kris
/
boringssl
1
0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Toiminta
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3469 Commitit
12 Branchit
38 MiB
 
 
 
 
 
 
Puu: 4008c7a80d
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '4008c7a80d'
${ noResults }
boringssl/ssl/dtls_method.c

205 rivejä
6.1 KiB
Raaka Blame Historia 

  1. /*

  2.  * DTLS implementation written by Nagendra Modadugu

  3.  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 

  4.  */

  5. /* ====================================================================

  6.  * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

  7.  *

  8.  * Redistribution and use in source and binary forms, with or without

  9.  * modification, are permitted provided that the following conditions

  10.  * are met:

  11.  *

  12.  * 1. Redistributions of source code must retain the above copyright

  13.  *    notice, this list of conditions and the following disclaimer.

  14.  *

  15.  * 2. Redistributions in binary form must reproduce the above copyright

  16.  *    notice, this list of conditions and the following disclaimer in

  17.  *    the documentation and/or other materials provided with the

  18.  *    distribution.

  19.  *

  20.  * 3. All advertising materials mentioning features or use of this

  21.  *    software must display the following acknowledgment:

  22.  *    "This product includes software developed by the OpenSSL Project

  23.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  24.  *

  25.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  26.  *    endorse or promote products derived from this software without

  27.  *    prior written permission. For written permission, please contact

  28.  *    openssl-core@OpenSSL.org.

  29.  *

  30.  * 5. Products derived from this software may not be called "OpenSSL"

  31.  *    nor may "OpenSSL" appear in their names without prior written

  32.  *    permission of the OpenSSL Project.

  33.  *

  34.  * 6. Redistributions of any form whatsoever must retain the following

  35.  *    acknowledgment:

  36.  *    "This product includes software developed by the OpenSSL Project

  37.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  38.  *

  39.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  40.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  41.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  42.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  43.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  44.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  45.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  46.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  48.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  49.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  50.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  51.  * ====================================================================

  52.  *

  53.  * This product includes cryptographic software written by Eric Young

  54.  * (eay@cryptsoft.com).  This product includes software written by Tim

  55.  * Hudson (tjh@cryptsoft.com). */

  56. 

  57. #include <openssl/ssl.h>

  58. 

  59. #include <assert.h>

  60. #include <string.h>

  61. 

  62. #include <openssl/buf.h>

  63. #include <openssl/err.h>

  64. 

  65. #include "internal.h"

  66. 

  67. 

  68. static int dtls1_version_from_wire(uint16_t *out_version,

  69.                                    uint16_t wire_version) {

  70.   switch (wire_version) {

  71.     case DTLS1_VERSION:

  72.       /* DTLS 1.0 maps to TLS 1.1, not TLS 1.0. */

  73.       *out_version = TLS1_1_VERSION;

  74.       return 1;

  75.     case DTLS1_2_VERSION:

  76.       *out_version = TLS1_2_VERSION;

  77.       return 1;

  78.   }

  79. 

  80.   return 0;

  81. }

  82. 

  83. static uint16_t dtls1_version_to_wire(uint16_t version) {

  84.   switch (version) {

  85.     case TLS1_1_VERSION:

  86.       /* DTLS 1.0 maps to TLS 1.1, not TLS 1.0. */

  87.       return DTLS1_VERSION;

  88.     case TLS1_2_VERSION:

  89.       return DTLS1_2_VERSION;

  90.   }

  91. 

  92.   /* It is an error to use this function with an invalid version. */

  93.   assert(0);

  94.   return 0;

  95. }

  96. 

  97. static int dtls1_set_read_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) {

  98.   /* Cipher changes are illegal when there are buffered incoming messages. */

  99.   if (dtls_has_incoming_messages(ssl)) {

  100.     OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE);

  101.     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);

  102.     SSL_AEAD_CTX_free(aead_ctx);

  103.     return 0;

  104.   }

  105. 

  106.   ssl->d1->r_epoch++;

  107.   memset(&ssl->d1->bitmap, 0, sizeof(ssl->d1->bitmap));

  108.   memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));

  109. 

  110.   SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx);

  111.   ssl->s3->aead_read_ctx = aead_ctx;

  112.   return 1;

  113. }

  114. 

  115. static int dtls1_set_write_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) {

  116.   ssl->d1->w_epoch++;

  117.   memcpy(ssl->d1->last_write_sequence, ssl->s3->write_sequence,

  118.          sizeof(ssl->s3->write_sequence));

  119.   memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence));

  120. 

  121.   SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx);

  122.   ssl->s3->aead_write_ctx = aead_ctx;

  123.   return 1;

  124. }

  125. 

  126. static const SSL_PROTOCOL_METHOD kDTLSProtocolMethod = {

  127.     1 /* is_dtls */,

  128.     TLS1_1_VERSION,

  129.     TLS1_2_VERSION,

  130.     dtls1_version_from_wire,

  131.     dtls1_version_to_wire,

  132.     dtls1_new,

  133.     dtls1_free,

  134.     dtls1_get_message,

  135.     dtls1_get_current_message,

  136.     dtls1_release_current_message,

  137.     dtls1_read_app_data,

  138.     dtls1_read_change_cipher_spec,

  139.     dtls1_read_close_notify,

  140.     dtls1_write_app_data,

  141.     dtls1_dispatch_alert,

  142.     dtls1_supports_cipher,

  143.     dtls1_init_message,

  144.     dtls1_finish_message,

  145.     dtls1_queue_message,

  146.     dtls1_write_message,

  147.     dtls1_send_change_cipher_spec,

  148.     dtls1_expect_flight,

  149.     dtls1_received_flight,

  150.     dtls1_set_read_state,

  151.     dtls1_set_write_state,

  152. };

  153. 

  154. const SSL_METHOD *DTLS_method(void) {

  155.   static const SSL_METHOD kMethod = {

  156.       0,

  157.       &kDTLSProtocolMethod,

  158.   };

  159.   return &kMethod;

  160. }

  161. 

  162. /* Legacy version-locked methods. */

  163. 

  164. const SSL_METHOD *DTLSv1_2_method(void) {

  165.   static const SSL_METHOD kMethod = {

  166.       DTLS1_2_VERSION,

  167.       &kDTLSProtocolMethod,

  168.   };

  169.   return &kMethod;

  170. }

  171. 

  172. const SSL_METHOD *DTLSv1_method(void) {

  173.   static const SSL_METHOD kMethod = {

  174.       DTLS1_VERSION,

  175.       &kDTLSProtocolMethod,

  176.   };

  177.   return &kMethod;

  178. }

  179. 

  180. /* Legacy side-specific methods. */

  181. 

  182. const SSL_METHOD *DTLSv1_2_server_method(void) {

  183.   return DTLSv1_2_method();

  184. }

  185. 

  186. const SSL_METHOD *DTLSv1_server_method(void) {

  187.   return DTLSv1_method();

  188. }

  189. 

  190. const SSL_METHOD *DTLSv1_2_client_method(void) {

  191.   return DTLSv1_2_method();

  192. }

  193. 

  194. const SSL_METHOD *DTLSv1_client_method(void) {

  195.   return DTLSv1_method();

  196. }

  197. 

  198. const SSL_METHOD *DTLS_server_method(void) {

  199.   return DTLS_method();

  200. }

  201. 

  202. const SSL_METHOD *DTLS_client_method(void) {

  203.   return DTLS_method();

  204. }