Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(459)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/ssl/ssl3gthr.c

Issue 9764001: Add DTLS support to NSS, contributed by Eric Rescorla. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/third_party/nss/ssl/ssl3con.c ('K') | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/ssl3prot.h » ('j') | net/third_party/nss/ssl/sslimpl.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/ssl3gthr.c
===================================================================
--- net/third_party/nss/ssl/ssl3gthr.c (revision 127709)
+++ net/third_party/nss/ssl/ssl3gthr.c (working copy)
@@ -74,12 +74,12 @@
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
if (gs->state == GS_INIT) {
- gs->state = GS_HEADER;
- gs->remainder = 5;
- gs->offset = 0;
- gs->writeOffset = 0;
- gs->readOffset = 0;
- gs->inbuf.len = 0;
+ gs->state = GS_HEADER;
+ gs->remainder = 5;
+ gs->offset = 0;
+ gs->writeOffset = 0;
+ gs->readOffset = 0;
+ gs->inbuf.len = 0;
}
lbp = gs->inbuf.buf;
@@ -167,6 +167,127 @@
return rv;
}
+/*
+ * Read in an entire DTLS record.
+ *
+ * Blocks here for blocking sockets, otherwise returns -1 with
+ * PR_WOULD_BLOCK_ERROR when socket would block.
+ *
+ * This is simpler than SSL because we are reading on a datagram
+ * socket and datagrams must contain >=1 complete records.
+ *
+ * returns 1 if received a complete DTLS record.
+ * returns 0 if recv returns EOF
+ * returns -1 if recv returns <0
+ * (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
+ *
+ * Caller must hold the recv buf lock.
+ *
+ *
+ * This loop returns when either (a) an error or EOF occurs,
+ * (b) PR_WOULD_BLOCK_ERROR,
+ * (c) data (entire DTLS record) has been received.
+ */
+static int
+dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
+{
+ int nb;
+ int err;
+ int rv = 1;
+
+ SSL_TRC(30, ("dtls_GatherData"));
+
+ PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
+
+ gs->state = GS_HEADER;
+ gs->offset = 0;
+
+ if (gs->dtlsPacketOffset == gs->dtlsPacket.len) { /* No data left */
+ gs->dtlsPacketOffset = 0;
+ gs->dtlsPacket.len = 0;
+
+ /* Resize to the maximum possible size so we can fit a full datagram */
+ if (gs->dtlsPacket.space < MAX_FRAGMENT_LENGTH + 2048 + 5) {
+ err = sslBuffer_Grow(&gs->dtlsPacket,
+ MAX_FRAGMENT_LENGTH + 2048 + 5);
+ if (err) { /* realloc has set error code to no mem. */
+ return err;
+ }
+ }
+
+ /* recv() needs to read a full datagram at a time */
+ nb = ssl_DefRecv(ss, gs->dtlsPacket.buf, gs->dtlsPacket.space, flags);
+
+ if (nb > 0) {
+ PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb));
+ } else if (nb == 0) {
+ /* EOF */
+ SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
+ rv = 0;
+ return rv;
+ } else /* if (nb < 0) */ {
+ SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
+ PR_GetError()));
+ rv = SECFailure;
+ return rv;
+ }
+
+ gs->dtlsPacket.len = nb;
+ }
+
+ /* At this point we should have >=1 complete records lined up in
+ dtlsPacket. Read off the header
+ */
+
+ if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < 13) {
+ SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet "
+ "too short to contain header", SSL_GETPID(), ss->fd));
+ PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+ gs->dtlsPacketOffset = 0;
+ gs->dtlsPacket.len = 0;
+ rv = SECFailure;
+ return rv;
+ }
+ memcpy(gs->hdr, gs->dtlsPacket.buf + gs->dtlsPacketOffset, 13);
+ gs->dtlsPacketOffset += 13;
+
+
+ /*
+ ** Have received SSL3 record header in gs->hdr.
+ */
+ gs->remainder = (gs->hdr[11] << 8) | gs->hdr[12];
+
+ if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < gs->remainder) {
+ SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet too short "
+ "to contain rest of body", SSL_GETPID(), ss->fd));
+ PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+ gs->dtlsPacketOffset = 0;
+ gs->dtlsPacket.len = 0;
+ rv = SECFailure;
+ return rv;
+ }
+
+ /* OK, we have at least one complete packet, copy into inbuf */
+ if (gs->remainder > gs->inbuf.space) {
+ err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
+ if (err) { /* realloc has set error code to no mem. */
+ return err;
+ }
+ }
+
+ memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset,
+ gs->remainder);
+ gs->inbuf.len = gs->remainder;
+ gs->offset = gs->remainder;
+ gs->dtlsPacketOffset += gs->remainder;
+ gs->state = GS_INIT;
+
+ return 1;
+}
+
+
+
+
/* Gather in a record and when complete, Handle that record.
* Repeat this until the handshake is complete,
* or until application data is available.
@@ -190,6 +311,8 @@
int rv;
PRBool canFalseStart = PR_FALSE;
+ SSL_TRC(30, ("ssl3_GatherCompleteHandshake"));
+
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
do {
/* Without this, we may end up wrongly reporting
@@ -224,7 +347,23 @@
rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
} else {
/* bring in the next sslv3 record. */
- rv = ssl3_GatherData(ss, &ss->gs, flags);
+ if (IS_DTLS(ss)) {
+ rv = dtls_GatherData(ss, &ss->gs, flags);
+
+ /* If we got a would block error, that means that no data was
+ * available, so we check the timer to see if it's time to
+ * retransmit */
+ if (rv == SECFailure && (PORT_GetError() == PR_WOULD_BLOCK_ERROR)) {
+ ssl_GetSSL3HandshakeLock(ss);
+ dtls_CheckTimer(ss);
+ /* Restore the error in case something succeeded */
+ PORT_SetError(PR_WOULD_BLOCK_ERROR);
+ ssl_ReleaseSSL3HandshakeLock(ss);
+ }
+ } else {
+ rv = ssl3_GatherData(ss, &ss->gs, flags);
+ }
+
if (rv <= 0) {
return rv;
}
@@ -235,8 +374,30 @@
* ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSuccess.
*/
cText.type = (SSL3ContentType)ss->gs.hdr[0];
- cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
+
+ /* As above, we need to test ss->opt.dgramMode */
+ if (IS_DTLS(ss)) {
+ cText.version =
+ dtls_DTLSVersionToTLSVersion((((unsigned char)ss->gs.hdr[1]) << 8) |
+ (unsigned char )ss->gs.hdr[2]);
+ } else {
+ cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
+ }
cText.buf = &ss->gs.inbuf;
+
+ /* DTLS sequence number */
+ if (IS_DTLS(ss)) {
+ int i;
+
+ cText.seq_num.high = 0; cText.seq_num.low = 0;
+ for (i = 0; i < 4; i++) {
+ cText.seq_num.high <<= 8; cText.seq_num.low <<= 8;
+ cText.seq_num.high |= ss->gs.hdr[3+i];
+ cText.seq_num.low |= ss->gs.hdr[7+i];
+ }
+ }
+
+ cText.buf = &ss->gs.inbuf;
rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf);
}
if (rv < 0) {
@@ -285,3 +446,4 @@
return rv;
}
+
« net/third_party/nss/ssl/ssl3con.c ('K') | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/ssl3prot.h » ('j') | net/third_party/nss/ssl/sslimpl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698