsPacketOffset = 0;

	245 gs->dtlsPacket.len = 0;

	246 rv = SECFailure;

	247 return rv;

	248 }

	249 memcpy(gs->hdr, gs->dtlsPacket.buf + gs->dtlsPacketOffset, 13);

	250 gs->dtlsPacketOffset += 13;

	251

	252 /* Have received SSL3 record header in gs->hdr. */

	253 gs->remainder = (gs->hdr[11] << 8) \| gs->hdr[12];

	254

	255 if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < gs->remainder) {

	256 SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet too short "

	257 "to contain rest of body", SSL_GETPID(), ss->fd));

	258 PR_SetError(PR_WOULD_BLOCK_ERROR, 0);

	259 gs->dtlsPacketOffset = 0;

	260 gs->dtlsPacket.len = 0;

	261 rv = SECFailure;

	262 return rv;

	263 }

	264

	265 /* OK, we have at least one complete packet, copy into inbuf */

	266 if (gs->remainder > gs->inbuf.space) {

	267 err = sslBuffer_Grow(&gs->inbuf, gs->remainder);

	268 if (err) { /* realloc has set error code to no mem. */

	269 return err;

	270 }

	271 }

	272

	273 memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset,

	274 gs->remainder);

	275 gs->inbuf.len = gs->remainder;

	276 gs->offset = gs->remainder;

	277 gs->dtlsPacketOffset += gs->remainder;

	278 gs->state = GS_INIT;

	279

	280 return 1;

	281 }

	282

170 /* Gather in a record and when complete, Handle that record.	283 /* Gather in a record and when complete, Handle that record.

171 * Repeat this until the handshake is complete,	284 * Repeat this until the handshake is complete,

172 * or until application data is available.	285 * or until application data is available.

173 *	286 *

174 * Returns 1 when the handshake is completed without error, or	287 * Returns 1 when the handshake is completed without error, or

175 * application data is available.	288 * application data is available.

176 * Returns 0 if ssl3_GatherData hits EOF.	289 * Returns 0 if ssl3_GatherData hits EOF.

177 * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.	290 * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.

178 * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.	291 * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.

179 *	292 *

180 * Called from ssl_GatherRecord1stHandshake in sslcon.c,	293 * Called from ssl_GatherRecord1stHandshake in sslcon.c,

181 * and from SSL_ForceHandshake in sslsecur.c	294 * and from SSL_ForceHandshake in sslsecur.c

182 * and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c).	295 * and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c).

183 *	296 *

184 * Caller must hold the recv buf lock.	297 * Caller must hold the recv buf lock.

185 */	298 */

186 int	299 int

187 ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)	300 ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)

188 {	301 {

189 SSL3Ciphertext cText;	302 SSL3Ciphertext cText;

190 int rv;	303 int rv;

191 PRBool canFalseStart = PR_FALSE;	304 PRBool canFalseStart = PR_FALSE;

192	305

	306 SSL_TRC(30, ("ssl3_GatherCompleteHandshake"));

	307

193 PORT_Assert( ss->opt.noLocks \|\| ssl_HaveRecvBufLock(ss) );	308 PORT_Assert( ss->opt.noLocks \|\| ssl_HaveRecvBufLock(ss) );

194 do {	309 do {

195 /* Without this, we may end up wrongly reporting	310 /* Without this, we may end up wrongly reporting

196 * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the	311 * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the

197 * peer while we are waiting to be restarted.	312 * peer while we are waiting to be restarted.

198 */	313 */

199 ssl_GetSSL3HandshakeLock(ss);	314 ssl_GetSSL3HandshakeLock(ss);

200 rv = ss->ssl3.hs.restartTarget == NULL ? SECSuccess : SECFailure;	315 rv = ss->ssl3.hs.restartTarget == NULL ? SECSuccess : SECFailure;

201 ssl_ReleaseSSL3HandshakeLock(ss);	316 ssl_ReleaseSSL3HandshakeLock(ss);

202 if (rv != SECSuccess) {	317 if (rv != SECSuccess) {

(...skipping 14 matching lines...) Expand all Loading...
217	332

218 if (ss->ssl3.hs.msgState.buf != NULL) {	333 if (ss->ssl3.hs.msgState.buf != NULL) {

219 /* ssl3_HandleHandshake previously returned SECWouldBlock and the	334 /* ssl3_HandleHandshake previously returned SECWouldBlock and the

220 * as-yet-unprocessed plaintext of that previous handshake record.	335 * as-yet-unprocessed plaintext of that previous handshake record.

221 * We need to process it now before we overwrite it with the next	336 * We need to process it now before we overwrite it with the next

222 * handshake record.	337 * handshake record.

223 */	338 */

224 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);	339 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);

225 } else {	340 } else {

226 /* bring in the next sslv3 record. */	341 /* bring in the next sslv3 record. */

227 » rv = ssl3_GatherData(ss, &ss->gs, flags);	342 » if (IS_DTLS(ss)) {
	Ryan Sleevi 2012/03/22 22:26:37 Your normal ordering has been !IS_DTLS then handle Your normal ordering has been !IS_DTLS then handle DTLS in the else when there is an SSL-or-DTLS block, and IS_DTLS when there's just a DTLS block. Swap the order? wtc 2012/03/23 00:21:18 I actually prefer if (IS_DTLS(ss)) { . Show quoted text On 2012/03/22 22:26:37, Ryan Sleevi wrote: > > Swap the order? I actually prefer if (IS_DTLS(ss)) { .... } else { .... } What's the general recommendation when the two blocks are lopsided? Do the simple block first? Ryan Sleevi 2012/03/23 00:38:28 I had assumed so - since often the 'simple block' Show quoted text On 2012/03/23 00:21:18, wtc wrote: > > On 2012/03/22 22:26:37, Ryan Sleevi wrote: > > > > Swap the order? > > I actually prefer > if (IS_DTLS(ss)) { > .... > } else { > .... > } > > What's the general recommendation when the two blocks > are lopsided? Do the simple block first? I had assumed so - since often the 'simple block' is the error handling. Here, my thought was more about 'common' block - !IS_DTLS() is how I think about the code when reading (eg: I want to see the TLS implementation first). But that's just my implementation bias, being more familiar with TLS rather than DTLS :)
	343 » » rv = dtls_GatherData(ss, &ss->gs, flags);

	344 » »

	345 » » /* If we got a would block error, that means that no data was

	346 » » * available, so we check the timer to see if it's time to

	347 » » * retransmit */

	348 » » if (rv == SECFailure &&

	349 » » (PORT_GetError() == PR_WOULD_BLOCK_ERROR)) {

	350 » » ssl_GetSSL3HandshakeLock(ss);
	Ryan Sleevi 2012/03/22 22:26:37 XXX - Check the layering of locks (line 308, line XXX - Check the layering of locks (line 308, line 350) to ensure there is no deadlock opportunity. I thoguht Handshake came before Recv. wtc 2012/03/23 00:21:18 The lock order is recvbuf -> ssl3Handshake, so thi Show quoted text On 2012/03/22 22:26:37, Ryan Sleevi wrote: > > I thoguht Handshake came before Recv. The lock order is recvbuf -> ssl3Handshake, so this is fine.
	351 » » dtls_CheckTimer(ss);

	352 » » ssl_ReleaseSSL3HandshakeLock(ss);

	353 » » /* Restore the error in case something succeeded */

	354 » » PORT_SetError(PR_WOULD_BLOCK_ERROR);

	355 » » }

	356 » } else {

	357 » » rv = ssl3_GatherData(ss, &ss->gs, flags);

	358 » }

	359

228 if (rv <= 0) {	360 if (rv <= 0) {

229 return rv;	361 return rv;

230 }	362 }

231	363

232 /* decipher it, and handle it if it's a handshake.	364 /* decipher it, and handle it if it's a handshake.

233 * If it's application data, ss->gs.buf will not be empty upon retur n.	365 * If it's application data, ss->gs.buf will not be empty upon retur n.

234 * If it's a change cipher spec, alert, or handshake message,	366 * If it's a change cipher spec, alert, or handshake message,

235 * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSucces s.	367 * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSucces s.

236 */	368 */

237 cText.type = (SSL3ContentType)ss->gs.hdr[0];	369 cText.type = (SSL3ContentType)ss->gs.hdr[0];

238 cText.version = (ss->gs.hdr[1] << 8) \| ss->gs.hdr[2];	370 cText.version = (ss->gs.hdr[1] << 8) \| ss->gs.hdr[2];

	371

	372 /* As above, we need to test datagram mode */

	373 if (IS_DTLS(ss)) {

	374 int i;

	375

	376 cText.version = dtls_DTLSVersionToTLSVersion(cText.version);

	377 /* DTLS sequence number */

	378 cText.seq_num.high = 0; cText.seq_num.low = 0;

	379 for (i = 0; i < 4; i++) {

	380 cText.seq_num.high <<= 8; cText.seq_num.low <<= 8;

	381 cText.seq_num.high \|= ss->gs.hdr[3 + i];

	382 cText.seq_num.low \|= ss->gs.hdr[7 + i];

	383 }

	384 }

	385

239 cText.buf = &ss->gs.inbuf;	386 cText.buf = &ss->gs.inbuf;

240 rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf);	387 rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf);

241 }	388 }

242 if (rv < 0) {	389 if (rv < 0) {

243 return ss->recvdCloseNotify ? 0 : rv;	390 return ss->recvdCloseNotify ? 0 : rv;

244 }	391 }

245	392

246 /* If we kicked off a false start in ssl3_HandleServerHelloDone, break	393 /* If we kicked off a false start in ssl3_HandleServerHelloDone, break

247 * out of this loop early without finishing the handshake.	394 * out of this loop early without finishing the handshake.

248 */	395 */

(...skipping 29 matching lines...) Expand all Loading...
278 {	425 {

279 int rv;	426 int rv;

280	427

281 PORT_Assert( ss->opt.noLocks \|\| ssl_HaveRecvBufLock(ss) );	428 PORT_Assert( ss->opt.noLocks \|\| ssl_HaveRecvBufLock(ss) );

282 do {	429 do {

283 rv = ssl3_GatherCompleteHandshake(ss, flags);	430 rv = ssl3_GatherCompleteHandshake(ss, flags);

284 } while (rv > 0 && ss->gs.buf.len == 0);	431 } while (rv > 0 && ss->gs.buf.len == 0);

285	432

286 return rv;	433 return rv;

287 }	434 }

OLD	NEW

« net/third_party/nss/ssl/ssl3con.c ('K') | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/ssl3prot.h » ('j') | net/third_party/nss/ssl/sslcon.c » ('J')