kris
/
boringssl
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
3679 Incheckningar
12 Grenar
38 MiB
Träd: 5fc99c6603
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från '5fc99c6603'
${ noResults }
boringssl/ssl/d1_lib.c

d1_lib.c 7.9 KiB
Normal vy Historik

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Align the SSL stack on #include style. ssl.h should be first. Also two lines after includes and the rest of the file. Change-Id: Icb7586e00a3e64170082c96cf3f8bfbb2b7e1611 Reviewed-on: https://boringssl-review.googlesource.com/5892 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Make dtls1_do_handshake_write less stateful. Now dtls1_do_handshake_write takes in a serialized form of the full message and writes it. It's a little weird to serialize and deserialize the header a bunch, but msg_callback requires that we keep the full one around in memory anyway. Between that and the handshake hash definition, DTLS really wants messages to mean the assembled header, redundancies and all, so we'll just put together messages that way. This also fixes a bug where ssl_do_msg_callback would get passed in garbage where the header was supposed to be. The buffered messages get sampled before writing the fragment rather than after. Change-Id: I4e3b8ce4aab4c4ab4502d5428dfb8f3f729c6ef9 Reviewed-on: https://boringssl-review.googlesource.com/8433 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Account for the MTU BIO_ctrls returning negative or overly large numbers. BIO_ctrls do not have terribly well-defined return values on error. (Though the existing ones seem to all return 0, not -1, on nonexistant operation.) Change-Id: I08497f023ce3257c253aa71517a98b2fe73c3f74 Reviewed-on: https://boringssl-review.googlesource.com/2829 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Include-what-you-use ssl/internal.h. The rest of ssl/ still includes things everywhere, but this at least fixes the includes that were implicit from ssl/internal.h. Change-Id: I7ed22590aca0fe78af84fd99a3e557f4b05f6782 Reviewed-on: https://boringssl-review.googlesource.com/4281 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Align the SSL stack on #include style. ssl.h should be first. Also two lines after includes and the rest of the file. Change-Id: Icb7586e00a3e64170082c96cf3f8bfbb2b7e1611 Reviewed-on: https://boringssl-review.googlesource.com/5892 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Remove some easy obj.h dependencies. A lot of consumers of obj.h only want the NID values. Others didn't need it at all. This also removes some OBJ_nid2sn and OBJ_nid2ln calls in EVP error paths which isn't worth pulling a large table in for. BUG=chromium:499653 Change-Id: Id6dff578f993012e35b740a13b8e4f9c2edc0744 Reviewed-on: https://boringssl-review.googlesource.com/7563 Reviewed-by: David Benjamin <davidben@google.com>
8 år sedan
Align the SSL stack on #include style. ssl.h should be first. Also two lines after includes and the rest of the file. Change-Id: Icb7586e00a3e64170082c96cf3f8bfbb2b7e1611 Reviewed-on: https://boringssl-review.googlesource.com/5892 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Align the SSL stack on #include style. ssl.h should be first. Also two lines after includes and the rest of the file. Change-Id: Icb7586e00a3e64170082c96cf3f8bfbb2b7e1611 Reviewed-on: https://boringssl-review.googlesource.com/5892 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Remove dtls1_timeout_st. All but one field is a no-op. Change-Id: Ib7bc59a12ce792d5e42fb6e04a4aff54f42643a9 Reviewed-on: https://boringssl-review.googlesource.com/3213 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Implement SSL_clear with ssl_new and ssl_free. State on s3 gets freed in both ssl3_clear and ssl3_free. Considate to just ssl3_free. This replaces the (SSL,ssl,ssl3)_clear calls in (SSL,ssl,ssl3)_new with the state that was initialized. This results in a little code duplication between SSL_new and SSL_clear because state is on the wrong object. I've just left TODOs for now; some of it will need disentangling. We're far from it, but going forward, separate state between s and s->s3 as: - s contains configuration state, DTLS or TLS. It is initialized from SSL_CTX, configurable directly afterwards, and preserved across SSL_clear calls. (Including when it's implicitly set as part of a handshake callback.) - Connection state hangs off s->s3 (TLS) and s->d1 (DTLS). It is reset across SSL_clear. This should happen naturally out of a ssl_free/ssl_new pair. The goal is to avoid needing separate initialize and reset code for anything; the point any particular state is reset is the point its owning context is destroyed and recreated. Change-Id: I5d779010778109f8c339c07433a0777feaf94d1f Reviewed-on: https://boringssl-review.googlesource.com/2822 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Don't initialize enc_method before version negotiation. Move it into ssl->s3 so it automatically behaves correctly on SSL_clear. ssl->version is still a mess though. Change-Id: I17a692a04a845886ec4f8de229fa6cf99fa7e24a Reviewed-on: https://boringssl-review.googlesource.com/6844 Reviewed-by: Adam Langley <alangley@gmail.com>
8 år sedan
Implement SSL_clear with ssl_new and ssl_free. State on s3 gets freed in both ssl3_clear and ssl3_free. Considate to just ssl3_free. This replaces the (SSL,ssl,ssl3)_clear calls in (SSL,ssl,ssl3)_new with the state that was initialized. This results in a little code duplication between SSL_new and SSL_clear because state is on the wrong object. I've just left TODOs for now; some of it will need disentangling. We're far from it, but going forward, separate state between s and s->s3 as: - s contains configuration state, DTLS or TLS. It is initialized from SSL_CTX, configurable directly afterwards, and preserved across SSL_clear calls. (Including when it's implicitly set as part of a handshake callback.) - Connection state hangs off s->s3 (TLS) and s->d1 (DTLS). It is reset across SSL_clear. This should happen naturally out of a ssl_free/ssl_new pair. The goal is to avoid needing separate initialize and reset code for anything; the point any particular state is reset is the point its owning context is destroyed and recreated. Change-Id: I5d779010778109f8c339c07433a0777feaf94d1f Reviewed-on: https://boringssl-review.googlesource.com/2822 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Don't initialize enc_method before version negotiation. Move it into ssl->s3 so it automatically behaves correctly on SSL_clear. ssl->version is still a mess though. Change-Id: I17a692a04a845886ec4f8de229fa6cf99fa7e24a Reviewed-on: https://boringssl-review.googlesource.com/6844 Reviewed-by: Adam Langley <alangley@gmail.com>
8 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Implement SSL_clear with ssl_new and ssl_free. State on s3 gets freed in both ssl3_clear and ssl3_free. Considate to just ssl3_free. This replaces the (SSL,ssl,ssl3)_clear calls in (SSL,ssl,ssl3)_new with the state that was initialized. This results in a little code duplication between SSL_new and SSL_clear because state is on the wrong object. I've just left TODOs for now; some of it will need disentangling. We're far from it, but going forward, separate state between s and s->s3 as: - s contains configuration state, DTLS or TLS. It is initialized from SSL_CTX, configurable directly afterwards, and preserved across SSL_clear calls. (Including when it's implicitly set as part of a handshake callback.) - Connection state hangs off s->s3 (TLS) and s->d1 (DTLS). It is reset across SSL_clear. This should happen naturally out of a ssl_free/ssl_new pair. The goal is to avoid needing separate initialize and reset code for anything; the point any particular state is reset is the point its owning context is destroyed and recreated. Change-Id: I5d779010778109f8c339c07433a0777feaf94d1f Reviewed-on: https://boringssl-review.googlesource.com/2822 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Replace the incoming message buffer with a ring buffer. It has size 7. There's no need for a priority queue structure, especially one that's O(N^2) anyway. Change-Id: I7609794aac1925c9bbf3015744cae266dcb79bff Reviewed-on: https://boringssl-review.googlesource.com/8437 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Rewrite DTLS outgoing message buffering. Now that retransitting is a lot less stateful, a lot of surrounding code can lose statefulness too. Rather than this overcomplicated pqueue structure, hardcode that a handshake flight is capped at 7 messages (actually, DTLS can only get up to 6 because we don't support NPN or Channel ID in DTLS) and used a fixed size array. This also resolves several TODOs. Change-Id: I2b54c3441577a75ad5ca411d872b807d69aa08eb Reviewed-on: https://boringssl-review.googlesource.com/8435 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Adding a method to change the initial DTLS retransmission timer value. This allows an application to override the default of 1 second, which is what's instructed in RFC 6347 but is not an absolute requirement. Change-Id: I0bbb16e31990fbcab44a29325b6ec7757d5789e5 Reviewed-on: https://boringssl-review.googlesource.com/7930 Reviewed-by: David Benjamin <davidben@google.com>
8 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Adding a method to change the initial DTLS retransmission timer value. This allows an application to override the default of 1 second, which is what's instructed in RFC 6347 but is not an absolute requirement. Change-Id: I0bbb16e31990fbcab44a29325b6ec7757d5789e5 Reviewed-on: https://boringssl-review.googlesource.com/7930 Reviewed-by: David Benjamin <davidben@google.com>
8 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Adding a method to change the initial DTLS retransmission timer value. This allows an application to override the default of 1 second, which is what's instructed in RFC 6347 but is not an absolute requirement. Change-Id: I0bbb16e31990fbcab44a29325b6ec7757d5789e5 Reviewed-on: https://boringssl-review.googlesource.com/7930 Reviewed-by: David Benjamin <davidben@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Test that servers enforce session timeouts. Extend the DTLS mock clock to apply to sessions too and test that resumption behaves as expected. Change-Id: Ib8fdec91b36e11cfa032872b63cf589f93b3da13 Reviewed-on: https://boringssl-review.googlesource.com/9110 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Adding a method to change the initial DTLS retransmission timer value. This allows an application to override the default of 1 second, which is what's instructed in RFC 6347 but is not an absolute requirement. Change-Id: I0bbb16e31990fbcab44a29325b6ec7757d5789e5 Reviewed-on: https://boringssl-review.googlesource.com/7930 Reviewed-by: David Benjamin <davidben@google.com>
8 år sedan
Never expose ssl->bbio in the public API. OpenSSL's bbio logic is kind of crazy. It would be good to eventually do the buffering in a better way (notably, bbio is fragile, if not outright broken, for DTLS). In the meantime, this fixes a number of bugs where the existence of bbio was leaked in the public API and broke things. - SSL_get_wbio returned the bbio during the handshake. It must always return the BIO the consumer configured. In doing so, internal accesses of SSL_get_wbio should be switched to ssl->wbio since those want to see bbio. For consistency, do the same with rbio. - The logic in SSL_set_rfd, etc. (which I doubt is quite right since SSL_set_bio's lifetime is unclear) would get confused once wbio got wrapped. Those want to compare to SSL_get_wbio. - If SSL_set_bio was called mid-handshake, bbio would get disconnected and lose state. It forgets to reattach the bbio afterwards. Unfortunately, Conscrypt does this a lot. It just never ended up calling it at a point where the bbio would cause problems. - Make more explicit the invariant that any bbio's which exist are always attached. Simplify a few things as part of that. Change-Id: Ia02d6bdfb9aeb1e3021a8f82dcbd0629f5c7fb8d Reviewed-on: https://boringssl-review.googlesource.com/8023 Reviewed-by: Kenny Root <kroot@google.com> Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Remove OPENSSL_timeval. With DTLSv1_get_timeout de-ctrl-ified, the type checker complains about OPENSSL_timeval. Existing callers all use the real timeval. Now that OPENSSL_timeval is not included in any public structs, simply forward-declare timeval itself in ssl.h and pull in winsock2.h in internal headers. Change-Id: Ieaf110e141578488048c28cdadb14881301a2ce1 Reviewed-on: https://boringssl-review.googlesource.com/4682 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Add SSL_is_dtls. OpenSSL 1.1.0 added a function to tell if an SSL* is DTLS or not. This is probably a good idea, especially since SSL_version returns non-normalized versions. BUG=91 Change-Id: I25c6cf08b2ebabf0c610c74691de103399f729bc Reviewed-on: https://boringssl-review.googlesource.com/9077 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Remove OPENSSL_timeval. With DTLSv1_get_timeout de-ctrl-ified, the type checker complains about OPENSSL_timeval. Existing callers all use the real timeval. Now that OPENSSL_timeval is not included in any public structs, simply forward-declare timeval itself in ssl.h and pull in winsock2.h in internal headers. Change-Id: Ieaf110e141578488048c28cdadb14881301a2ce1 Reviewed-on: https://boringssl-review.googlesource.com/4682 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Test that servers enforce session timeouts. Extend the DTLS mock clock to apply to sessions too and test that resumption behaves as expected. Change-Id: Ib8fdec91b36e11cfa032872b63cf589f93b3da13 Reviewed-on: https://boringssl-review.googlesource.com/9110 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Remove OPENSSL_timeval. With DTLSv1_get_timeout de-ctrl-ified, the type checker complains about OPENSSL_timeval. Existing callers all use the real timeval. Now that OPENSSL_timeval is not included in any public structs, simply forward-declare timeval itself in ssl.h and pull in winsock2.h in internal headers. Change-Id: Ieaf110e141578488048c28cdadb14881301a2ce1 Reviewed-on: https://boringssl-review.googlesource.com/4682 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Adding a method to change the initial DTLS retransmission timer value. This allows an application to override the default of 1 second, which is what's instructed in RFC 6347 but is not an absolute requirement. Change-Id: I0bbb16e31990fbcab44a29325b6ec7757d5789e5 Reviewed-on: https://boringssl-review.googlesource.com/7930 Reviewed-by: David Benjamin <davidben@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 år sedan
Adding a method to change the initial DTLS retransmission timer value. This allows an application to override the default of 1 second, which is what's instructed in RFC 6347 but is not an absolute requirement. Change-Id: I0bbb16e31990fbcab44a29325b6ec7757d5789e5 Reviewed-on: https://boringssl-review.googlesource.com/7930 Reviewed-by: David Benjamin <davidben@google.com>
8 år sedan
Never expose ssl->bbio in the public API. OpenSSL's bbio logic is kind of crazy. It would be good to eventually do the buffering in a better way (notably, bbio is fragile, if not outright broken, for DTLS). In the meantime, this fixes a number of bugs where the existence of bbio was leaked in the public API and broke things. - SSL_get_wbio returned the bbio during the handshake. It must always return the BIO the consumer configured. In doing so, internal accesses of SSL_get_wbio should be switched to ssl->wbio since those want to see bbio. For consistency, do the same with rbio. - The logic in SSL_set_rfd, etc. (which I doubt is quite right since SSL_set_bio's lifetime is unclear) would get confused once wbio got wrapped. Those want to compare to SSL_get_wbio. - If SSL_set_bio was called mid-handshake, bbio would get disconnected and lose state. It forgets to reattach the bbio afterwards. Unfortunately, Conscrypt does this a lot. It just never ended up calling it at a point where the bbio would cause problems. - Make more explicit the invariant that any bbio's which exist are always attached. Simplify a few things as part of that. Change-Id: Ia02d6bdfb9aeb1e3021a8f82dcbd0629f5c7fb8d Reviewed-on: https://boringssl-review.googlesource.com/8023 Reviewed-by: Kenny Root <kroot@google.com> Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Rewrite DTLS outgoing message buffering. Now that retransitting is a lot less stateful, a lot of surrounding code can lose statefulness too. Rather than this overcomplicated pqueue structure, hardcode that a handshake flight is capped at 7 messages (actually, DTLS can only get up to 6 because we don't support NPN or Channel ID in DTLS) and used a fixed size array. This also resolves several TODOs. Change-Id: I2b54c3441577a75ad5ca411d872b807d69aa08eb Reviewed-on: https://boringssl-review.googlesource.com/8435 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Never expose ssl->bbio in the public API. OpenSSL's bbio logic is kind of crazy. It would be good to eventually do the buffering in a better way (notably, bbio is fragile, if not outright broken, for DTLS). In the meantime, this fixes a number of bugs where the existence of bbio was leaked in the public API and broke things. - SSL_get_wbio returned the bbio during the handshake. It must always return the BIO the consumer configured. In doing so, internal accesses of SSL_get_wbio should be switched to ssl->wbio since those want to see bbio. For consistency, do the same with rbio. - The logic in SSL_set_rfd, etc. (which I doubt is quite right since SSL_set_bio's lifetime is unclear) would get confused once wbio got wrapped. Those want to compare to SSL_get_wbio. - If SSL_set_bio was called mid-handshake, bbio would get disconnected and lose state. It forgets to reattach the bbio afterwards. Unfortunately, Conscrypt does this a lot. It just never ended up calling it at a point where the bbio would cause problems. - Make more explicit the invariant that any bbio's which exist are always attached. Simplify a few things as part of that. Change-Id: Ia02d6bdfb9aeb1e3021a8f82dcbd0629f5c7fb8d Reviewed-on: https://boringssl-review.googlesource.com/8023 Reviewed-by: Kenny Root <kroot@google.com> Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Account for the MTU BIO_ctrls returning negative or overly large numbers. BIO_ctrls do not have terribly well-defined return values on error. (Though the existing ones seem to all return 0, not -1, on nonexistant operation.) Change-Id: I08497f023ce3257c253aa71517a98b2fe73c3f74 Reviewed-on: https://boringssl-review.googlesource.com/2829 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Account for the MTU BIO_ctrls returning negative or overly large numbers. BIO_ctrls do not have terribly well-defined return values on error. (Though the existing ones seem to all return 0, not -1, on nonexistant operation.) Change-Id: I08497f023ce3257c253aa71517a98b2fe73c3f74 Reviewed-on: https://boringssl-review.googlesource.com/2829 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Add a helper function for resetting SSL_get_error state. We repeat this in a bunch of places. Change-Id: Iee2c95a13e1645453f101d8be4be9ac78d520387 Reviewed-on: https://boringssl-review.googlesource.com/13051 Reviewed-by: David Benjamin <davidben@google.com>
7 år sedan
Clear the error queue on entry to core SSL operations. OpenSSL historically made some poor API decisions. Rather than returning a status enum in SSL_read, etc., these functions must be paired with SSL_get_error which determines the cause of the last error's failure. This requires SSL_read communicate with SSL_get_error with some stateful flag, rwstate. Further, probably as workarounds for bugs elsewhere, SSL_get_error does not trust rwstate. Among other quirks, if the error queue is non-empty, SSL_get_error overrides rwstate and returns a value based on that. This requires that SSL_read, etc., be called with an empty error queue. (Or we hit one of the spurious ERR_clear_error calls in the handshake state machine, likely added as further self-workarounds.) Since requiring callers consistently clear the error queue everywhere is unreasonable (crbug.com/567501), clear ERR_clear_error *once* at the entry point. Until/unless[*] we make SSL_get_error sane, this is the most reasonable way to get to the point that clearing the error queue on error is optional. With those in place, the calls in the handshake state machine are no longer needed. (I suspect all the ERR_clear_system_error calls can also go, but I'll investigate and think about that separately.) [*] I'm not even sure it's possible anymore, thanks to the possibility of BIO_write pushing to the error queue. BUG=567501,593963 Change-Id: I564ace199e5a4a74b2554ad3335e99cd17120741 Reviewed-on: https://boringssl-review.googlesource.com/7455 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 år sedan
Add SSL_is_dtls. OpenSSL 1.1.0 added a function to tell if an SSL* is DTLS or not. This is probably a good idea, especially since SSL_version returns non-normalized versions. BUG=91 Change-Id: I25c6cf08b2ebabf0c610c74691de103399f729bc Reviewed-on: https://boringssl-review.googlesource.com/9077 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
Promote all dtls1_ctrl hooks to functions. BUG=404754 Change-Id: I5f11485fbafa07cddcf2612e2f616f90bf7c722d Reviewed-on: https://boringssl-review.googlesource.com/4554 Reviewed-by: Adam Langley <agl@google.com>
9 år sedan
Stop using the word 'buffer' everywhere. buffer buffer buffer buffer buffer. At some point, words lose their meaning if they're used too many times. Notably, the DTLS code can't decide whether a "buffered message" is an incoming message to be reassembled or an outgoing message to be (re)transmitted. Change-Id: Ibdde5c00abb062c603d21be97aff49e1c422c755 Reviewed-on: https://boringssl-review.googlesource.com/8500 Reviewed-by: Adam Langley <agl@google.com>
8 år sedan
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 år sedan
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258 
  1. /*

  2.  * DTLS implementation written by Nagendra Modadugu

  3.  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

  4.  */

  5. /* ====================================================================

  6.  * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

  7.  *

  8.  * Redistribution and use in source and binary forms, with or without

  9.  * modification, are permitted provided that the following conditions

  10.  * are met:

  11.  *

  12.  * 1. Redistributions of source code must retain the above copyright

  13.  *    notice, this list of conditions and the following disclaimer.

  14.  *

  15.  * 2. Redistributions in binary form must reproduce the above copyright

  16.  *    notice, this list of conditions and the following disclaimer in

  17.  *    the documentation and/or other materials provided with the

  18.  *    distribution.

  19.  *

  20.  * 3. All advertising materials mentioning features or use of this

  21.  *    software must display the following acknowledgment:

  22.  *    "This product includes software developed by the OpenSSL Project

  23.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  24.  *

  25.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  26.  *    endorse or promote products derived from this software without

  27.  *    prior written permission. For written permission, please contact

  28.  *    openssl-core@OpenSSL.org.

  29.  *

  30.  * 5. Products derived from this software may not be called "OpenSSL"

  31.  *    nor may "OpenSSL" appear in their names without prior written

  32.  *    permission of the OpenSSL Project.

  33.  *

  34.  * 6. Redistributions of any form whatsoever must retain the following

  35.  *    acknowledgment:

  36.  *    "This product includes software developed by the OpenSSL Project

  37.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  38.  *

  39.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  40.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  41.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  42.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  43.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  44.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  45.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  46.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  48.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  49.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  50.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  51.  * ====================================================================

  52.  *

  53.  * This product includes cryptographic software written by Eric Young

  54.  * (eay@cryptsoft.com).  This product includes software written by Tim

  55.  * Hudson (tjh@cryptsoft.com). */

  56. 

  57. #include <openssl/ssl.h>

  58. 

  59. #include <assert.h>

  60. #include <limits.h>

  61. #include <string.h>

  62. 

  63. #include <openssl/err.h>

  64. #include <openssl/mem.h>

  65. #include <openssl/nid.h>

  66. 

  67. #include "../crypto/internal.h"

  68. #include "internal.h"

  69. 

  70. 

  71. 

  72. /* DTLS1_MTU_TIMEOUTS is the maximum number of timeouts to expire

  73.  * before starting to decrease the MTU. */

  74. #define DTLS1_MTU_TIMEOUTS                     2

  75. 

  76. /* DTLS1_MAX_TIMEOUTS is the maximum number of timeouts to expire

  77.  * before failing the DTLS handshake. */

  78. #define DTLS1_MAX_TIMEOUTS                     12

  79. 

  80. int dtls1_new(SSL *ssl) {

  81.   DTLS1_STATE *d1;

  82. 

  83.   if (!ssl3_new(ssl)) {

  84.     return 0;

  85.   }

  86.   d1 = OPENSSL_malloc(sizeof *d1);

  87.   if (d1 == NULL) {

  88.     ssl3_free(ssl);

  89.     return 0;

  90.   }

  91.   OPENSSL_memset(d1, 0, sizeof *d1);

  92. 

  93.   ssl->d1 = d1;

  94. 

  95.   /* Set the version to the highest supported version.

  96.    *

  97.    * TODO(davidben): Move this field into |s3|, have it store the normalized

  98.    * protocol version, and implement this pre-negotiation quirk in |SSL_version|

  99.    * at the API boundary rather than in internal state. */

  100.   ssl->version = DTLS1_2_VERSION;

  101.   return 1;

  102. }

  103. 

  104. void dtls1_free(SSL *ssl) {

  105.   ssl3_free(ssl);

  106. 

  107.   if (ssl == NULL || ssl->d1 == NULL) {

  108.     return;

  109.   }

  110. 

  111.   dtls_clear_incoming_messages(ssl);

  112.   dtls_clear_outgoing_messages(ssl);

  113. 

  114.   OPENSSL_free(ssl->d1);

  115.   ssl->d1 = NULL;

  116. }

  117. 

  118. void DTLSv1_set_initial_timeout_duration(SSL *ssl, unsigned int duration_ms) {

  119.   ssl->initial_timeout_duration_ms = duration_ms;

  120. }

  121. 

  122. void dtls1_start_timer(SSL *ssl) {

  123.   /* If timer is not set, initialize duration (by default, 1 second) */

  124.   if (ssl->d1->next_timeout.tv_sec == 0 && ssl->d1->next_timeout.tv_usec == 0) {

  125.     ssl->d1->timeout_duration_ms = ssl->initial_timeout_duration_ms;

  126.   }

  127. 

  128.   /* Set timeout to current time */

  129.   ssl_get_current_time(ssl, &ssl->d1->next_timeout);

  130. 

  131.   /* Add duration to current time */

  132.   ssl->d1->next_timeout.tv_sec += ssl->d1->timeout_duration_ms / 1000;

  133.   ssl->d1->next_timeout.tv_usec += (ssl->d1->timeout_duration_ms % 1000) * 1000;

  134.   if (ssl->d1->next_timeout.tv_usec >= 1000000) {

  135.     ssl->d1->next_timeout.tv_sec++;

  136.     ssl->d1->next_timeout.tv_usec -= 1000000;

  137.   }

  138.   BIO_ctrl(ssl->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,

  139.            &ssl->d1->next_timeout);

  140. }

  141. 

  142. int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out) {

  143.   if (!SSL_is_dtls(ssl)) {

  144.     return 0;

  145.   }

  146. 

  147.   /* If no timeout is set, just return NULL */

  148.   if (ssl->d1->next_timeout.tv_sec == 0 && ssl->d1->next_timeout.tv_usec == 0) {

  149.     return 0;

  150.   }

  151. 

  152.   struct timeval timenow;

  153.   ssl_get_current_time(ssl, &timenow);

  154. 

  155.   /* If timer already expired, set remaining time to 0 */

  156.   if (ssl->d1->next_timeout.tv_sec < timenow.tv_sec ||

  157.       (ssl->d1->next_timeout.tv_sec == timenow.tv_sec &&

  158.        ssl->d1->next_timeout.tv_usec <= timenow.tv_usec)) {

  159.     OPENSSL_memset(out, 0, sizeof(struct timeval));

  160.     return 1;

  161.   }

  162. 

  163.   /* Calculate time left until timer expires */

  164.   OPENSSL_memcpy(out, &ssl->d1->next_timeout, sizeof(struct timeval));

  165.   out->tv_sec -= timenow.tv_sec;

  166.   out->tv_usec -= timenow.tv_usec;

  167.   if (out->tv_usec < 0) {

  168.     out->tv_sec--;

  169.     out->tv_usec += 1000000;

  170.   }

  171. 

  172.   /* If remaining time is less than 15 ms, set it to 0 to prevent issues

  173.    * because of small devergences with socket timeouts. */

  174.   if (out->tv_sec == 0 && out->tv_usec < 15000) {

  175.     OPENSSL_memset(out, 0, sizeof(struct timeval));

  176.   }

  177. 

  178.   return 1;

  179. }

  180. 

  181. int dtls1_is_timer_expired(SSL *ssl) {

  182.   struct timeval timeleft;

  183. 

  184.   /* Get time left until timeout, return false if no timer running */

  185.   if (!DTLSv1_get_timeout(ssl, &timeleft)) {

  186.     return 0;

  187.   }

  188. 

  189.   /* Return false if timer is not expired yet */

  190.   if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {

  191.     return 0;

  192.   }

  193. 

  194.   /* Timer expired, so return true */

  195.   return 1;

  196. }

  197. 

  198. void dtls1_double_timeout(SSL *ssl) {

  199.   ssl->d1->timeout_duration_ms *= 2;

  200.   if (ssl->d1->timeout_duration_ms > 60000) {

  201.     ssl->d1->timeout_duration_ms = 60000;

  202.   }

  203.   dtls1_start_timer(ssl);

  204. }

  205. 

  206. void dtls1_stop_timer(SSL *ssl) {

  207.   /* Reset everything */

  208.   ssl->d1->num_timeouts = 0;

  209.   OPENSSL_memset(&ssl->d1->next_timeout, 0, sizeof(struct timeval));

  210.   ssl->d1->timeout_duration_ms = ssl->initial_timeout_duration_ms;

  211.   BIO_ctrl(ssl->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,

  212.            &ssl->d1->next_timeout);

  213.   /* Clear retransmission buffer */

  214.   dtls_clear_outgoing_messages(ssl);

  215. }

  216. 

  217. int dtls1_check_timeout_num(SSL *ssl) {

  218.   ssl->d1->num_timeouts++;

  219. 

  220.   /* Reduce MTU after 2 unsuccessful retransmissions */

  221.   if (ssl->d1->num_timeouts > DTLS1_MTU_TIMEOUTS &&

  222.       !(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) {

  223.     long mtu = BIO_ctrl(ssl->wbio, BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);

  224.     if (mtu >= 0 && mtu <= (1 << 30) && (unsigned)mtu >= dtls1_min_mtu()) {

  225.       ssl->d1->mtu = (unsigned)mtu;

  226.     }

  227.   }

  228. 

  229.   if (ssl->d1->num_timeouts > DTLS1_MAX_TIMEOUTS) {

  230.     /* fail the connection, enough alerts have been sent */

  231.     OPENSSL_PUT_ERROR(SSL, SSL_R_READ_TIMEOUT_EXPIRED);

  232.     return -1;

  233.   }

  234. 

  235.   return 0;

  236. }

  237. 

  238. int DTLSv1_handle_timeout(SSL *ssl) {

  239.   ssl_reset_error_state(ssl);

  240. 

  241.   if (!SSL_is_dtls(ssl)) {

  242.     return -1;

  243.   }

  244. 

  245.   /* if no timer is expired, don't do anything */

  246.   if (!dtls1_is_timer_expired(ssl)) {

  247.     return 0;

  248.   }

  249. 

  250.   dtls1_double_timeout(ssl);

  251. 

  252.   if (dtls1_check_timeout_num(ssl) < 0) {

  253.     return -1;

  254.   }

  255. 

  256.   dtls1_start_timer(ssl);

  257.   return dtls1_retransmit_outgoing_messages(ssl);

  258. }