Chromium Code Reviews Chromium Code Reviews
Issue 9764001:
Add DTLS support to NSS, contributed by Eric Rescorla. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Gather (Read) entire SSL3 records from socket into buffer. | 2 * Gather (Read) entire SSL3 records from socket into buffer. |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 43 #include "sslimpl.h" | 43 #include "sslimpl.h" |
| 44 #include "ssl3prot.h" | 44 #include "ssl3prot.h" |
| 45 | 45 |
| 46 /* | 46 /* |
| 47 * Attempt to read in an entire SSL3 record. | 47 * Attempt to read in an entire SSL3 record. |
| 48 * Blocks here for blocking sockets, otherwise returns -1 with | 48 * Blocks here for blocking sockets, otherwise returns -1 with |
| 49 * PR_WOULD_BLOCK_ERROR when socket would block. | 49 * PR_WOULD_BLOCK_ERROR when socket would block. |
| 50 * | 50 * |
| 51 * returns 1 if received a complete SSL3 record. | 51 * returns 1 if received a complete SSL3 record. |
| 52 * returns 0 if recv returns EOF | 52 * returns 0 if recv returns EOF |
| 53 * returns -1 if recv returns <0 | 53 * returns -1 if recv returns < 0 |
| 54 * (The error value may have already been set to PR_WOULD_BLOCK_ERROR) | 54 * (The error value may have already been set to PR_WOULD_BLOCK_ERROR) |
| 55 * | 55 * |
| 56 * Caller must hold the recv buf lock. | 56 * Caller must hold the recv buf lock. |
| 57 * | 57 * |
| 58 * The Gather state machine has 3 states: GS_INIT, GS_HEADER, GS_DATA. | 58 * The Gather state machine has 3 states: GS_INIT, GS_HEADER, GS_DATA. |
| 59 * GS_HEADER: waiting for the 5-byte SSL3 record header to come in. | 59 * GS_HEADER: waiting for the 5-byte SSL3 record header to come in. |
| 60 * GS_DATA: waiting for the body of the SSL3 record to come in. | 60 * GS_DATA: waiting for the body of the SSL3 record to come in. |
| 61 * | 61 * |
| 62 * This loop returns when either (a) an error or EOF occurs, | 62 * This loop returns when either |
| 63 * (a) an error or EOF occurs, | |
| 63 * (b) PR_WOULD_BLOCK_ERROR, | 64 * (b) PR_WOULD_BLOCK_ERROR, |
| 64 * (c) data (entire SSL3 record) has been received. | 65 * (c) data (entire SSL3 record) has been received. |
| 65 */ | 66 */ |
| 66 static int | 67 static int |
| 67 ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags) | 68 ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags) |
| 68 { | 69 { |
| 69 unsigned char *bp; | 70 unsigned char *bp; |
| 70 unsigned char *lbp; | 71 unsigned char *lbp; |
| 71 int nb; | 72 int nb; |
| 72 int err; | 73 int err; |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 160 ** SSL3 record has been completely received. | 161 ** SSL3 record has been completely received. |
| 161 */ | 162 */ |
| 162 gs->state = GS_INIT; | 163 gs->state = GS_INIT; |
| 163 return 1; | 164 return 1; |
| 164 } | 165 } |
| 165 } | 166 } |
| 166 | 167 |
| 167 return rv; | 168 return rv; |
| 168 } | 169 } |
| 169 | 170 |
| 171 /* | |
| 172 * Read in an entire DTLS record. | |
| 173 * | |
| 174 * Blocks here for blocking sockets, otherwise returns -1 with | |
| 175 * PR_WOULD_BLOCK_ERROR when socket would block. | |
| 176 * | |
| 177 * This is simpler than SSL because we are reading on a datagram socket | |
| 178 * and datagrams must contain >=1 complete records. | |
| 179 * | |
| 180 * returns 1 if received a complete DTLS record. | |
| 181 * returns 0 if recv returns EOF | |
| 182 * returns -1 if recv returns < 0 | |
| 183 * (The error value may have already been set to PR_WOULD_BLOCK_ERROR) | |
| 184 * | |
| 185 * Caller must hold the recv buf lock. | |
| 186 * | |
| 187 * This loop returns when either | |
| 188 * (a) an error or EOF occurs, | |
| 189 * (b) PR_WOULD_BLOCK_ERROR, | |
| 190 * (c) data (entire DTLS record) has been received. | |
| 191 */ | |
| 192 static int | |
| 193 dtls_GatherData(sslSocket *ss, sslGather *gs, int flags) | |
| 194 { | |
| 195 int nb; | |
| 196 int err; | |
| 197 int rv = 1; | |
| 198 | |
| 199 SSL_TRC(30, ("dtls_GatherData")); | |
| 200 | |
| 201 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | |
| 202 | |
| 203 gs->state = GS_HEADER; | |
| 204 gs->offset = 0; | |
| 205 | |
| 206 if (gs->dtlsPacketOffset == gs->dtlsPacket.len) { /* No data left */ | |
| 207 gs->dtlsPacketOffset = 0; | |
| 208 gs->dtlsPacket.len = 0; | |
| 209 | |
| 210 /* Resize to the maximum possible size so we can fit a full datagram */ | |
| 211 /* This is the max fragment length for an encrypted fragment | |
| 212 ** plus the size of the record header. | |
| 213 ** This magic constant is copied from ssl3_GatherData, with 5 changed | |
| 214 ** to 13 (the size of the record header). | |
| 215 */ | |
| 216 if (gs->dtlsPacket.space < MAX_FRAGMENT_LENGTH + 2048 + 13) { | |
|
ekr
2012/03/26 21:49:18
Good catch here.
| |
| 217 err = sslBuffer_Grow(&gs->dtlsPacket, | |
| 218 MAX_FRAGMENT_LENGTH + 2048 + 13); | |
| 219 if (err) { /* realloc has set error code to no mem. */ | |
| 220 return err; | |
| 221 } | |
| 222 } | |
| 223 | |
| 224 /* recv() needs to read a full datagram at a time */ | |
| 225 nb = ssl_DefRecv(ss, gs->dtlsPacket.buf, gs->dtlsPacket.space, flags); | |
| 226 | |
| 227 if (nb > 0) { | |
| 228 PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb)); | |
| 229 } else if (nb == 0) { | |
| 230 /* EOF */ | |
| 231 SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd)); | |
| 232 rv = 0; | |
| 233 return rv; | |
| 234 } else /* if (nb < 0) */ { | |
| 235 SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd, | |
| 236 PR_GetError())); | |
| 237 rv = SECFailure; | |
| 238 return rv; | |
| 239 } | |
| 240 | |
| 241 gs->dtlsPacket.len = nb; | |
| 242 } | |
| 243 | |
| 244 /* At this point we should have >=1 complete records lined up in | |
| 245 * dtlsPacket. Read off the header. | |
| 246 */ | |
| 247 if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < 13) { | |
| 248 SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet " | |
| 249 "too short to contain header", SSL_GETPID(), ss->fd)); | |
| 250 PR_SetError(PR_WOULD_BLOCK_ERROR, 0); | |
| 251 gs->dtlsPacketOffset = 0; | |
| 252 gs->dtlsPacket.len = 0; | |
| 253 rv = SECFailure; | |
| 254 return rv; | |
| 255 } | |
| 256 memcpy(gs->hdr, gs->dtlsPacket.buf + gs->dtlsPacketOffset, 13); | |
| 257 gs->dtlsPacketOffset += 13; | |
| 258 | |
| 259 /* Have received SSL3 record header in gs->hdr. */ | |
| 260 gs->remainder = (gs->hdr[11] << 8) | gs->hdr[12]; | |
| 261 | |
| 262 if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < gs->remainder) { | |
| 263 SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet too short " | |
| 264 "to contain rest of body", SSL_GETPID(), ss->fd)); | |
| 265 PR_SetError(PR_WOULD_BLOCK_ERROR, 0); | |
| 266 gs->dtlsPacketOffset = 0; | |
| 267 gs->dtlsPacket.len = 0; | |
| 268 rv = SECFailure; | |
| 269 return rv; | |
| 270 } | |
| 271 | |
| 272 /* OK, we have at least one complete packet, copy into inbuf */ | |
| 273 if (gs->remainder > gs->inbuf.space) { | |
| 274 err = sslBuffer_Grow(&gs->inbuf, gs->remainder); | |
| 275 if (err) { /* realloc has set error code to no mem. */ | |
| 276 return err; | |
| 277 } | |
| 278 } | |
| 279 | |
| 280 memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset, | |
| 281 gs->remainder); | |
| 282 gs->inbuf.len = gs->remainder; | |
| 283 gs->offset = gs->remainder; | |
| 284 gs->dtlsPacketOffset += gs->remainder; | |
| 285 gs->state = GS_INIT; | |
| 286 | |
| 287 return 1; | |
| 288 } | |
| 289 | |
| 170 /* Gather in a record and when complete, Handle that record. | 290 /* Gather in a record and when complete, Handle that record. |
| 171 * Repeat this until the handshake is complete, | 291 * Repeat this until the handshake is complete, |
| 172 * or until application data is available. | 292 * or until application data is available. |
| 173 * | 293 * |
| 174 * Returns 1 when the handshake is completed without error, or | 294 * Returns 1 when the handshake is completed without error, or |
| 175 * application data is available. | 295 * application data is available. |
| 176 * Returns 0 if ssl3_GatherData hits EOF. | 296 * Returns 0 if ssl3_GatherData hits EOF. |
| 177 * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error. | 297 * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error. |
| 178 * Returns -2 on SECWouldBlock return from ssl3_HandleRecord. | 298 * Returns -2 on SECWouldBlock return from ssl3_HandleRecord. |
| 179 * | 299 * |
| 180 * Called from ssl_GatherRecord1stHandshake in sslcon.c, | 300 * Called from ssl_GatherRecord1stHandshake in sslcon.c, |
| 181 * and from SSL_ForceHandshake in sslsecur.c | 301 * and from SSL_ForceHandshake in sslsecur.c |
| 182 * and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c). | 302 * and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c). |
| 183 * | 303 * |
| 184 * Caller must hold the recv buf lock. | 304 * Caller must hold the recv buf lock. |
| 185 */ | 305 */ |
| 186 int | 306 int |
| 187 ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) | 307 ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) |
| 188 { | 308 { |
| 189 SSL3Ciphertext cText; | 309 SSL3Ciphertext cText; |
| 190 int rv; | 310 int rv; |
| 191 PRBool canFalseStart = PR_FALSE; | 311 PRBool canFalseStart = PR_FALSE; |
| 192 | 312 |
| 313 SSL_TRC(30, ("ssl3_GatherCompleteHandshake")); | |
| 314 | |
| 193 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 315 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
| 194 do { | 316 do { |
| 195 /* Without this, we may end up wrongly reporting | 317 /* Without this, we may end up wrongly reporting |
| 196 * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the | 318 * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the |
| 197 * peer while we are waiting to be restarted. | 319 * peer while we are waiting to be restarted. |
| 198 */ | 320 */ |
| 199 ssl_GetSSL3HandshakeLock(ss); | 321 ssl_GetSSL3HandshakeLock(ss); |
| 200 rv = ss->ssl3.hs.restartTarget == NULL ? SECSuccess : SECFailure; | 322 rv = ss->ssl3.hs.restartTarget == NULL ? SECSuccess : SECFailure; |
| 201 ssl_ReleaseSSL3HandshakeLock(ss); | 323 ssl_ReleaseSSL3HandshakeLock(ss); |
| 202 if (rv != SECSuccess) { | 324 if (rv != SECSuccess) { |
| (...skipping 14 matching lines...) Expand all Loading... | |
| 217 | 339 |
| 218 if (ss->ssl3.hs.msgState.buf != NULL) { | 340 if (ss->ssl3.hs.msgState.buf != NULL) { |
| 219 /* ssl3_HandleHandshake previously returned SECWouldBlock and the | 341 /* ssl3_HandleHandshake previously returned SECWouldBlock and the |
| 220 * as-yet-unprocessed plaintext of that previous handshake record. | 342 * as-yet-unprocessed plaintext of that previous handshake record. |
| 221 * We need to process it now before we overwrite it with the next | 343 * We need to process it now before we overwrite it with the next |
| 222 * handshake record. | 344 * handshake record. |
| 223 */ | 345 */ |
| 224 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf); | 346 rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf); |
| 225 } else { | 347 } else { |
| 226 /* bring in the next sslv3 record. */ | 348 /* bring in the next sslv3 record. */ |
| 227 » rv = ssl3_GatherData(ss, &ss->gs, flags); | 349 » if (!IS_DTLS(ss)) { |
| 350 » » rv = ssl3_GatherData(ss, &ss->gs, flags); | |
| 351 » } else { | |
| 352 » » rv = dtls_GatherData(ss, &ss->gs, flags); | |
| 353 » » | |
| 354 » » /* If we got a would block error, that means that no data was | |
| 355 » » * available, so we check the timer to see if it's time to | |
| 356 » » * retransmit */ | |
| 357 » » if (rv == SECFailure && | |
| 358 » » (PORT_GetError() == PR_WOULD_BLOCK_ERROR)) { | |
| 359 » » ssl_GetSSL3HandshakeLock(ss); | |
| 360 » » dtls_CheckTimer(ss); | |
| 361 » » ssl_ReleaseSSL3HandshakeLock(ss); | |
| 362 » » /* Restore the error in case something succeeded */ | |
| 363 » » PORT_SetError(PR_WOULD_BLOCK_ERROR); | |
| 364 » » } | |
| 365 » } | |
| 366 | |
| 228 if (rv <= 0) { | 367 if (rv <= 0) { |
| 229 return rv; | 368 return rv; |
| 230 } | 369 } |
| 231 | 370 |
| 232 /* decipher it, and handle it if it's a handshake. | 371 /* decipher it, and handle it if it's a handshake. |
| 233 * If it's application data, ss->gs.buf will not be empty upon retur n. | 372 * If it's application data, ss->gs.buf will not be empty upon retur n. |
| 234 * If it's a change cipher spec, alert, or handshake message, | 373 * If it's a change cipher spec, alert, or handshake message, |
| 235 * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSucces s. | 374 * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSucces s. |
| 236 */ | 375 */ |
| 237 cText.type = (SSL3ContentType)ss->gs.hdr[0]; | 376 cText.type = (SSL3ContentType)ss->gs.hdr[0]; |
| 238 cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2]; | 377 cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2]; |
| 378 | |
| 379 /* As above, we need to test datagram mode */ | |
|
ekr
2012/03/26 21:49:18
We could probably just remove this comment, since
| |
| 380 if (IS_DTLS(ss)) { | |
| 381 int i; | |
| 382 | |
| 383 cText.version = dtls_DTLSVersionToTLSVersion(cText.version); | |
| 384 /* DTLS sequence number */ | |
| 385 cText.seq_num.high = 0; cText.seq_num.low = 0; | |
| 386 for (i = 0; i < 4; i++) { | |
| 387 cText.seq_num.high <<= 8; cText.seq_num.low <<= 8; | |
| 388 cText.seq_num.high |= ss->gs.hdr[3 + i]; | |
| 389 cText.seq_num.low |= ss->gs.hdr[7 + i]; | |
| 390 } | |
| 391 } | |
| 392 | |
| 239 cText.buf = &ss->gs.inbuf; | 393 cText.buf = &ss->gs.inbuf; |
| 240 rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf); | 394 rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf); |
| 241 } | 395 } |
| 242 if (rv < 0) { | 396 if (rv < 0) { |
| 243 return ss->recvdCloseNotify ? 0 : rv; | 397 return ss->recvdCloseNotify ? 0 : rv; |
| 244 } | 398 } |
| 245 | 399 |
| 246 /* If we kicked off a false start in ssl3_HandleServerHelloDone, break | 400 /* If we kicked off a false start in ssl3_HandleServerHelloDone, break |
| 247 * out of this loop early without finishing the handshake. | 401 * out of this loop early without finishing the handshake. |
| 248 */ | 402 */ |
| (...skipping 29 matching lines...) Expand all Loading... | |
| 278 { | 432 { |
| 279 int rv; | 433 int rv; |
| 280 | 434 |
| 281 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 435 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
| 282 do { | 436 do { |
| 283 rv = ssl3_GatherCompleteHandshake(ss, flags); | 437 rv = ssl3_GatherCompleteHandshake(ss, flags); |
| 284 } while (rv > 0 && ss->gs.buf.len == 0); | 438 } while (rv > 0 && ss->gs.buf.len == 0); |
| 285 | 439 |
| 286 return rv; | 440 return rv; |
| 287 } | 441 } |
| OLD | NEW |
