kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5405 Commits
12 Branches
38 MiB
Tree: 6855e0a470
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6855e0a470'
${ noResults }
boringssl/ssl/d1_pkt.cc

d1_pkt.cc 10 KiB
Raw Normal View History

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Align the SSL stack on #include style. ssl.h should be first. Also two lines after includes and the rest of the file. Change-Id: Icb7586e00a3e64170082c96cf3f8bfbb2b7e1611 Reviewed-on: https://boringssl-review.googlesource.com/5892 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Include-what-you-use ssl/internal.h. The rest of ssl/ still includes things everywhere, but this at least fixes the includes that were implicit from ssl/internal.h. Change-Id: I7ed22590aca0fe78af84fd99a3e557f4b05f6782 Reviewed-on: https://boringssl-review.googlesource.com/4281 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Tidy up the DTLS code's blocking-mode retransmits. Move this logic out of dtls1_read_bytes and into dtls1_get_record. Only trigger it when reading from the buffer fails. The other one shouldn't be necessary. This exists to handle the blocking BIO case when the BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT signal triggers, so we only need to do it when timeouts actually trigger. There also doesn't seem to be a need for most of the machinery. The BIO_set_flags call seems to be working around a deficiency in the underlying BIO. There also shouldn't be a need to check the handshake state as there wouldn't be a timer to restart otherwise. Change-Id: Ic901ccfb5b82aeb409d16a9d32c04741410ad6d7 Reviewed-on: https://boringssl-review.googlesource.com/8122 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Don't use dtls1_read_bytes to read messages. This was probably the worst offender of them all as read_bytes is the wrong abstraction to begin with. Note this is a slight change in how processing a record works. Rather than reading one fragment at a time, we process all fragments in a record and return. The intent here is so that all records are processed atomically since the connection eventually will not be able to retain a buffer holding the record. This loses a ton of (though not quite all yet) those a2b macros. Change-Id: Ibe4bbcc33c496328de08d272457d2282c411b38b Reviewed-on: https://boringssl-review.googlesource.com/8176 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
7 years ago
Rename ssl_locl.h to internal.h Match the other internal headers. Change-Id: Iff7e2dd06a1a7bf993053d0464cc15638ace3aaa Reviewed-on: https://boringssl-review.googlesource.com/4280 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Move libssl's internals into the bssl namespace. This is horrible, but everything else I tried was worse. The goal with this CL is to take the extern "C" out of ssl/internal.h and move most symbols to namespace bssl, so we can start using C++ helpers and destructors without worry. Complications: - Public API functions must be extern "C" and match their declaration in ssl.h, which is unnamespaced. C++ really does not want you to interleave namespaced and unnamespaced things. One can actually write a namespaced extern "C" function, but this means, from C++'s perspective, the function is namespaced. Trying to namespace the public header would worked but ended up too deep a rabbithole. - Our STACK_OF macros do not work right in namespaces. - The typedefs for our exposed but opaque types are visible in the header files and copied into consuming projects as forward declarations. We ultimately want to give SSL a destructor, but clobbering an unnamespaced ssl_st::~ssl_st seems bad manners. - MSVC complains about ambiguous names if one typedefs SSL to bssl::SSL. This CL opts for: - ssl/*.cc must begin with #define BORINGSSL_INTERNAL_CXX_TYPES. This informs the public headers to create forward declarations which are compatible with our namespaces. - For now, C++-defined type FOO ends up at bssl::FOO with a typedef outside. Later I imagine we'll rename many of them. - Internal functions get namespace bssl, so we stop worrying about stomping the tls1_prf symbol. Exported C functions are stuck as they are. Rather than try anything weird, bite the bullet and reorder files which have a mix of public and private functions. I expect that over time, the public functions will become fairly small as we move logic to more idiomatic C++. Files without any public C functions can just be written normally. - To avoid MSVC troubles, some bssl types are renamed to CPlusPlusStyle in advance of them being made idiomatic C++. Bug: 132 Change-Id: Ic931895e117c38b14ff8d6e5a273e868796c7581 Reviewed-on: https://boringssl-review.googlesource.com/18124 Reviewed-by: David Benjamin <davidben@google.com>
7 years ago
Lift BIO above SSL_PROTOCOL_METHOD. This gets us closer to exposing BIO-free APIs. The next step is probably to make the experimental bssl::OpenRecord function call a split out core of ssl_read_impl. Change-Id: I4acebb43f708df8c52eb4e328da8ae3551362fb9 Reviewed-on: https://boringssl-review.googlesource.com/21865 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Move implicit handshake driving out of read_bytes. This removes the final use of in_handshake. Note that there is still a rentrant call of read_bytes -> handshake_func when we see a HelloRequest. That will need to be signaled up to ssl_read_impl separately out of read_app_data. Change-Id: I823de243f75e6b73eb40c6cf44157b4fc21eb8fb Reviewed-on: https://boringssl-review.googlesource.com/7439 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Lift BIO above SSL_PROTOCOL_METHOD. This gets us closer to exposing BIO-free APIs. The next step is probably to make the experimental bssl::OpenRecord function call a split out core of ssl_read_impl. Change-Id: I4acebb43f708df8c52eb4e328da8ae3551362fb9 Reviewed-on: https://boringssl-review.googlesource.com/21865 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Lift BIO above SSL_PROTOCOL_METHOD. This gets us closer to exposing BIO-free APIs. The next step is probably to make the experimental bssl::OpenRecord function call a split out core of ssl_read_impl. Change-Id: I4acebb43f708df8c52eb4e328da8ae3551362fb9 Reviewed-on: https://boringssl-review.googlesource.com/21865 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Convert comments in ssl. That's the last of it! Change-Id: I93d1f5ab7e95b2ad105c34b24297a0bf77625263 Reviewed-on: https://boringssl-review.googlesource.com/19784 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Lift BIO above SSL_PROTOCOL_METHOD. This gets us closer to exposing BIO-free APIs. The next step is probably to make the experimental bssl::OpenRecord function call a split out core of ssl_read_impl. Change-Id: I4acebb43f708df8c52eb4e328da8ae3551362fb9 Reviewed-on: https://boringssl-review.googlesource.com/21865 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Lift BIO above SSL_PROTOCOL_METHOD. This gets us closer to exposing BIO-free APIs. The next step is probably to make the experimental bssl::OpenRecord function call a split out core of ssl_read_impl. Change-Id: I4acebb43f708df8c52eb4e328da8ae3551362fb9 Reviewed-on: https://boringssl-review.googlesource.com/21865 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Reject stray post-Finished messages in DTLS. This is in preparation for switching finish_handshake to a release_current_message hook. finish_handshake in DTLS is also responsible for releasing any memory associated with extra messages in the handshake. Except that's not right and we need to make it an error anyway. Given that the rest of the DTLS dispatch layer already strongly assumes there is only one message in epoch one, putting the check in the fragment processing works fine enough. Add tests for this. This will certainly need revising when DTLS 1.3 happens (perhaps just a version check, perhaps bringing finish_handshake back as a function that can fail... which means we need a state just before SSL_ST_OK), but DTLS 1.3 post-handshake messages haven't really been written down, so let's do the easy thing for now and add a test for when it gets more interesting. This removes the sequence number reset in the DTLS code. That reset never did anything becase we don't and never will renego. We should make sure DTLS 1.3 does not bring the reset back for post-handshake stuff. (It was wrong in 1.2 too. Penultimate-flight retransmits and renego requests are ambiguous in DTLS.) BUG=83 Change-Id: I33d645a8550f73e74606030b9815fdac0c9fb682 Reviewed-on: https://boringssl-review.googlesource.com/8988 Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Switch finish_handshake to release_current_message. With the previous DTLS change, the dispatch layer only cares about the end of the handshake to know when to drop the current message. TLS 1.3 post-handshake messages will need a similar hook, so convert it to this lower-level one. BUG=83 Change-Id: I4c8c3ba55ba793afa065bf261a7bccac8816c348 Reviewed-on: https://boringssl-review.googlesource.com/8989 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Convert comments in ssl. That's the last of it! Change-Id: I93d1f5ab7e95b2ad105c34b24297a0bf77625263 Reviewed-on: https://boringssl-review.googlesource.com/19784 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Remove expect and received flight hooks. Instead, the DTLS driver can detect these states implicitly based on when we write flights and when the handshake completes. When we flush a new flight, the peer has enough information to send their reply, so we start a timer. When we begin assembling a new flight, we must have received the final message in the peer's flight. (If there are asynchronous events between, we may stop the timer later, but we may freely stop the timer anytime before we next try to read something.) The only place this fails is if we were the last to write a flight, we'll have a stray timer. Clear it in a handshake completion hook. Change-Id: I973c592ee5721192949a45c259b93192fa309edb Reviewed-on: https://boringssl-review.googlesource.com/18864 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Lift BIO above SSL_PROTOCOL_METHOD. This gets us closer to exposing BIO-free APIs. The next step is probably to make the experimental bssl::OpenRecord function call a split out core of ssl_read_impl. Change-Id: I4acebb43f708df8c52eb4e328da8ae3551362fb9 Reviewed-on: https://boringssl-review.googlesource.com/21865 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Stop using the word 'buffer' everywhere. buffer buffer buffer buffer buffer. At some point, words lose their meaning if they're used too many times. Notably, the DTLS code can't decide whether a "buffered message" is an incoming message to be reassembled or an outgoing message to be (re)transmitted. Change-Id: Ibdde5c00abb062c603d21be97aff49e1c422c755 Reviewed-on: https://boringssl-review.googlesource.com/8500 Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Lift BIO above SSL_PROTOCOL_METHOD. This gets us closer to exposing BIO-free APIs. The next step is probably to make the experimental bssl::OpenRecord function call a split out core of ssl_read_impl. Change-Id: I4acebb43f708df8c52eb4e328da8ae3551362fb9 Reviewed-on: https://boringssl-review.googlesource.com/21865 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Convert comments in ssl. That's the last of it! Change-Id: I93d1f5ab7e95b2ad105c34b24297a0bf77625263 Reviewed-on: https://boringssl-review.googlesource.com/19784 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Lift BIO above SSL_PROTOCOL_METHOD. This gets us closer to exposing BIO-free APIs. The next step is probably to make the experimental bssl::OpenRecord function call a split out core of ssl_read_impl. Change-Id: I4acebb43f708df8c52eb4e328da8ae3551362fb9 Reviewed-on: https://boringssl-review.googlesource.com/21865 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Lift BIO above SSL_PROTOCOL_METHOD. This gets us closer to exposing BIO-free APIs. The next step is probably to make the experimental bssl::OpenRecord function call a split out core of ssl_read_impl. Change-Id: I4acebb43f708df8c52eb4e328da8ae3551362fb9 Reviewed-on: https://boringssl-review.googlesource.com/21865 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Lift BIO above SSL_PROTOCOL_METHOD. This gets us closer to exposing BIO-free APIs. The next step is probably to make the experimental bssl::OpenRecord function call a split out core of ssl_read_impl. Change-Id: I4acebb43f708df8c52eb4e328da8ae3551362fb9 Reviewed-on: https://boringssl-review.googlesource.com/21865 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Remove dtls1_read_bytes. It can be folded into dtls1_read_app_data. This code, since it still takes an output pointer, does not yet process records atomically. (Though, being DTLS, it probably should...) Change-Id: I57d60785c9c1dd13b5b2ed158a08a8f5a518db4f Reviewed-on: https://boringssl-review.googlesource.com/8177 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Lift BIO above SSL_PROTOCOL_METHOD. This gets us closer to exposing BIO-free APIs. The next step is probably to make the experimental bssl::OpenRecord function call a split out core of ssl_read_impl. Change-Id: I4acebb43f708df8c52eb4e328da8ae3551362fb9 Reviewed-on: https://boringssl-review.googlesource.com/21865 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Split ssl_read_bytes hook into app_data and close_notify hooks. This still needs significant work, especially the close_notify half, but clarify the interface and get *_read_bytes out of SSL_PROTOCOL_METHOD. read_bytes is an implementation detail of those two and get_message rather than both an implementation detail of get_message for handshake and a (wholly inappropriate) exposed interface for the other two. BUG=468889 Change-Id: I7dd23869e0b7c3532ceb2e9dd31ca25ea31128e7 Reviewed-on: https://boringssl-review.googlesource.com/4956 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Make SSL3_BUFFER a proper C++ class. As with SSLTranscript before, we temporarily need some nastiness in SSL3_STATE, but this is in preparation of giving SSL3_STATE a constructor and destructor. Change-Id: Ifc0ce34fdcd8691d521d8ea03ff5e83dad43b4a3 Reviewed-on: https://boringssl-review.googlesource.com/21944 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Lift the handshake driving in write_bytes up to SSL_write. This removes one use of in_handshake and consolidates some DTLS and TLS code. Change-Id: Ibbdd38360a983dabfb7b18c7bd59cb5e316b2adb Reviewed-on: https://boringssl-review.googlesource.com/7435 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
More miscellaneous bools. Change-Id: I0960fed68ef39e4523ef9f2ba89ffa92f09c4dce Reviewed-on: https://boringssl-review.googlesource.com/19945 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Prevent writing when write_shutdown is set. Ideally we'd put this deep in the record layer, but sending alerts currently awkwardly sets the field early, so we can't quite lock it out this deep down. This is mostly a sanity-check, but a later CL will fix SSL_shutdown's post-handshake message processing, so this will help catch errors there. Change-Id: I78e627c19547dbcdc85fb168795240d692baf031 Reviewed-on: https://boringssl-review.googlesource.com/21884 Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com>
7 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Remove the func parameter to OPENSSL_PUT_ERROR. Much of this was done automatically with find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' find . -name '*.c' | xargs sed -E -i '' -e 's/(OPENSSL_PUT_ERROR\([a-zA-Z_0-9]+, )[a-zA-Z_0-9]+, ([a-zA-Z_0-9]+\);)/\1\2/' BUG=468039 Change-Id: I4c75fd95dff85ab1d4a546b05e6aed1aeeb499d8 Reviewed-on: https://boringssl-review.googlesource.com/5276 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Trim the DTLS write code slightly. Change-Id: I0fb4152ed656a60fae3aa7922652df766d4978d7 Reviewed-on: https://boringssl-review.googlesource.com/8178 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Trim the DTLS write code slightly. Change-Id: I0fb4152ed656a60fae3aa7922652df766d4978d7 Reviewed-on: https://boringssl-review.googlesource.com/8178 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Make SSL3_BUFFER a proper C++ class. As with SSLTranscript before, we temporarily need some nastiness in SSL3_STATE, but this is in preparation of giving SSL3_STATE a constructor and destructor. Change-Id: Ifc0ce34fdcd8691d521d8ea03ff5e83dad43b4a3 Reviewed-on: https://boringssl-review.googlesource.com/21944 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Trim the DTLS write code slightly. Change-Id: I0fb4152ed656a60fae3aa7922652df766d4978d7 Reviewed-on: https://boringssl-review.googlesource.com/8178 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Make SSL3_BUFFER a proper C++ class. As with SSLTranscript before, we temporarily need some nastiness in SSL3_STATE, but this is in preparation of giving SSL3_STATE a constructor and destructor. Change-Id: Ifc0ce34fdcd8691d521d8ea03ff5e83dad43b4a3 Reviewed-on: https://boringssl-review.googlesource.com/21944 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Trim the DTLS write code slightly. Change-Id: I0fb4152ed656a60fae3aa7922652df766d4978d7 Reviewed-on: https://boringssl-review.googlesource.com/8178 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Make SSL3_BUFFER a proper C++ class. As with SSLTranscript before, we temporarily need some nastiness in SSL3_STATE, but this is in preparation of giving SSL3_STATE a constructor and destructor. Change-Id: Ifc0ce34fdcd8691d521d8ea03ff5e83dad43b4a3 Reviewed-on: https://boringssl-review.googlesource.com/21944 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Trim the DTLS write code slightly. Change-Id: I0fb4152ed656a60fae3aa7922652df766d4978d7 Reviewed-on: https://boringssl-review.googlesource.com/8178 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Convert comments in ssl. That's the last of it! Change-Id: I93d1f5ab7e95b2ad105c34b24297a0bf77625263 Reviewed-on: https://boringssl-review.googlesource.com/19784 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Make SSL3_BUFFER a proper C++ class. As with SSLTranscript before, we temporarily need some nastiness in SSL3_STATE, but this is in preparation of giving SSL3_STATE a constructor and destructor. Change-Id: Ifc0ce34fdcd8691d521d8ea03ff5e83dad43b4a3 Reviewed-on: https://boringssl-review.googlesource.com/21944 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Factor out the buffering and low-level record code. This begins decoupling the transport from the SSL state machine. The buffering logic is hidden behind an opaque API. Fields like ssl->packet and ssl->packet_length are gone. ssl3_get_record and dtls1_get_record now call low-level tls_open_record and dtls_open_record functions that unpack a single record independent of who owns the buffer. Both may be called in-place. This removes ssl->rstate which was redundant with the buffer length. Future work will push the buffer up the stack until it is above the handshake. Then we can expose SSL_open and SSL_seal APIs which act like *_open_record but return a slightly larger enum due to other events being possible. Likewise the handshake state machine will be detached from its buffer. The existing SSL_read, SSL_write, etc., APIs will be implemented on top of SSL_open, etc., combined with ssl_read_buffer_* and ssl_write_buffer_*. (Which is why ssl_read_buffer_extend still tries to abstract between TLS's and DTLS's fairly different needs.) The new buffering logic does not support read-ahead (removed previously) since it lacks a memmove on ssl_read_buffer_discard for TLS, but this could be added if desired. The old buffering logic wasn't quite right anyway; it tried to avoid the memmove in some cases and could get stuck too far into the buffer and not accept records. (The only time the memmove is optional is in DTLS or if enough of the record header is available to know that the entire next record would fit in the buffer.) The new logic also now actually decrypts the ciphertext in-place again, rather than almost in-place when there's an explicit nonce/IV. (That accidentally switched in https://boringssl-review.googlesource.com/#/c/4792/; see 3d59e04bce96474099ba76786a2337e99ae14505.) BUG=468889 Change-Id: I403c1626253c46897f47c7ae93aeab1064b767b2 Reviewed-on: https://boringssl-review.googlesource.com/5715 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Factor SSL_AEAD_CTX into a dedicated type. tls1_enc is now SSL_AEAD_CTX_{open,seal}. This starts tidying up a bit of the record-layer logic. This removes rr->input, as encrypting and decrypting records no longer refers to various globals. It also removes wrec altogether. SSL3_RECORD is now only used to maintain state about the current incoming record. Outgoing records go straight to the write buffer. This also removes the outgoing alignment memcpy and simply calls SSL_AEAD_CTX_seal with the parameters as appropriate. From bssl speed tests, this seems to be faster on non-ARM and a bit of a wash on ARM. Later it may be worth recasting these open/seal functions to write into a CBB (tweaked so it can be malloc-averse), but for now they take an out/out_len/max_out trio like their EVP_AEAD counterparts. BUG=468889 Change-Id: Ie9266a818cc053f695d35ef611fd74c5d4def6c3 Reviewed-on: https://boringssl-review.googlesource.com/4792 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Factor SSL_AEAD_CTX into a dedicated type. tls1_enc is now SSL_AEAD_CTX_{open,seal}. This starts tidying up a bit of the record-layer logic. This removes rr->input, as encrypting and decrypting records no longer refers to various globals. It also removes wrec altogether. SSL3_RECORD is now only used to maintain state about the current incoming record. Outgoing records go straight to the write buffer. This also removes the outgoing alignment memcpy and simply calls SSL_AEAD_CTX_seal with the parameters as appropriate. From bssl speed tests, this seems to be faster on non-ARM and a bit of a wash on ARM. Later it may be worth recasting these open/seal functions to write into a CBB (tweaked so it can be malloc-averse), but for now they take an out/out_len/max_out trio like their EVP_AEAD counterparts. BUG=468889 Change-Id: Ie9266a818cc053f695d35ef611fd74c5d4def6c3 Reviewed-on: https://boringssl-review.googlesource.com/4792 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Make SSL3_BUFFER a proper C++ class. As with SSLTranscript before, we temporarily need some nastiness in SSL3_STATE, but this is in preparation of giving SSL3_STATE a constructor and destructor. Change-Id: Ifc0ce34fdcd8691d521d8ea03ff5e83dad43b4a3 Reviewed-on: https://boringssl-review.googlesource.com/21944 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Factor SSL_AEAD_CTX into a dedicated type. tls1_enc is now SSL_AEAD_CTX_{open,seal}. This starts tidying up a bit of the record-layer logic. This removes rr->input, as encrypting and decrypting records no longer refers to various globals. It also removes wrec altogether. SSL3_RECORD is now only used to maintain state about the current incoming record. Outgoing records go straight to the write buffer. This also removes the outgoing alignment memcpy and simply calls SSL_AEAD_CTX_seal with the parameters as appropriate. From bssl speed tests, this seems to be faster on non-ARM and a bit of a wash on ARM. Later it may be worth recasting these open/seal functions to write into a CBB (tweaked so it can be malloc-averse), but for now they take an out/out_len/max_out trio like their EVP_AEAD counterparts. BUG=468889 Change-Id: Ie9266a818cc053f695d35ef611fd74c5d4def6c3 Reviewed-on: https://boringssl-review.googlesource.com/4792 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Factor out sequence number updates. Also check for overflow, although it really shouldn't happen. Change-Id: I34dfe8eaf635aeaa8bef2656fda3cd0bad7e1268 Reviewed-on: https://boringssl-review.googlesource.com/4235 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Make SSL3_BUFFER a proper C++ class. As with SSLTranscript before, we temporarily need some nastiness in SSL3_STATE, but this is in preparation of giving SSL3_STATE a constructor and destructor. Change-Id: Ifc0ce34fdcd8691d521d8ea03ff5e83dad43b4a3 Reviewed-on: https://boringssl-review.googlesource.com/21944 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Don't use ssl3_write_pending in DTLS. That function doesn't do anything useful for DTLS. It's meant for tracking the rest of the record we've already committed to by writing half of one. But one cannot write half a datagram, so DTLS never tracks this. Just call ssl_write_buffer_flush straight and don't touch wpend_*. Change-Id: Ibe191907d64c955c7cfeefba26f5c11ad5e4b939 Reviewed-on: https://boringssl-review.googlesource.com/6418 Reviewed-by: Adam Langley <agl@google.com>
9 years ago
Trim the DTLS write code slightly. Change-Id: I0fb4152ed656a60fae3aa7922652df766d4978d7 Reviewed-on: https://boringssl-review.googlesource.com/8178 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Switch s to ssl everywhere. That we're half and half is really confusing. Change-Id: I1c2632682e8a3e63d01dada8e0eb3b735ff709ce Reviewed-on: https://boringssl-review.googlesource.com/6785 Reviewed-by: Adam Langley <agl@google.com>
8 years ago
Trim the DTLS write code slightly. Change-Id: I0fb4152ed656a60fae3aa7922652df766d4978d7 Reviewed-on: https://boringssl-review.googlesource.com/8178 Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Clean up some silly variable names. Change-Id: I5b38e2938811520f52ece6055245248c80308b4d Reviewed-on: https://boringssl-review.googlesource.com/7416 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
dispatch_alert is not an incidental write. It is impossible to have to call dispatch_alert when writing application data. Now that we don't send warning alerts through ssl3_send_alert, all alerts are closure alerts, which means attempts to write will fail. This prunes a lot of dead code, avoiding the re-entrancy in the write path. With that gone, tracking alert_dispatch is much more straightforward. BUG=146 Change-Id: Ie5fe677daee71e463d79562f3d2cea822a92581d Reviewed-on: https://boringssl-review.googlesource.com/13500 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
7 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Convert comments in ssl. That's the last of it! Change-Id: I93d1f5ab7e95b2ad105c34b24297a0bf77625263 Reviewed-on: https://boringssl-review.googlesource.com/19784 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Clean up some silly variable names. Change-Id: I5b38e2938811520f52ece6055245248c80308b4d Reviewed-on: https://boringssl-review.googlesource.com/7416 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Switch some easy SSL fields to UniquePtr. Change-Id: I982ecda5a19187708b15e8572e6d0000c22ed87c Reviewed-on: https://boringssl-review.googlesource.com/29590 Reviewed-by: Adam Langley <agl@google.com>
6 years ago
Clean up some silly variable names. Change-Id: I5b38e2938811520f52ece6055245248c80308b4d Reviewed-on: https://boringssl-review.googlesource.com/7416 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Push Span down a layer. Change-Id: I893292b140d033a5aed7e08f928a6c32996bb983 Reviewed-on: https://boringssl-review.googlesource.com/21287 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 years ago
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 years ago
Add helper functions for info_callback and msg_callback. This is getting a little repetitive. Change-Id: Ib0fa8ab10149557c2d728b88648381b9368221d9 Reviewed-on: https://boringssl-review.googlesource.com/8126 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Clean up some silly variable names. Change-Id: I5b38e2938811520f52ece6055245248c80308b4d Reviewed-on: https://boringssl-review.googlesource.com/7416 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
8 years ago
Reformatting of several DTLS source files. This change has no semantic effect (I hope!). It's just a reformatting of a few files in ssl/. This is just a start – the other files in ssl/ should follow in the coming days. Change-Id: I5eb3f4b18d0d46349d0f94d3fe5ab2003db5364e
10 years ago
Move libssl's internals into the bssl namespace. This is horrible, but everything else I tried was worse. The goal with this CL is to take the extern "C" out of ssl/internal.h and move most symbols to namespace bssl, so we can start using C++ helpers and destructors without worry. Complications: - Public API functions must be extern "C" and match their declaration in ssl.h, which is unnamespaced. C++ really does not want you to interleave namespaced and unnamespaced things. One can actually write a namespaced extern "C" function, but this means, from C++'s perspective, the function is namespaced. Trying to namespace the public header would worked but ended up too deep a rabbithole. - Our STACK_OF macros do not work right in namespaces. - The typedefs for our exposed but opaque types are visible in the header files and copied into consuming projects as forward declarations. We ultimately want to give SSL a destructor, but clobbering an unnamespaced ssl_st::~ssl_st seems bad manners. - MSVC complains about ambiguous names if one typedefs SSL to bssl::SSL. This CL opts for: - ssl/*.cc must begin with #define BORINGSSL_INTERNAL_CXX_TYPES. This informs the public headers to create forward declarations which are compatible with our namespaces. - For now, C++-defined type FOO ends up at bssl::FOO with a typedef outside. Later I imagine we'll rename many of them. - Internal functions get namespace bssl, so we stop worrying about stomping the tls1_prf symbol. Exported C functions are stuck as they are. Rather than try anything weird, bite the bullet and reorder files which have a mix of public and private functions. I expect that over time, the public functions will become fairly small as we move logic to more idiomatic C++. Files without any public C functions can just be written normally. - To avoid MSVC troubles, some bssl types are renamed to CPlusPlusStyle in advance of them being made idiomatic C++. Bug: 132 Change-Id: Ic931895e117c38b14ff8d6e5a273e868796c7581 Reviewed-on: https://boringssl-review.googlesource.com/18124 Reviewed-by: David Benjamin <davidben@google.com>
7 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274 
  1. /* DTLS implementation written by Nagendra Modadugu

  2.  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */

  3. /* ====================================================================

  4.  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

  5.  *

  6.  * Redistribution and use in source and binary forms, with or without

  7.  * modification, are permitted provided that the following conditions

  8.  * are met:

  9.  *

  10.  * 1. Redistributions of source code must retain the above copyright

  11.  *    notice, this list of conditions and the following disclaimer.

  12.  *

  13.  * 2. Redistributions in binary form must reproduce the above copyright

  14.  *    notice, this list of conditions and the following disclaimer in

  15.  *    the documentation and/or other materials provided with the

  16.  *    distribution.

  17.  *

  18.  * 3. All advertising materials mentioning features or use of this

  19.  *    software must display the following acknowledgment:

  20.  *    "This product includes software developed by the OpenSSL Project

  21.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  22.  *

  23.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  24.  *    endorse or promote products derived from this software without

  25.  *    prior written permission. For written permission, please contact

  26.  *    openssl-core@openssl.org.

  27.  *

  28.  * 5. Products derived from this software may not be called "OpenSSL"

  29.  *    nor may "OpenSSL" appear in their names without prior written

  30.  *    permission of the OpenSSL Project.

  31.  *

  32.  * 6. Redistributions of any form whatsoever must retain the following

  33.  *    acknowledgment:

  34.  *    "This product includes software developed by the OpenSSL Project

  35.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  36.  *

  37.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  38.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  39.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  40.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  41.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  42.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  43.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  44.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  45.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  46.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  47.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  48.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  49.  * ====================================================================

  50.  *

  51.  * This product includes cryptographic software written by Eric Young

  52.  * (eay@cryptsoft.com).  This product includes software written by Tim

  53.  * Hudson (tjh@cryptsoft.com).

  54.  *

  55.  */

  56. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  57.  * All rights reserved.

  58.  *

  59.  * This package is an SSL implementation written

  60.  * by Eric Young (eay@cryptsoft.com).

  61.  * The implementation was written so as to conform with Netscapes SSL.

  62.  *

  63.  * This library is free for commercial and non-commercial use as long as

  64.  * the following conditions are aheared to.  The following conditions

  65.  * apply to all code found in this distribution, be it the RC4, RSA,

  66.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  67.  * included with this distribution is covered by the same copyright terms

  68.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  69.  *

  70.  * Copyright remains Eric Young's, and as such any Copyright notices in

  71.  * the code are not to be removed.

  72.  * If this package is used in a product, Eric Young should be given attribution

  73.  * as the author of the parts of the library used.

  74.  * This can be in the form of a textual message at program startup or

  75.  * in documentation (online or textual) provided with the package.

  76.  *

  77.  * Redistribution and use in source and binary forms, with or without

  78.  * modification, are permitted provided that the following conditions

  79.  * are met:

  80.  * 1. Redistributions of source code must retain the copyright

  81.  *    notice, this list of conditions and the following disclaimer.

  82.  * 2. Redistributions in binary form must reproduce the above copyright

  83.  *    notice, this list of conditions and the following disclaimer in the

  84.  *    documentation and/or other materials provided with the distribution.

  85.  * 3. All advertising materials mentioning features or use of this software

  86.  *    must display the following acknowledgement:

  87.  *    "This product includes cryptographic software written by

  88.  *     Eric Young (eay@cryptsoft.com)"

  89.  *    The word 'cryptographic' can be left out if the rouines from the library

  90.  *    being used are not cryptographic related :-).

  91.  * 4. If you include any Windows specific code (or a derivative thereof) from

  92.  *    the apps directory (application code) you must include an acknowledgement:

  93.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  94.  *

  95.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  96.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  97.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  98.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  99.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  100.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  101.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  102.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  103.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  104.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  105.  * SUCH DAMAGE.

  106.  *

  107.  * The licence and distribution terms for any publically available version or

  108.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  109.  * copied and put under another distribution licence

  110.  * [including the GNU Public Licence.] */

  111. 

  112. #include <openssl/ssl.h>

  113. 

  114. #include <assert.h>

  115. #include <string.h>

  116. 

  117. #include <openssl/bio.h>

  118. #include <openssl/buf.h>

  119. #include <openssl/bytestring.h>

  120. #include <openssl/mem.h>

  121. #include <openssl/evp.h>

  122. #include <openssl/err.h>

  123. #include <openssl/rand.h>

  124. 

  125. #include "../crypto/internal.h"

  126. #include "internal.h"

  127. 

  128. 

  129. namespace bssl {

  130. 

  131. ssl_open_record_t dtls1_open_app_data(SSL *ssl, Span<uint8_t> *out,

  132.                                       size_t *out_consumed, uint8_t *out_alert,

  133.                                       Span<uint8_t> in) {

  134.   assert(!SSL_in_init(ssl));

  135. 

  136.   uint8_t type;

  137.   Span<uint8_t> record;

  138.   auto ret = dtls_open_record(ssl, &type, &record, out_consumed, out_alert, in);

  139.   if (ret != ssl_open_record_success) {

  140.     return ret;

  141.   }

  142. 

  143.   if (type == SSL3_RT_HANDSHAKE) {

  144.     // Parse the first fragment header to determine if this is a pre-CCS or

  145.     // post-CCS handshake record. DTLS resets handshake message numbers on each

  146.     // handshake, so renegotiations and retransmissions are ambiguous.

  147.     CBS cbs, body;

  148.     struct hm_header_st msg_hdr;

  149.     CBS_init(&cbs, record.data(), record.size());

  150.     if (!dtls1_parse_fragment(&cbs, &msg_hdr, &body)) {

  151.       OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);

  152.       *out_alert = SSL_AD_DECODE_ERROR;

  153.       return ssl_open_record_error;

  154.     }

  155. 

  156.     if (msg_hdr.type == SSL3_MT_FINISHED &&

  157.         msg_hdr.seq == ssl->d1->handshake_read_seq - 1) {

  158.       if (msg_hdr.frag_off == 0) {

  159.         // Retransmit our last flight of messages. If the peer sends the second

  160.         // Finished, they may not have received ours. Only do this for the

  161.         // first fragment, in case the Finished was fragmented.

  162.         if (!dtls1_check_timeout_num(ssl)) {

  163.           *out_alert = 0;  // TODO(davidben): Send an alert?

  164.           return ssl_open_record_error;

  165.         }

  166. 

  167.         dtls1_retransmit_outgoing_messages(ssl);

  168.       }

  169.       return ssl_open_record_discard;

  170.     }

  171. 

  172.     // Otherwise, this is a pre-CCS handshake message from an unsupported

  173.     // renegotiation attempt. Fall through to the error path.

  174.   }

  175. 

  176.   if (type != SSL3_RT_APPLICATION_DATA) {

  177.     OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);

  178.     *out_alert = SSL_AD_UNEXPECTED_MESSAGE;

  179.     return ssl_open_record_error;

  180.   }

  181. 

  182.   if (record.empty()) {

  183.     return ssl_open_record_discard;

  184.   }

  185. 

  186.   *out = record;

  187.   return ssl_open_record_success;

  188. }

  189. 

  190. int dtls1_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in,

  191.                          int len) {

  192.   assert(!SSL_in_init(ssl));

  193.   *out_needs_handshake = false;

  194. 

  195.   if (ssl->s3->write_shutdown != ssl_shutdown_none) {

  196.     OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);

  197.     return -1;

  198.   }

  199. 

  200.   if (len > SSL3_RT_MAX_PLAIN_LENGTH) {

  201.     OPENSSL_PUT_ERROR(SSL, SSL_R_DTLS_MESSAGE_TOO_BIG);

  202.     return -1;

  203.   }

  204. 

  205.   if (len < 0) {

  206.     OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_LENGTH);

  207.     return -1;

  208.   }

  209. 

  210.   if (len == 0) {

  211.     return 0;

  212.   }

  213. 

  214.   int ret = dtls1_write_record(ssl, SSL3_RT_APPLICATION_DATA, in, (size_t)len,

  215.                                dtls1_use_current_epoch);

  216.   if (ret <= 0) {

  217.     return ret;

  218.   }

  219.   return len;

  220. }

  221. 

  222. int dtls1_write_record(SSL *ssl, int type, const uint8_t *in, size_t len,

  223.                        enum dtls1_use_epoch_t use_epoch) {

  224.   SSLBuffer *buf = &ssl->s3->write_buffer;

  225.   assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);

  226.   // There should never be a pending write buffer in DTLS. One can't write half

  227.   // a datagram, so the write buffer is always dropped in

  228.   // |ssl_write_buffer_flush|.

  229.   assert(buf->empty());

  230. 

  231.   if (len > SSL3_RT_MAX_PLAIN_LENGTH) {

  232.     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);

  233.     return -1;

  234.   }

  235. 

  236.   size_t ciphertext_len;

  237.   if (!buf->EnsureCap(ssl_seal_align_prefix_len(ssl),

  238.                       len + SSL_max_seal_overhead(ssl)) ||

  239.       !dtls_seal_record(ssl, buf->remaining().data(), &ciphertext_len,

  240.                         buf->remaining().size(), type, in, len, use_epoch)) {

  241.     buf->Clear();

  242.     return -1;

  243.   }

  244.   buf->DidWrite(ciphertext_len);

  245. 

  246.   int ret = ssl_write_buffer_flush(ssl);

  247.   if (ret <= 0) {

  248.     return ret;

  249.   }

  250.   return 1;

  251. }

  252. 

  253. int dtls1_dispatch_alert(SSL *ssl) {

  254.   int ret = dtls1_write_record(ssl, SSL3_RT_ALERT, &ssl->s3->send_alert[0], 2,

  255.                                dtls1_use_current_epoch);

  256.   if (ret <= 0) {

  257.     return ret;

  258.   }

  259.   ssl->s3->alert_dispatch = 0;

  260. 

  261.   // If the alert is fatal, flush the BIO now.

  262.   if (ssl->s3->send_alert[0] == SSL3_AL_FATAL) {

  263.     BIO_flush(ssl->wbio.get());

  264.   }

  265. 

  266.   ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_ALERT, ssl->s3->send_alert);

  267. 

  268.   int alert = (ssl->s3->send_alert[0] << 8) | ssl->s3->send_alert[1];

  269.   ssl_do_info_callback(ssl, SSL_CB_WRITE_ALERT, alert);

  270. 

  271.   return 1;

  272. }

  273. 

  274. }  // namespace bssl