| OLD | NEW |
|---|
| (Empty) |
| 1 /* ssl/d1_lib.c */ | |
| 2 /* | |
| 3 * DTLS implementation written by Nagendra Modadugu | |
| 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | |
| 5 */ | |
| 6 /* ==================================================================== | |
| 7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | |
| 8 * | |
| 9 * Redistribution and use in source and binary forms, with or without | |
| 10 * modification, are permitted provided that the following conditions | |
| 11 * are met: | |
| 12 * | |
| 13 * 1. Redistributions of source code must retain the above copyright | |
| 14 * notice, this list of conditions and the following disclaimer. | |
| 15 * | |
| 16 * 2. Redistributions in binary form must reproduce the above copyright | |
| 17 * notice, this list of conditions and the following disclaimer in | |
| 18 * the documentation and/or other materials provided with the | |
| 19 * distribution. | |
| 20 * | |
| 21 * 3. All advertising materials mentioning features or use of this | |
| 22 * software must display the following acknowledgment: | |
| 23 * "This product includes software developed by the OpenSSL Project | |
| 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
| 25 * | |
| 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
| 27 * endorse or promote products derived from this software without | |
| 28 * prior written permission. For written permission, please contact | |
| 29 * openssl-core@OpenSSL.org. | |
| 30 * | |
| 31 * 5. Products derived from this software may not be called "OpenSSL" | |
| 32 * nor may "OpenSSL" appear in their names without prior written | |
| 33 * permission of the OpenSSL Project. | |
| 34 * | |
| 35 * 6. Redistributions of any form whatsoever must retain the following | |
| 36 * acknowledgment: | |
| 37 * "This product includes software developed by the OpenSSL Project | |
| 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
| 39 * | |
| 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
| 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
| 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
| 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
| 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
| 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
| 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| 51 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 52 * ==================================================================== | |
| 53 * | |
| 54 * This product includes cryptographic software written by Eric Young | |
| 55 * (eay@cryptsoft.com). This product includes software written by Tim | |
| 56 * Hudson (tjh@cryptsoft.com). | |
| 57 * | |
| 58 */ | |
| 59 | |
| 60 #include <stdio.h> | |
| 61 #define USE_SOCKETS | |
| 62 #include <openssl/objects.h> | |
| 63 #include "ssl_locl.h" | |
| 64 | |
| 65 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) | |
| 66 #include <sys/timeb.h> | |
| 67 #endif | |
| 68 | |
| 69 static void get_current_time(struct timeval *t); | |
| 70 const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; | |
| 71 int dtls1_listen(SSL *s, struct sockaddr *client); | |
| 72 | |
| 73 SSL3_ENC_METHOD DTLSv1_enc_data={ | |
| 74 dtls1_enc, | |
| 75 tls1_mac, | |
| 76 tls1_setup_key_block, | |
| 77 tls1_generate_master_secret, | |
| 78 tls1_change_cipher_state, | |
| 79 tls1_final_finish_mac, | |
| 80 TLS1_FINISH_MAC_LENGTH, | |
| 81 tls1_cert_verify_mac, | |
| 82 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, | |
| 83 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, | |
| 84 tls1_alert_code, | |
| 85 tls1_export_keying_material, | |
| 86 }; | |
| 87 | |
| 88 long dtls1_default_timeout(void) | |
| 89 { | |
| 90 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec | |
| 91 * is way too long for http, the cache would over fill */ | |
| 92 return(60*60*2); | |
| 93 } | |
| 94 | |
| 95 int dtls1_new(SSL *s) | |
| 96 { | |
| 97 DTLS1_STATE *d1; | |
| 98 | |
| 99 if (!ssl3_new(s)) return(0); | |
| 100 if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0); | |
| 101 memset(d1,0, sizeof *d1); | |
| 102 | |
| 103 /* d1->handshake_epoch=0; */ | |
| 104 | |
| 105 d1->unprocessed_rcds.q=pqueue_new(); | |
| 106 d1->processed_rcds.q=pqueue_new(); | |
| 107 d1->buffered_messages = pqueue_new(); | |
| 108 d1->sent_messages=pqueue_new(); | |
| 109 d1->buffered_app_data.q=pqueue_new(); | |
| 110 | |
| 111 if ( s->server) | |
| 112 { | |
| 113 d1->cookie_len = sizeof(s->d1->cookie); | |
| 114 } | |
| 115 | |
| 116 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q | |
| 117 || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_
data.q) | |
| 118 { | |
| 119 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); | |
| 120 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); | |
| 121 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); | |
| 122 if ( d1->sent_messages) pqueue_free(d1->sent_messages); | |
| 123 if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.
q); | |
| 124 OPENSSL_free(d1); | |
| 125 return (0); | |
| 126 } | |
| 127 | |
| 128 s->d1=d1; | |
| 129 s->method->ssl_clear(s); | |
| 130 return(1); | |
| 131 } | |
| 132 | |
| 133 static void dtls1_clear_queues(SSL *s) | |
| 134 { | |
| 135 pitem *item = NULL; | |
| 136 hm_fragment *frag = NULL; | |
| 137 DTLS1_RECORD_DATA *rdata; | |
| 138 | |
| 139 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) | |
| 140 { | |
| 141 rdata = (DTLS1_RECORD_DATA *) item->data; | |
| 142 if (rdata->rbuf.buf) | |
| 143 { | |
| 144 OPENSSL_free(rdata->rbuf.buf); | |
| 145 } | |
| 146 OPENSSL_free(item->data); | |
| 147 pitem_free(item); | |
| 148 } | |
| 149 | |
| 150 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) | |
| 151 { | |
| 152 rdata = (DTLS1_RECORD_DATA *) item->data; | |
| 153 if (rdata->rbuf.buf) | |
| 154 { | |
| 155 OPENSSL_free(rdata->rbuf.buf); | |
| 156 } | |
| 157 OPENSSL_free(item->data); | |
| 158 pitem_free(item); | |
| 159 } | |
| 160 | |
| 161 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) | |
| 162 { | |
| 163 frag = (hm_fragment *)item->data; | |
| 164 OPENSSL_free(frag->fragment); | |
| 165 OPENSSL_free(frag); | |
| 166 pitem_free(item); | |
| 167 } | |
| 168 | |
| 169 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) | |
| 170 { | |
| 171 frag = (hm_fragment *)item->data; | |
| 172 OPENSSL_free(frag->fragment); | |
| 173 OPENSSL_free(frag); | |
| 174 pitem_free(item); | |
| 175 } | |
| 176 | |
| 177 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) | |
| 178 { | |
| 179 rdata = (DTLS1_RECORD_DATA *) item->data; | |
| 180 if (rdata->rbuf.buf) | |
| 181 { | |
| 182 OPENSSL_free(rdata->rbuf.buf); | |
| 183 } | |
| 184 OPENSSL_free(item->data); | |
| 185 pitem_free(item); | |
| 186 } | |
| 187 } | |
| 188 | |
| 189 void dtls1_free(SSL *s) | |
| 190 { | |
| 191 ssl3_free(s); | |
| 192 | |
| 193 dtls1_clear_queues(s); | |
| 194 | |
| 195 pqueue_free(s->d1->unprocessed_rcds.q); | |
| 196 pqueue_free(s->d1->processed_rcds.q); | |
| 197 pqueue_free(s->d1->buffered_messages); | |
| 198 pqueue_free(s->d1->sent_messages); | |
| 199 pqueue_free(s->d1->buffered_app_data.q); | |
| 200 | |
| 201 OPENSSL_free(s->d1); | |
| 202 } | |
| 203 | |
| 204 void dtls1_clear(SSL *s) | |
| 205 { | |
| 206 pqueue unprocessed_rcds; | |
| 207 pqueue processed_rcds; | |
| 208 pqueue buffered_messages; | |
| 209 pqueue sent_messages; | |
| 210 pqueue buffered_app_data; | |
| 211 unsigned int mtu; | |
| 212 | |
| 213 if (s->d1) | |
| 214 { | |
| 215 unprocessed_rcds = s->d1->unprocessed_rcds.q; | |
| 216 processed_rcds = s->d1->processed_rcds.q; | |
| 217 buffered_messages = s->d1->buffered_messages; | |
| 218 sent_messages = s->d1->sent_messages; | |
| 219 buffered_app_data = s->d1->buffered_app_data.q; | |
| 220 mtu = s->d1->mtu; | |
| 221 | |
| 222 dtls1_clear_queues(s); | |
| 223 | |
| 224 memset(s->d1, 0, sizeof(*(s->d1))); | |
| 225 | |
| 226 if (s->server) | |
| 227 { | |
| 228 s->d1->cookie_len = sizeof(s->d1->cookie); | |
| 229 } | |
| 230 | |
| 231 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) | |
| 232 { | |
| 233 s->d1->mtu = mtu; | |
| 234 } | |
| 235 | |
| 236 s->d1->unprocessed_rcds.q = unprocessed_rcds; | |
| 237 s->d1->processed_rcds.q = processed_rcds; | |
| 238 s->d1->buffered_messages = buffered_messages; | |
| 239 s->d1->sent_messages = sent_messages; | |
| 240 s->d1->buffered_app_data.q = buffered_app_data; | |
| 241 } | |
| 242 | |
| 243 ssl3_clear(s); | |
| 244 if (s->options & SSL_OP_CISCO_ANYCONNECT) | |
| 245 s->version=DTLS1_BAD_VER; | |
| 246 else | |
| 247 s->version=DTLS1_VERSION; | |
| 248 } | |
| 249 | |
| 250 long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) | |
| 251 { | |
| 252 int ret=0; | |
| 253 | |
| 254 switch (cmd) | |
| 255 { | |
| 256 case DTLS_CTRL_GET_TIMEOUT: | |
| 257 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) | |
| 258 { | |
| 259 ret = 1; | |
| 260 } | |
| 261 break; | |
| 262 case DTLS_CTRL_HANDLE_TIMEOUT: | |
| 263 ret = dtls1_handle_timeout(s); | |
| 264 break; | |
| 265 case DTLS_CTRL_LISTEN: | |
| 266 ret = dtls1_listen(s, parg); | |
| 267 break; | |
| 268 | |
| 269 default: | |
| 270 ret = ssl3_ctrl(s, cmd, larg, parg); | |
| 271 break; | |
| 272 } | |
| 273 return(ret); | |
| 274 } | |
| 275 | |
| 276 /* | |
| 277 * As it's impossible to use stream ciphers in "datagram" mode, this | |
| 278 * simple filter is designed to disengage them in DTLS. Unfortunately | |
| 279 * there is no universal way to identify stream SSL_CIPHER, so we have | |
| 280 * to explicitly list their SSL_* codes. Currently RC4 is the only one | |
| 281 * available, but if new ones emerge, they will have to be added... | |
| 282 */ | |
| 283 const SSL_CIPHER *dtls1_get_cipher(unsigned int u) | |
| 284 { | |
| 285 const SSL_CIPHER *ciph = ssl3_get_cipher(u); | |
| 286 | |
| 287 if (ciph != NULL) | |
| 288 { | |
| 289 if (ciph->algorithm_enc == SSL_RC4) | |
| 290 return NULL; | |
| 291 } | |
| 292 | |
| 293 return ciph; | |
| 294 } | |
| 295 | |
| 296 void dtls1_start_timer(SSL *s) | |
| 297 { | |
| 298 #ifndef OPENSSL_NO_SCTP | |
| 299 /* Disable timer for SCTP */ | |
| 300 if (BIO_dgram_is_sctp(SSL_get_wbio(s))) | |
| 301 { | |
| 302 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | |
| 303 return; | |
| 304 } | |
| 305 #endif | |
| 306 | |
| 307 /* If timer is not set, initialize duration with 1 second */ | |
| 308 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | |
| 309 { | |
| 310 s->d1->timeout_duration = 1; | |
| 311 } | |
| 312 | |
| 313 /* Set timeout to current time */ | |
| 314 get_current_time(&(s->d1->next_timeout)); | |
| 315 | |
| 316 /* Add duration to current time */ | |
| 317 s->d1->next_timeout.tv_sec += s->d1->timeout_duration; | |
| 318 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->n
ext_timeout)); | |
| 319 } | |
| 320 | |
| 321 struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) | |
| 322 { | |
| 323 struct timeval timenow; | |
| 324 | |
| 325 /* If no timeout is set, just return NULL */ | |
| 326 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | |
| 327 { | |
| 328 return NULL; | |
| 329 } | |
| 330 | |
| 331 /* Get current time */ | |
| 332 get_current_time(&timenow); | |
| 333 | |
| 334 /* If timer already expired, set remaining time to 0 */ | |
| 335 if (s->d1->next_timeout.tv_sec < timenow.tv_sec || | |
| 336 (s->d1->next_timeout.tv_sec == timenow.tv_sec && | |
| 337 s->d1->next_timeout.tv_usec <= timenow.tv_usec)) | |
| 338 { | |
| 339 memset(timeleft, 0, sizeof(struct timeval)); | |
| 340 return timeleft; | |
| 341 } | |
| 342 | |
| 343 /* Calculate time left until timer expires */ | |
| 344 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); | |
| 345 timeleft->tv_sec -= timenow.tv_sec; | |
| 346 timeleft->tv_usec -= timenow.tv_usec; | |
| 347 if (timeleft->tv_usec < 0) | |
| 348 { | |
| 349 timeleft->tv_sec--; | |
| 350 timeleft->tv_usec += 1000000; | |
| 351 } | |
| 352 | |
| 353 /* If remaining time is less than 15 ms, set it to 0 | |
| 354 * to prevent issues because of small devergences with | |
| 355 * socket timeouts. | |
| 356 */ | |
| 357 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) | |
| 358 { | |
| 359 memset(timeleft, 0, sizeof(struct timeval)); | |
| 360 } | |
| 361 | |
| 362 | |
| 363 return timeleft; | |
| 364 } | |
| 365 | |
| 366 int dtls1_is_timer_expired(SSL *s) | |
| 367 { | |
| 368 struct timeval timeleft; | |
| 369 | |
| 370 /* Get time left until timeout, return false if no timer running */ | |
| 371 if (dtls1_get_timeout(s, &timeleft) == NULL) | |
| 372 { | |
| 373 return 0; | |
| 374 } | |
| 375 | |
| 376 /* Return false if timer is not expired yet */ | |
| 377 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) | |
| 378 { | |
| 379 return 0; | |
| 380 } | |
| 381 | |
| 382 /* Timer expired, so return true */ | |
| 383 return 1; | |
| 384 } | |
| 385 | |
| 386 void dtls1_double_timeout(SSL *s) | |
| 387 { | |
| 388 s->d1->timeout_duration *= 2; | |
| 389 if (s->d1->timeout_duration > 60) | |
| 390 s->d1->timeout_duration = 60; | |
| 391 dtls1_start_timer(s); | |
| 392 } | |
| 393 | |
| 394 void dtls1_stop_timer(SSL *s) | |
| 395 { | |
| 396 /* Reset everything */ | |
| 397 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); | |
| 398 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | |
| 399 s->d1->timeout_duration = 1; | |
| 400 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->n
ext_timeout)); | |
| 401 /* Clear retransmission buffer */ | |
| 402 dtls1_clear_record_buffer(s); | |
| 403 } | |
| 404 | |
| 405 int dtls1_check_timeout_num(SSL *s) | |
| 406 { | |
| 407 s->d1->timeout.num_alerts++; | |
| 408 | |
| 409 /* Reduce MTU after 2 unsuccessful retransmissions */ | |
| 410 if (s->d1->timeout.num_alerts > 2) | |
| 411 { | |
| 412 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBA
CK_MTU, 0, NULL); | |
| 413 } | |
| 414 | |
| 415 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) | |
| 416 { | |
| 417 /* fail the connection, enough alerts have been sent */ | |
| 418 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED)
; | |
| 419 return -1; | |
| 420 } | |
| 421 | |
| 422 return 0; | |
| 423 } | |
| 424 | |
| 425 int dtls1_handle_timeout(SSL *s) | |
| 426 { | |
| 427 /* if no timer is expired, don't do anything */ | |
| 428 if (!dtls1_is_timer_expired(s)) | |
| 429 { | |
| 430 return 0; | |
| 431 } | |
| 432 | |
| 433 dtls1_double_timeout(s); | |
| 434 | |
| 435 if (dtls1_check_timeout_num(s) < 0) | |
| 436 return -1; | |
| 437 | |
| 438 s->d1->timeout.read_timeouts++; | |
| 439 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) | |
| 440 { | |
| 441 s->d1->timeout.read_timeouts = 1; | |
| 442 } | |
| 443 | |
| 444 #ifndef OPENSSL_NO_HEARTBEATS | |
| 445 if (s->tlsext_hb_pending) | |
| 446 { | |
| 447 s->tlsext_hb_pending = 0; | |
| 448 return dtls1_heartbeat(s); | |
| 449 } | |
| 450 #endif | |
| 451 | |
| 452 dtls1_start_timer(s); | |
| 453 return dtls1_retransmit_buffered_messages(s); | |
| 454 } | |
| 455 | |
| 456 static void get_current_time(struct timeval *t) | |
| 457 { | |
| 458 #ifdef OPENSSL_SYS_WIN32 | |
| 459 struct _timeb tb; | |
| 460 _ftime(&tb); | |
| 461 t->tv_sec = (long)tb.time; | |
| 462 t->tv_usec = (long)tb.millitm * 1000; | |
| 463 #elif defined(OPENSSL_SYS_VMS) | |
| 464 struct timeb tb; | |
| 465 ftime(&tb); | |
| 466 t->tv_sec = (long)tb.time; | |
| 467 t->tv_usec = (long)tb.millitm * 1000; | |
| 468 #else | |
| 469 gettimeofday(t, NULL); | |
| 470 #endif | |
| 471 } | |
| 472 | |
| 473 int dtls1_listen(SSL *s, struct sockaddr *client) | |
| 474 { | |
| 475 int ret; | |
| 476 | |
| 477 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); | |
| 478 s->d1->listen = 1; | |
| 479 | |
| 480 ret = SSL_accept(s); | |
| 481 if (ret <= 0) return ret; | |
| 482 | |
| 483 (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); | |
| 484 return 1; | |
| 485 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master