OLD | NEW |
| (Empty) |
1 /* ssl/d1_lib.c */ | |
2 /* | |
3 * DTLS implementation written by Nagendra Modadugu | |
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | |
5 */ | |
6 /* ==================================================================== | |
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | |
8 * | |
9 * Redistribution and use in source and binary forms, with or without | |
10 * modification, are permitted provided that the following conditions | |
11 * are met: | |
12 * | |
13 * 1. Redistributions of source code must retain the above copyright | |
14 * notice, this list of conditions and the following disclaimer. | |
15 * | |
16 * 2. Redistributions in binary form must reproduce the above copyright | |
17 * notice, this list of conditions and the following disclaimer in | |
18 * the documentation and/or other materials provided with the | |
19 * distribution. | |
20 * | |
21 * 3. All advertising materials mentioning features or use of this | |
22 * software must display the following acknowledgment: | |
23 * "This product includes software developed by the OpenSSL Project | |
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
25 * | |
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
27 * endorse or promote products derived from this software without | |
28 * prior written permission. For written permission, please contact | |
29 * openssl-core@OpenSSL.org. | |
30 * | |
31 * 5. Products derived from this software may not be called "OpenSSL" | |
32 * nor may "OpenSSL" appear in their names without prior written | |
33 * permission of the OpenSSL Project. | |
34 * | |
35 * 6. Redistributions of any form whatsoever must retain the following | |
36 * acknowledgment: | |
37 * "This product includes software developed by the OpenSSL Project | |
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
39 * | |
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
51 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
52 * ==================================================================== | |
53 * | |
54 * This product includes cryptographic software written by Eric Young | |
55 * (eay@cryptsoft.com). This product includes software written by Tim | |
56 * Hudson (tjh@cryptsoft.com). | |
57 * | |
58 */ | |
59 | |
60 #include <stdio.h> | |
61 #define USE_SOCKETS | |
62 #include <openssl/objects.h> | |
63 #include "ssl_locl.h" | |
64 | |
65 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) | |
66 #include <sys/timeb.h> | |
67 #endif | |
68 | |
69 static void get_current_time(struct timeval *t); | |
70 const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; | |
71 int dtls1_listen(SSL *s, struct sockaddr *client); | |
72 | |
73 SSL3_ENC_METHOD DTLSv1_enc_data={ | |
74 dtls1_enc, | |
75 tls1_mac, | |
76 tls1_setup_key_block, | |
77 tls1_generate_master_secret, | |
78 tls1_change_cipher_state, | |
79 tls1_final_finish_mac, | |
80 TLS1_FINISH_MAC_LENGTH, | |
81 tls1_cert_verify_mac, | |
82 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, | |
83 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, | |
84 tls1_alert_code, | |
85 tls1_export_keying_material, | |
86 }; | |
87 | |
88 long dtls1_default_timeout(void) | |
89 { | |
90 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec | |
91 * is way too long for http, the cache would over fill */ | |
92 return(60*60*2); | |
93 } | |
94 | |
95 int dtls1_new(SSL *s) | |
96 { | |
97 DTLS1_STATE *d1; | |
98 | |
99 if (!ssl3_new(s)) return(0); | |
100 if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0); | |
101 memset(d1,0, sizeof *d1); | |
102 | |
103 /* d1->handshake_epoch=0; */ | |
104 | |
105 d1->unprocessed_rcds.q=pqueue_new(); | |
106 d1->processed_rcds.q=pqueue_new(); | |
107 d1->buffered_messages = pqueue_new(); | |
108 d1->sent_messages=pqueue_new(); | |
109 d1->buffered_app_data.q=pqueue_new(); | |
110 | |
111 if ( s->server) | |
112 { | |
113 d1->cookie_len = sizeof(s->d1->cookie); | |
114 } | |
115 | |
116 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q | |
117 || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_
data.q) | |
118 { | |
119 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); | |
120 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); | |
121 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); | |
122 if ( d1->sent_messages) pqueue_free(d1->sent_messages); | |
123 if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.
q); | |
124 OPENSSL_free(d1); | |
125 return (0); | |
126 } | |
127 | |
128 s->d1=d1; | |
129 s->method->ssl_clear(s); | |
130 return(1); | |
131 } | |
132 | |
133 static void dtls1_clear_queues(SSL *s) | |
134 { | |
135 pitem *item = NULL; | |
136 hm_fragment *frag = NULL; | |
137 DTLS1_RECORD_DATA *rdata; | |
138 | |
139 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) | |
140 { | |
141 rdata = (DTLS1_RECORD_DATA *) item->data; | |
142 if (rdata->rbuf.buf) | |
143 { | |
144 OPENSSL_free(rdata->rbuf.buf); | |
145 } | |
146 OPENSSL_free(item->data); | |
147 pitem_free(item); | |
148 } | |
149 | |
150 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) | |
151 { | |
152 rdata = (DTLS1_RECORD_DATA *) item->data; | |
153 if (rdata->rbuf.buf) | |
154 { | |
155 OPENSSL_free(rdata->rbuf.buf); | |
156 } | |
157 OPENSSL_free(item->data); | |
158 pitem_free(item); | |
159 } | |
160 | |
161 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) | |
162 { | |
163 frag = (hm_fragment *)item->data; | |
164 OPENSSL_free(frag->fragment); | |
165 OPENSSL_free(frag); | |
166 pitem_free(item); | |
167 } | |
168 | |
169 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) | |
170 { | |
171 frag = (hm_fragment *)item->data; | |
172 OPENSSL_free(frag->fragment); | |
173 OPENSSL_free(frag); | |
174 pitem_free(item); | |
175 } | |
176 | |
177 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) | |
178 { | |
179 rdata = (DTLS1_RECORD_DATA *) item->data; | |
180 if (rdata->rbuf.buf) | |
181 { | |
182 OPENSSL_free(rdata->rbuf.buf); | |
183 } | |
184 OPENSSL_free(item->data); | |
185 pitem_free(item); | |
186 } | |
187 } | |
188 | |
189 void dtls1_free(SSL *s) | |
190 { | |
191 ssl3_free(s); | |
192 | |
193 dtls1_clear_queues(s); | |
194 | |
195 pqueue_free(s->d1->unprocessed_rcds.q); | |
196 pqueue_free(s->d1->processed_rcds.q); | |
197 pqueue_free(s->d1->buffered_messages); | |
198 pqueue_free(s->d1->sent_messages); | |
199 pqueue_free(s->d1->buffered_app_data.q); | |
200 | |
201 OPENSSL_free(s->d1); | |
202 } | |
203 | |
204 void dtls1_clear(SSL *s) | |
205 { | |
206 pqueue unprocessed_rcds; | |
207 pqueue processed_rcds; | |
208 pqueue buffered_messages; | |
209 pqueue sent_messages; | |
210 pqueue buffered_app_data; | |
211 unsigned int mtu; | |
212 | |
213 if (s->d1) | |
214 { | |
215 unprocessed_rcds = s->d1->unprocessed_rcds.q; | |
216 processed_rcds = s->d1->processed_rcds.q; | |
217 buffered_messages = s->d1->buffered_messages; | |
218 sent_messages = s->d1->sent_messages; | |
219 buffered_app_data = s->d1->buffered_app_data.q; | |
220 mtu = s->d1->mtu; | |
221 | |
222 dtls1_clear_queues(s); | |
223 | |
224 memset(s->d1, 0, sizeof(*(s->d1))); | |
225 | |
226 if (s->server) | |
227 { | |
228 s->d1->cookie_len = sizeof(s->d1->cookie); | |
229 } | |
230 | |
231 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) | |
232 { | |
233 s->d1->mtu = mtu; | |
234 } | |
235 | |
236 s->d1->unprocessed_rcds.q = unprocessed_rcds; | |
237 s->d1->processed_rcds.q = processed_rcds; | |
238 s->d1->buffered_messages = buffered_messages; | |
239 s->d1->sent_messages = sent_messages; | |
240 s->d1->buffered_app_data.q = buffered_app_data; | |
241 } | |
242 | |
243 ssl3_clear(s); | |
244 if (s->options & SSL_OP_CISCO_ANYCONNECT) | |
245 s->version=DTLS1_BAD_VER; | |
246 else | |
247 s->version=DTLS1_VERSION; | |
248 } | |
249 | |
250 long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) | |
251 { | |
252 int ret=0; | |
253 | |
254 switch (cmd) | |
255 { | |
256 case DTLS_CTRL_GET_TIMEOUT: | |
257 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) | |
258 { | |
259 ret = 1; | |
260 } | |
261 break; | |
262 case DTLS_CTRL_HANDLE_TIMEOUT: | |
263 ret = dtls1_handle_timeout(s); | |
264 break; | |
265 case DTLS_CTRL_LISTEN: | |
266 ret = dtls1_listen(s, parg); | |
267 break; | |
268 | |
269 default: | |
270 ret = ssl3_ctrl(s, cmd, larg, parg); | |
271 break; | |
272 } | |
273 return(ret); | |
274 } | |
275 | |
276 /* | |
277 * As it's impossible to use stream ciphers in "datagram" mode, this | |
278 * simple filter is designed to disengage them in DTLS. Unfortunately | |
279 * there is no universal way to identify stream SSL_CIPHER, so we have | |
280 * to explicitly list their SSL_* codes. Currently RC4 is the only one | |
281 * available, but if new ones emerge, they will have to be added... | |
282 */ | |
283 const SSL_CIPHER *dtls1_get_cipher(unsigned int u) | |
284 { | |
285 const SSL_CIPHER *ciph = ssl3_get_cipher(u); | |
286 | |
287 if (ciph != NULL) | |
288 { | |
289 if (ciph->algorithm_enc == SSL_RC4) | |
290 return NULL; | |
291 } | |
292 | |
293 return ciph; | |
294 } | |
295 | |
296 void dtls1_start_timer(SSL *s) | |
297 { | |
298 #ifndef OPENSSL_NO_SCTP | |
299 /* Disable timer for SCTP */ | |
300 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) | |
301 { | |
302 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | |
303 return; | |
304 } | |
305 #endif | |
306 | |
307 /* If timer is not set, initialize duration with 1 second */ | |
308 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | |
309 { | |
310 s->d1->timeout_duration = 1; | |
311 } | |
312 | |
313 /* Set timeout to current time */ | |
314 get_current_time(&(s->d1->next_timeout)); | |
315 | |
316 /* Add duration to current time */ | |
317 s->d1->next_timeout.tv_sec += s->d1->timeout_duration; | |
318 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->n
ext_timeout)); | |
319 } | |
320 | |
321 struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) | |
322 { | |
323 struct timeval timenow; | |
324 | |
325 /* If no timeout is set, just return NULL */ | |
326 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | |
327 { | |
328 return NULL; | |
329 } | |
330 | |
331 /* Get current time */ | |
332 get_current_time(&timenow); | |
333 | |
334 /* If timer already expired, set remaining time to 0 */ | |
335 if (s->d1->next_timeout.tv_sec < timenow.tv_sec || | |
336 (s->d1->next_timeout.tv_sec == timenow.tv_sec && | |
337 s->d1->next_timeout.tv_usec <= timenow.tv_usec)) | |
338 { | |
339 memset(timeleft, 0, sizeof(struct timeval)); | |
340 return timeleft; | |
341 } | |
342 | |
343 /* Calculate time left until timer expires */ | |
344 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); | |
345 timeleft->tv_sec -= timenow.tv_sec; | |
346 timeleft->tv_usec -= timenow.tv_usec; | |
347 if (timeleft->tv_usec < 0) | |
348 { | |
349 timeleft->tv_sec--; | |
350 timeleft->tv_usec += 1000000; | |
351 } | |
352 | |
353 /* If remaining time is less than 15 ms, set it to 0 | |
354 * to prevent issues because of small devergences with | |
355 * socket timeouts. | |
356 */ | |
357 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) | |
358 { | |
359 memset(timeleft, 0, sizeof(struct timeval)); | |
360 } | |
361 | |
362 | |
363 return timeleft; | |
364 } | |
365 | |
366 int dtls1_is_timer_expired(SSL *s) | |
367 { | |
368 struct timeval timeleft; | |
369 | |
370 /* Get time left until timeout, return false if no timer running */ | |
371 if (dtls1_get_timeout(s, &timeleft) == NULL) | |
372 { | |
373 return 0; | |
374 } | |
375 | |
376 /* Return false if timer is not expired yet */ | |
377 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) | |
378 { | |
379 return 0; | |
380 } | |
381 | |
382 /* Timer expired, so return true */ | |
383 return 1; | |
384 } | |
385 | |
386 void dtls1_double_timeout(SSL *s) | |
387 { | |
388 s->d1->timeout_duration *= 2; | |
389 if (s->d1->timeout_duration > 60) | |
390 s->d1->timeout_duration = 60; | |
391 dtls1_start_timer(s); | |
392 } | |
393 | |
394 void dtls1_stop_timer(SSL *s) | |
395 { | |
396 /* Reset everything */ | |
397 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); | |
398 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | |
399 s->d1->timeout_duration = 1; | |
400 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->n
ext_timeout)); | |
401 /* Clear retransmission buffer */ | |
402 dtls1_clear_record_buffer(s); | |
403 } | |
404 | |
405 int dtls1_check_timeout_num(SSL *s) | |
406 { | |
407 s->d1->timeout.num_alerts++; | |
408 | |
409 /* Reduce MTU after 2 unsuccessful retransmissions */ | |
410 if (s->d1->timeout.num_alerts > 2) | |
411 { | |
412 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBA
CK_MTU, 0, NULL); | |
413 } | |
414 | |
415 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) | |
416 { | |
417 /* fail the connection, enough alerts have been sent */ | |
418 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED)
; | |
419 return -1; | |
420 } | |
421 | |
422 return 0; | |
423 } | |
424 | |
425 int dtls1_handle_timeout(SSL *s) | |
426 { | |
427 /* if no timer is expired, don't do anything */ | |
428 if (!dtls1_is_timer_expired(s)) | |
429 { | |
430 return 0; | |
431 } | |
432 | |
433 dtls1_double_timeout(s); | |
434 | |
435 if (dtls1_check_timeout_num(s) < 0) | |
436 return -1; | |
437 | |
438 s->d1->timeout.read_timeouts++; | |
439 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) | |
440 { | |
441 s->d1->timeout.read_timeouts = 1; | |
442 } | |
443 | |
444 #ifndef OPENSSL_NO_HEARTBEATS | |
445 if (s->tlsext_hb_pending) | |
446 { | |
447 s->tlsext_hb_pending = 0; | |
448 return dtls1_heartbeat(s); | |
449 } | |
450 #endif | |
451 | |
452 dtls1_start_timer(s); | |
453 return dtls1_retransmit_buffered_messages(s); | |
454 } | |
455 | |
456 static void get_current_time(struct timeval *t) | |
457 { | |
458 #ifdef OPENSSL_SYS_WIN32 | |
459 struct _timeb tb; | |
460 _ftime(&tb); | |
461 t->tv_sec = (long)tb.time; | |
462 t->tv_usec = (long)tb.millitm * 1000; | |
463 #elif defined(OPENSSL_SYS_VMS) | |
464 struct timeb tb; | |
465 ftime(&tb); | |
466 t->tv_sec = (long)tb.time; | |
467 t->tv_usec = (long)tb.millitm * 1000; | |
468 #else | |
469 gettimeofday(t, NULL); | |
470 #endif | |
471 } | |
472 | |
473 int dtls1_listen(SSL *s, struct sockaddr *client) | |
474 { | |
475 int ret; | |
476 | |
477 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); | |
478 s->d1->listen = 1; | |
479 | |
480 ret = SSL_accept(s); | |
481 if (ret <= 0) return ret; | |
482 | |
483 (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); | |
484 return 1; | |
485 } | |
OLD | NEW |