kris
/
boringssl
1
0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
2985 Revize
12 Větve
38 MiB
Strom: feff406782
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „feff406782“
${ noResults }
boringssl/ssl/dtls_method.c

dtls_method.c 6.4 KiB
Surový Normální zobrazení Historie

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
před 10 roky
Align the SSL stack on #include style. ssl.h should be first. Also two lines after includes and the rest of the file. Change-Id: Icb7586e00a3e64170082c96cf3f8bfbb2b7e1611 Reviewed-on: https://boringssl-review.googlesource.com/5892 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Simplify version configuration. OpenSSL's SSL_OP_NO_* flags allow discontinuous version ranges. This is a nuisance for two reasons. First it makes it unnecessarily difficult to answer "are any versions below TLS 1.3 enabled?". Second the protocol does not allow discontinuous version ranges on the client anyway. OpenSSL instead picks the first continous range of enabled versions on the client, but not the server. This is bizarrely inconsistent. It also doesn't quite do this as the ClientHello sending logic does this, but not the ServerHello processing logic. So we actually break some invariants slightly. The logic is also cumbersome in DTLS which kindly inverts the comparison logic. First, switch min_version/max_version's storage to normalized versions. Next replace all the ad-hoc version-related functions with a single ssl_get_version_range function. Client and server now consistently pick a contiguous range of versions. Note this is a slight behavior change for servers. Version-range-sensitive logic is rewritten to use this new function. BUG=66 Change-Id: Iad0d64f2b7a917603fc7da54c9fc6656c5fbdb24 Reviewed-on: https://boringssl-review.googlesource.com/8513 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Check for buffered handshake messages on cipher change in DTLS. This is the equivalent of FragmentAcrossChangeCipherSuite for DTLS. It is possible for us to, while receiving pre-CCS handshake messages, to buffer up a message with sequence number meant for a post-CCS Finished. When we then get to the new epoch and attempt to read the Finished, we will process the buffered Finished although it was sent with the wrong encryption. Move ssl_set_{read,write}_state to SSL_PROTOCOL_METHOD hooks as this is a property of the transport. Notably, read_state may fail. In DTLS check the handshake buffer size. We could place this check in read_change_cipher_spec, but TLS 1.3 has no ChangeCipherSpec message, so we will need to implement this at the cipher change point anyway. (For now, there is only an assert on the TLS side. This will be replaced with a proper check in TLS 1.3.) Change-Id: Ia52b0b81e7db53e9ed2d4f6d334a1cce13e93297 Reviewed-on: https://boringssl-review.googlesource.com/8790 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 8 roky
Simplify version configuration. OpenSSL's SSL_OP_NO_* flags allow discontinuous version ranges. This is a nuisance for two reasons. First it makes it unnecessarily difficult to answer "are any versions below TLS 1.3 enabled?". Second the protocol does not allow discontinuous version ranges on the client anyway. OpenSSL instead picks the first continous range of enabled versions on the client, but not the server. This is bizarrely inconsistent. It also doesn't quite do this as the ClientHello sending logic does this, but not the ServerHello processing logic. So we actually break some invariants slightly. The logic is also cumbersome in DTLS which kindly inverts the comparison logic. First, switch min_version/max_version's storage to normalized versions. Next replace all the ad-hoc version-related functions with a single ssl_get_version_range function. Client and server now consistently pick a contiguous range of versions. Note this is a slight behavior change for servers. Version-range-sensitive logic is rewritten to use this new function. BUG=66 Change-Id: Iad0d64f2b7a917603fc7da54c9fc6656c5fbdb24 Reviewed-on: https://boringssl-review.googlesource.com/8513 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Move references to init_buf into SSL_PROTOCOL_METHOD. Both DTLS and TLS still use it, but that will change in the following commit. This also removes the handshake's knowledge of the dtls_clear_incoming_messages function. (It's possible we'll want to get rid of begin_handshake in favor of allocating it lazily depending on how TLS 1.3 post-handshake messages end up working out. But this should work for now.) Change-Id: I0f512788bbc330ab2c947890939c73e0a1aca18b Reviewed-on: https://boringssl-review.googlesource.com/8666 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Check for buffered handshake messages on cipher change in DTLS. This is the equivalent of FragmentAcrossChangeCipherSuite for DTLS. It is possible for us to, while receiving pre-CCS handshake messages, to buffer up a message with sequence number meant for a post-CCS Finished. When we then get to the new epoch and attempt to read the Finished, we will process the buffered Finished although it was sent with the wrong encryption. Move ssl_set_{read,write}_state to SSL_PROTOCOL_METHOD hooks as this is a property of the transport. Notably, read_state may fail. In DTLS check the handshake buffer size. We could place this check in read_change_cipher_spec, but TLS 1.3 has no ChangeCipherSpec message, so we will need to implement this at the cipher change point anyway. (For now, there is only an assert on the TLS side. This will be replaced with a proper check in TLS 1.3.) Change-Id: Ia52b0b81e7db53e9ed2d4f6d334a1cce13e93297 Reviewed-on: https://boringssl-review.googlesource.com/8790 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 8 roky
Move references to init_buf into SSL_PROTOCOL_METHOD. Both DTLS and TLS still use it, but that will change in the following commit. This also removes the handshake's knowledge of the dtls_clear_incoming_messages function. (It's possible we'll want to get rid of begin_handshake in favor of allocating it lazily depending on how TLS 1.3 post-handshake messages end up working out. But this should work for now.) Change-Id: I0f512788bbc330ab2c947890939c73e0a1aca18b Reviewed-on: https://boringssl-review.googlesource.com/8666 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Rename ssl_locl.h to internal.h Match the other internal headers. Change-Id: Iff7e2dd06a1a7bf993053d0464cc15638ace3aaa Reviewed-on: https://boringssl-review.googlesource.com/4280 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
před 10 roky
Simplify version configuration. OpenSSL's SSL_OP_NO_* flags allow discontinuous version ranges. This is a nuisance for two reasons. First it makes it unnecessarily difficult to answer "are any versions below TLS 1.3 enabled?". Second the protocol does not allow discontinuous version ranges on the client anyway. OpenSSL instead picks the first continous range of enabled versions on the client, but not the server. This is bizarrely inconsistent. It also doesn't quite do this as the ClientHello sending logic does this, but not the ServerHello processing logic. So we actually break some invariants slightly. The logic is also cumbersome in DTLS which kindly inverts the comparison logic. First, switch min_version/max_version's storage to normalized versions. Next replace all the ad-hoc version-related functions with a single ssl_get_version_range function. Client and server now consistently pick a contiguous range of versions. Note this is a slight behavior change for servers. Version-range-sensitive logic is rewritten to use this new function. BUG=66 Change-Id: Iad0d64f2b7a917603fc7da54c9fc6656c5fbdb24 Reviewed-on: https://boringssl-review.googlesource.com/8513 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Move references to init_buf into SSL_PROTOCOL_METHOD. Both DTLS and TLS still use it, but that will change in the following commit. This also removes the handshake's knowledge of the dtls_clear_incoming_messages function. (It's possible we'll want to get rid of begin_handshake in favor of allocating it lazily depending on how TLS 1.3 post-handshake messages end up working out. But this should work for now.) Change-Id: I0f512788bbc330ab2c947890939c73e0a1aca18b Reviewed-on: https://boringssl-review.googlesource.com/8666 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Check for buffered handshake messages on cipher change in DTLS. This is the equivalent of FragmentAcrossChangeCipherSuite for DTLS. It is possible for us to, while receiving pre-CCS handshake messages, to buffer up a message with sequence number meant for a post-CCS Finished. When we then get to the new epoch and attempt to read the Finished, we will process the buffered Finished although it was sent with the wrong encryption. Move ssl_set_{read,write}_state to SSL_PROTOCOL_METHOD hooks as this is a property of the transport. Notably, read_state may fail. In DTLS check the handshake buffer size. We could place this check in read_change_cipher_spec, but TLS 1.3 has no ChangeCipherSpec message, so we will need to implement this at the cipher change point anyway. (For now, there is only an assert on the TLS side. This will be replaced with a proper check in TLS 1.3.) Change-Id: Ia52b0b81e7db53e9ed2d4f6d334a1cce13e93297 Reviewed-on: https://boringssl-review.googlesource.com/8790 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 8 roky
Rename (s3,d1)_meth.c. These are where the DTLS- and TLS-specific transport layer hooks will be defined. Later we can probably move much of the implementations of these hooks into these files so those functions can be static. While I'm here, fix up the naming of some constants. Change-Id: I1009dd9fdc3cc4fd49fbff0802f6289931abec3d Reviewed-on: https://boringssl-review.googlesource.com/8665 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Move the is_dtls bit from SSL3_ENC_METHOD to SSL_PROTOCOL_METHOD. This too isn't version-specific. This removes the final difference between TLS and DTLS SSL3_ENC_METHODs and we can fold them together. (We should be able to fold away the version-specific differences too, but all in due time.) Change-Id: I6652d3942a0970273d46d28d7052629c81f848b5 Reviewed-on: https://boringssl-review.googlesource.com/3771 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Simplify version configuration. OpenSSL's SSL_OP_NO_* flags allow discontinuous version ranges. This is a nuisance for two reasons. First it makes it unnecessarily difficult to answer "are any versions below TLS 1.3 enabled?". Second the protocol does not allow discontinuous version ranges on the client anyway. OpenSSL instead picks the first continous range of enabled versions on the client, but not the server. This is bizarrely inconsistent. It also doesn't quite do this as the ClientHello sending logic does this, but not the ServerHello processing logic. So we actually break some invariants slightly. The logic is also cumbersome in DTLS which kindly inverts the comparison logic. First, switch min_version/max_version's storage to normalized versions. Next replace all the ad-hoc version-related functions with a single ssl_get_version_range function. Client and server now consistently pick a contiguous range of versions. Note this is a slight behavior change for servers. Version-range-sensitive logic is rewritten to use this new function. BUG=66 Change-Id: Iad0d64f2b7a917603fc7da54c9fc6656c5fbdb24 Reviewed-on: https://boringssl-review.googlesource.com/8513 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Move the is_dtls bit from SSL3_ENC_METHOD to SSL_PROTOCOL_METHOD. This too isn't version-specific. This removes the final difference between TLS and DTLS SSL3_ENC_METHODs and we can fold them together. (We should be able to fold away the version-specific differences too, but all in due time.) Change-Id: I6652d3942a0970273d46d28d7052629c81f848b5 Reviewed-on: https://boringssl-review.googlesource.com/3771 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Move references to init_buf into SSL_PROTOCOL_METHOD. Both DTLS and TLS still use it, but that will change in the following commit. This also removes the handshake's knowledge of the dtls_clear_incoming_messages function. (It's possible we'll want to get rid of begin_handshake in favor of allocating it lazily depending on how TLS 1.3 post-handshake messages end up working out. But this should work for now.) Change-Id: I0f512788bbc330ab2c947890939c73e0a1aca18b Reviewed-on: https://boringssl-review.googlesource.com/8666 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Move the is_dtls bit from SSL3_ENC_METHOD to SSL_PROTOCOL_METHOD. This too isn't version-specific. This removes the final difference between TLS and DTLS SSL3_ENC_METHODs and we can fold them together. (We should be able to fold away the version-specific differences too, but all in due time.) Change-Id: I6652d3942a0970273d46d28d7052629c81f848b5 Reviewed-on: https://boringssl-review.googlesource.com/3771 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Don't use init_buf in DTLS. This machinery is so different between TLS and DTLS that there is no sense in having them share structures. This switches us to maintaining the full reassembled message in hm_fragment and get_message just lets the caller read out of that when ready. This removes the last direct handshake dependency on init_buf, ssl3_hash_message. Change-Id: I4eccfb6e6021116255daead5359a0aa3f4d5be7b Reviewed-on: https://boringssl-review.googlesource.com/8667 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Split ssl_read_bytes hook into app_data and close_notify hooks. This still needs significant work, especially the close_notify half, but clarify the interface and get *_read_bytes out of SSL_PROTOCOL_METHOD. read_bytes is an implementation detail of those two and get_message rather than both an implementation detail of get_message for handshake and a (wholly inappropriate) exposed interface for the other two. BUG=468889 Change-Id: I7dd23869e0b7c3532ceb2e9dd31ca25ea31128e7 Reviewed-on: https://boringssl-review.googlesource.com/4956 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Pull ChangeCipherSpec into the handshake state machine. This uses ssl3_read_bytes for now. We still need to dismantle that function and then invert the handshake state machine, but this gets things closer to the right shape as an intermediate step and is a large chunk in itself. It simplifies a lot of the CCS/handshake synchronization as a lot of the invariants much more clearly follow from the handshake itself. Tests need to be adjusted since this changes some error codes. Now all the CCS/Handshake checks fall through to the usual SSL_R_UNEXPECTED_RECORD codepath. Most of what used to be a special-case falls out naturally. (If half of Finished was in the same record as the pre-CCS message, that part of the handshake record would have been left unconsumed, so read_change_cipher_spec would have noticed, just like read_app_data would have noticed.) Change-Id: I15c7501afe523d5062f0e24a3b65f053008d87be Reviewed-on: https://boringssl-review.googlesource.com/6642 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Split ssl_read_bytes hook into app_data and close_notify hooks. This still needs significant work, especially the close_notify half, but clarify the interface and get *_read_bytes out of SSL_PROTOCOL_METHOD. read_bytes is an implementation detail of those two and get_message rather than both an implementation detail of get_message for handshake and a (wholly inappropriate) exposed interface for the other two. BUG=468889 Change-Id: I7dd23869e0b7c3532ceb2e9dd31ca25ea31128e7 Reviewed-on: https://boringssl-review.googlesource.com/4956 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Switch the ssl_write_bytes hook to ssl_write_app_data. The SSL_PROTOCOL_METHOD table needs work, but this makes it clearer exactly what the shared interface between the upper later and TLS/DTLS is. BUG=468889 Change-Id: I38931c484aa4ab3f77964d708d38bfd349fac293 Reviewed-on: https://boringssl-review.googlesource.com/4955 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Move the is_dtls bit from SSL3_ENC_METHOD to SSL_PROTOCOL_METHOD. This too isn't version-specific. This removes the final difference between TLS and DTLS SSL3_ENC_METHODs and we can fold them together. (We should be able to fold away the version-specific differences too, but all in due time.) Change-Id: I6652d3942a0970273d46d28d7052629c81f848b5 Reviewed-on: https://boringssl-review.googlesource.com/3771 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Further tidy up cipher logic. With SSL2 gone, there's no need for this split between the abstract cipher framework and ciphers. Put the cipher suite table in ssl_cipher.c and move other SSL_CIPHER logic there. With that gone, prune the cipher-related hooks in SSL_PROTOCOL_METHOD. BUG=468889 Change-Id: I48579de8bc4c0ea52781ba1b7b57bc5b4919d21c Reviewed-on: https://boringssl-review.googlesource.com/4961 Reviewed-by: Adam Langley <agl@google.com>
před 9 roky
Disconnect handshake message creation from init_buf. This allows us to use CBB for all handshake messages. Now, SSL_PROTOCOL_METHOD is responsible for implementing a trio of CBB-related hooks to assemble handshake messages. Change-Id: I144d3cac4f05b6637bf45d3f838673fc5c854405 Reviewed-on: https://boringssl-review.googlesource.com/8440 Reviewed-by: Adam Langley <agl@google.com>
před 8 roky
Fold the DTLS client handshake into the TLS one. Change-Id: Ib8b1c646cf1652ee1481fe73589830be8263fc20 Reviewed-on: https://boringssl-review.googlesource.com/8182 Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Check for buffered handshake messages on cipher change in DTLS. This is the equivalent of FragmentAcrossChangeCipherSuite for DTLS. It is possible for us to, while receiving pre-CCS handshake messages, to buffer up a message with sequence number meant for a post-CCS Finished. When we then get to the new epoch and attempt to read the Finished, we will process the buffered Finished although it was sent with the wrong encryption. Move ssl_set_{read,write}_state to SSL_PROTOCOL_METHOD hooks as this is a property of the transport. Notably, read_state may fail. In DTLS check the handshake buffer size. We could place this check in read_change_cipher_spec, but TLS 1.3 has no ChangeCipherSpec message, so we will need to implement this at the cipher change point anyway. (For now, there is only an assert on the TLS side. This will be replaced with a proper check in TLS 1.3.) Change-Id: Ia52b0b81e7db53e9ed2d4f6d334a1cce13e93297 Reviewed-on: https://boringssl-review.googlesource.com/8790 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
před 8 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
před 10 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Rename (s3,d1)_meth.c. These are where the DTLS- and TLS-specific transport layer hooks will be defined. Later we can probably move much of the implementations of these hooks into these files so those functions can be static. While I'm here, fix up the naming of some constants. Change-Id: I1009dd9fdc3cc4fd49fbff0802f6289931abec3d Reviewed-on: https://boringssl-review.googlesource.com/8665 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Rename (s3,d1)_meth.c. These are where the DTLS- and TLS-specific transport layer hooks will be defined. Later we can probably move much of the implementations of these hooks into these files so those functions can be static. While I'm here, fix up the naming of some constants. Change-Id: I1009dd9fdc3cc4fd49fbff0802f6289931abec3d Reviewed-on: https://boringssl-review.googlesource.com/8665 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Rename (s3,d1)_meth.c. These are where the DTLS- and TLS-specific transport layer hooks will be defined. Later we can probably move much of the implementations of these hooks into these files so those functions can be static. While I'm here, fix up the naming of some constants. Change-Id: I1009dd9fdc3cc4fd49fbff0802f6289931abec3d Reviewed-on: https://boringssl-review.googlesource.com/8665 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
před 10 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Merge client/server SSL_METHODs into the generic one. Supporting both schemes seems pointless. Now that s->server and s->state are set appropriately late and get_ssl_method is gone, the only difference is that the client/server ones have non-functional ssl_accept or ssl_connect hooks. We can't lose the generic ones, so let's unify on that. Note: this means a static linker will no longer drop the client or server handshake code if unused by a consumer linking statically. However, Chromium needs the server half anyway for DTLS and WebRTC, so that's probably a lost cause. Android also exposes server APIs. Change-Id: I290f5fb4ed558f59fadb5d1f84e9d9c405004c23 Reviewed-on: https://boringssl-review.googlesource.com/2440 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Rename (s3,d1)_meth.c. These are where the DTLS- and TLS-specific transport layer hooks will be defined. Later we can probably move much of the implementations of these hooks into these files so those functions can be static. While I'm here, fix up the naming of some constants. Change-Id: I1009dd9fdc3cc4fd49fbff0802f6289931abec3d Reviewed-on: https://boringssl-review.googlesource.com/8665 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Rename (s3,d1)_meth.c. These are where the DTLS- and TLS-specific transport layer hooks will be defined. Later we can probably move much of the implementations of these hooks into these files so those functions can be static. While I'm here, fix up the naming of some constants. Change-Id: I1009dd9fdc3cc4fd49fbff0802f6289931abec3d Reviewed-on: https://boringssl-review.googlesource.com/8665 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Rename (s3,d1)_meth.c. These are where the DTLS- and TLS-specific transport layer hooks will be defined. Later we can probably move much of the implementations of these hooks into these files so those functions can be static. While I'm here, fix up the naming of some constants. Change-Id: I1009dd9fdc3cc4fd49fbff0802f6289931abec3d Reviewed-on: https://boringssl-review.googlesource.com/8665 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Merge client/server SSL_METHODs into the generic one. Supporting both schemes seems pointless. Now that s->server and s->state are set appropriately late and get_ssl_method is gone, the only difference is that the client/server ones have non-functional ssl_accept or ssl_connect hooks. We can't lose the generic ones, so let's unify on that. Note: this means a static linker will no longer drop the client or server handshake code if unused by a consumer linking statically. However, Chromium needs the server half anyway for DTLS and WebRTC, so that's probably a lost cause. Android also exposes server APIs. Change-Id: I290f5fb4ed558f59fadb5d1f84e9d9c405004c23 Reviewed-on: https://boringssl-review.googlesource.com/2440 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Rename (s3,d1)_meth.c. These are where the DTLS- and TLS-specific transport layer hooks will be defined. Later we can probably move much of the implementations of these hooks into these files so those functions can be static. While I'm here, fix up the naming of some constants. Change-Id: I1009dd9fdc3cc4fd49fbff0802f6289931abec3d Reviewed-on: https://boringssl-review.googlesource.com/8665 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Rename (s3,d1)_meth.c. These are where the DTLS- and TLS-specific transport layer hooks will be defined. Later we can probably move much of the implementations of these hooks into these files so those functions can be static. While I'm here, fix up the naming of some constants. Change-Id: I1009dd9fdc3cc4fd49fbff0802f6289931abec3d Reviewed-on: https://boringssl-review.googlesource.com/8665 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Rename (s3,d1)_meth.c. These are where the DTLS- and TLS-specific transport layer hooks will be defined. Later we can probably move much of the implementations of these hooks into these files so those functions can be static. While I'm here, fix up the naming of some constants. Change-Id: I1009dd9fdc3cc4fd49fbff0802f6289931abec3d Reviewed-on: https://boringssl-review.googlesource.com/8665 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
před 8 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Merge client/server SSL_METHODs into the generic one. Supporting both schemes seems pointless. Now that s->server and s->state are set appropriately late and get_ssl_method is gone, the only difference is that the client/server ones have non-functional ssl_accept or ssl_connect hooks. We can't lose the generic ones, so let's unify on that. Note: this means a static linker will no longer drop the client or server handshake code if unused by a consumer linking statically. However, Chromium needs the server half anyway for DTLS and WebRTC, so that's probably a lost cause. Android also exposes server APIs. Change-Id: I290f5fb4ed558f59fadb5d1f84e9d9c405004c23 Reviewed-on: https://boringssl-review.googlesource.com/2440 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Merge client/server SSL_METHODs into the generic one. Supporting both schemes seems pointless. Now that s->server and s->state are set appropriately late and get_ssl_method is gone, the only difference is that the client/server ones have non-functional ssl_accept or ssl_connect hooks. We can't lose the generic ones, so let's unify on that. Note: this means a static linker will no longer drop the client or server handshake code if unused by a consumer linking statically. However, Chromium needs the server half anyway for DTLS and WebRTC, so that's probably a lost cause. Android also exposes server APIs. Change-Id: I290f5fb4ed558f59fadb5d1f84e9d9c405004c23 Reviewed-on: https://boringssl-review.googlesource.com/2440 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Merge client/server SSL_METHODs into the generic one. Supporting both schemes seems pointless. Now that s->server and s->state are set appropriately late and get_ssl_method is gone, the only difference is that the client/server ones have non-functional ssl_accept or ssl_connect hooks. We can't lose the generic ones, so let's unify on that. Note: this means a static linker will no longer drop the client or server handshake code if unused by a consumer linking statically. However, Chromium needs the server half anyway for DTLS and WebRTC, so that's probably a lost cause. Android also exposes server APIs. Change-Id: I290f5fb4ed558f59fadb5d1f84e9d9c405004c23 Reviewed-on: https://boringssl-review.googlesource.com/2440 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
Merge client/server SSL_METHODs into the generic one. Supporting both schemes seems pointless. Now that s->server and s->state are set appropriately late and get_ssl_method is gone, the only difference is that the client/server ones have non-functional ssl_accept or ssl_connect hooks. We can't lose the generic ones, so let's unify on that. Note: this means a static linker will no longer drop the client or server handshake code if unused by a consumer linking statically. However, Chromium needs the server half anyway for DTLS and WebRTC, so that's probably a lost cause. Android also exposes server APIs. Change-Id: I290f5fb4ed558f59fadb5d1f84e9d9c405004c23 Reviewed-on: https://boringssl-review.googlesource.com/2440 Reviewed-by: Adam Langley <agl@google.com>
před 10 roky
Merge SSLv23_method and DTLS_ANY_VERSION. This makes SSLv23_method go through DTLS_ANY_VERSION's version negotiation logic. This allows us to get rid of duplicate ClientHello logic. For compatibility, SSL_METHOD is now split into SSL_PROTOCOL_METHOD and a version. The legacy version-locked methods set min_version and max_version based this version field to emulate the original semantics. As a bonus, we can now handle fragmented ClientHello versions now. Because SSLv23_method is a silly name, deprecate that too and introduce TLS_method. Change-Id: I8b3df2b427ae34c44ecf972f466ad64dc3dbb171
před 10 roky
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212 
  1. /*

  2.  * DTLS implementation written by Nagendra Modadugu

  3.  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 

  4.  */

  5. /* ====================================================================

  6.  * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

  7.  *

  8.  * Redistribution and use in source and binary forms, with or without

  9.  * modification, are permitted provided that the following conditions

  10.  * are met:

  11.  *

  12.  * 1. Redistributions of source code must retain the above copyright

  13.  *    notice, this list of conditions and the following disclaimer.

  14.  *

  15.  * 2. Redistributions in binary form must reproduce the above copyright

  16.  *    notice, this list of conditions and the following disclaimer in

  17.  *    the documentation and/or other materials provided with the

  18.  *    distribution.

  19.  *

  20.  * 3. All advertising materials mentioning features or use of this

  21.  *    software must display the following acknowledgment:

  22.  *    "This product includes software developed by the OpenSSL Project

  23.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  24.  *

  25.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  26.  *    endorse or promote products derived from this software without

  27.  *    prior written permission. For written permission, please contact

  28.  *    openssl-core@OpenSSL.org.

  29.  *

  30.  * 5. Products derived from this software may not be called "OpenSSL"

  31.  *    nor may "OpenSSL" appear in their names without prior written

  32.  *    permission of the OpenSSL Project.

  33.  *

  34.  * 6. Redistributions of any form whatsoever must retain the following

  35.  *    acknowledgment:

  36.  *    "This product includes software developed by the OpenSSL Project

  37.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  38.  *

  39.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  40.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  41.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  42.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  43.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  44.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  45.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  46.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  48.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  49.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  50.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  51.  * ====================================================================

  52.  *

  53.  * This product includes cryptographic software written by Eric Young

  54.  * (eay@cryptsoft.com).  This product includes software written by Tim

  55.  * Hudson (tjh@cryptsoft.com). */

  56. 

  57. #include <openssl/ssl.h>

  58. 

  59. #include <assert.h>

  60. #include <string.h>

  61. 

  62. #include <openssl/buf.h>

  63. #include <openssl/err.h>

  64. 

  65. #include "internal.h"

  66. 

  67. 

  68. static uint16_t dtls1_version_from_wire(uint16_t wire_version) {

  69.   uint16_t tls_version = ~wire_version;

  70.   uint16_t version = tls_version + 0x0201;

  71.   /* If either component overflowed, clamp it so comparisons still work. */

  72.   if ((version >> 8) < (tls_version >> 8)) {

  73.     version = 0xff00 | (version & 0xff);

  74.   }

  75.   if ((version & 0xff) < (tls_version & 0xff)) {

  76.     version = (version & 0xff00) | 0xff;

  77.   }

  78.   /* DTLS 1.0 maps to TLS 1.1, not TLS 1.0. */

  79.   if (version == TLS1_VERSION) {

  80.     version = TLS1_1_VERSION;

  81.   }

  82.   return version;

  83. }

  84. 

  85. static uint16_t dtls1_version_to_wire(uint16_t version) {

  86.   assert(version >= TLS1_1_VERSION);

  87. 

  88.   /* DTLS 1.0 maps to TLS 1.1, not TLS 1.0. */

  89.   if (version == TLS1_1_VERSION) {

  90.     return DTLS1_VERSION;

  91.   }

  92.   return ~(version - 0x0201);

  93. }

  94. 

  95. static int dtls1_begin_handshake(SSL *ssl) {

  96.   return 1;

  97. }

  98. 

  99. static void dtls1_finish_handshake(SSL *ssl) {

  100.   ssl->d1->handshake_read_seq = 0;

  101.   ssl->d1->handshake_write_seq = 0;

  102.   dtls_clear_incoming_messages(ssl);

  103. }

  104. 

  105. static int dtls1_set_read_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) {

  106.   /* Cipher changes are illegal when there are buffered incoming messages. */

  107.   if (dtls_has_incoming_messages(ssl)) {

  108.     OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE);

  109.     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);

  110.     SSL_AEAD_CTX_free(aead_ctx);

  111.     return 0;

  112.   }

  113. 

  114.   ssl->d1->r_epoch++;

  115.   memset(&ssl->d1->bitmap, 0, sizeof(ssl->d1->bitmap));

  116.   memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));

  117. 

  118.   SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx);

  119.   ssl->s3->aead_read_ctx = aead_ctx;

  120.   return 1;

  121. }

  122. 

  123. static int dtls1_set_write_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) {

  124.   ssl->d1->w_epoch++;

  125.   memcpy(ssl->d1->last_write_sequence, ssl->s3->write_sequence,

  126.          sizeof(ssl->s3->write_sequence));

  127.   memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence));

  128. 

  129.   SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx);

  130.   ssl->s3->aead_write_ctx = aead_ctx;

  131.   return 1;

  132. }

  133. 

  134. static const SSL_PROTOCOL_METHOD kDTLSProtocolMethod = {

  135.     1 /* is_dtls */,

  136.     TLS1_1_VERSION,

  137.     TLS1_2_VERSION,

  138.     dtls1_version_from_wire,

  139.     dtls1_version_to_wire,

  140.     dtls1_new,

  141.     dtls1_free,

  142.     dtls1_begin_handshake,

  143.     dtls1_finish_handshake,

  144.     dtls1_get_message,

  145.     dtls1_hash_current_message,

  146.     dtls1_read_app_data,

  147.     dtls1_read_change_cipher_spec,

  148.     dtls1_read_close_notify,

  149.     dtls1_write_app_data,

  150.     dtls1_dispatch_alert,

  151.     dtls1_supports_cipher,

  152.     dtls1_init_message,

  153.     dtls1_finish_message,

  154.     dtls1_write_message,

  155.     dtls1_send_change_cipher_spec,

  156.     dtls1_expect_flight,

  157.     dtls1_received_flight,

  158.     dtls1_set_read_state,

  159.     dtls1_set_write_state,

  160. };

  161. 

  162. const SSL_METHOD *DTLS_method(void) {

  163.   static const SSL_METHOD kMethod = {

  164.       0,

  165.       &kDTLSProtocolMethod,

  166.   };

  167.   return &kMethod;

  168. }

  169. 

  170. /* Legacy version-locked methods. */

  171. 

  172. const SSL_METHOD *DTLSv1_2_method(void) {

  173.   static const SSL_METHOD kMethod = {

  174.       DTLS1_2_VERSION,

  175.       &kDTLSProtocolMethod,

  176.   };

  177.   return &kMethod;

  178. }

  179. 

  180. const SSL_METHOD *DTLSv1_method(void) {

  181.   static const SSL_METHOD kMethod = {

  182.       DTLS1_VERSION,

  183.       &kDTLSProtocolMethod,

  184.   };

  185.   return &kMethod;

  186. }

  187. 

  188. /* Legacy side-specific methods. */

  189. 

  190. const SSL_METHOD *DTLSv1_2_server_method(void) {

  191.   return DTLSv1_2_method();

  192. }

  193. 

  194. const SSL_METHOD *DTLSv1_server_method(void) {

  195.   return DTLSv1_method();

  196. }

  197. 

  198. const SSL_METHOD *DTLSv1_2_client_method(void) {

  199.   return DTLSv1_2_method();

  200. }

  201. 

  202. const SSL_METHOD *DTLSv1_client_method(void) {

  203.   return DTLSv1_method();

  204. }

  205. 

  206. const SSL_METHOD *DTLS_server_method(void) {

  207.   return DTLS_method();

  208. }

  209. 

  210. const SSL_METHOD *DTLS_client_method(void) {

  211.   return DTLS_method();

  212. }