kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7538122ca6
boringssl/include/openssl/dtls1.h
David Benjamin 7538122ca6 Rework DTLS handshake message reassembly logic. 
Notably, drop all special cases around receiving a message in order and
receiving a full message. It makes things more complicated and was the source
of bugs (the MixCompleteMessageWithFragments tests added in this CL did not
pass before). Instead, every message goes through an hm_fragment, and
dtls1_get_message always checks buffered_messages to see if the next is
complete.

The downside is that we pay one more copy of the message data in the common
case. This is only during connection setup, so I think it's worth the
simplicity. (If we want to optimize later, we could either tighten
ssl3_get_message's interface to allow the handshake data being in the
hm_fragment's backing store rather than s->init_buf or swap out s->init_buf
with the hm_fragment's backing store when a mesasge completes.

This CL does not address ssl_read_bytes being an inappropriate API for DTLS.
Future work will revise the handshake/transport boundary to align better with
DTLS's needs. Also other problems that I've left as TODOs.

Change-Id: Ib4570d45634b5181ecf192894d735e8699b1c86b
Reviewed-on: https://boringssl-review.googlesource.com/3764
Reviewed-by: Adam Langley <agl@google.com>
2015-03-10 00:56:45 +00:00

208 lines
6.6 KiB
C
Raw Blame History

/* ssl/dtls1.h */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com). */
#ifndef OPENSSL_HEADER_DTLS1_H
#define OPENSSL_HEADER_DTLS1_H
#include <openssl/base.h>
#include <openssl/buf.h>
#include <openssl/pqueue.h>
#ifdef __cplusplus
extern "C" {
#endif
#define DTLS1_VERSION 0xFEFF
#define DTLS1_2_VERSION 0xFEFD
/* lengths of messages */
#define DTLS1_COOKIE_LENGTH 256
#define DTLS1_RT_HEADER_LENGTH 13
#define DTLS1_HM_HEADER_LENGTH 12
#define DTLS1_CCS_HEADER_LENGTH 1
#define DTLS1_AL_HEADER_LENGTH 2
typedef struct dtls1_bitmap_st {
/* map is a bit mask of the last 64 sequence numbers. Bit
* |1<<i| corresponds to |max_seq_num - i|. */
uint64_t map;
/* max_seq_num is the largest sequence number seen so far. It
* is a 64-bit value in big-endian encoding. */
uint8_t max_seq_num[8];
} DTLS1_BITMAP;
/* TODO(davidben): This structure is used for both incoming messages and
* outgoing messages. |is_ccs| and |epoch| are only used in the latter and
* should be moved elsewhere. */
struct hm_header_st {
uint8_t type;
unsigned long msg_len;
uint16_t seq;
unsigned long frag_off;
unsigned long frag_len;
unsigned int is_ccs;
/* epoch, for buffered outgoing messages, is the epoch the message was
* originally sent in. */
uint16_t epoch;
};
struct ccs_header_st {
uint8_t type;
uint16_t seq;
};
typedef struct record_pqueue_st {
uint16_t epoch;
pqueue q;
} record_pqueue;
/* TODO(davidben): This structure is used for both incoming messages and
* outgoing messages. |fragment| and |reassembly| are only used in the former
* and should be moved elsewhere. */
typedef struct hm_fragment_st {
struct hm_header_st msg_header;
uint8_t *fragment;
uint8_t *reassembly;
} hm_fragment;
typedef struct dtls1_state_st {
/* send_cookie is true if we are resending the ClientHello
* with a cookie from a HelloVerifyRequest. */
unsigned int send_cookie;
uint8_t cookie[DTLS1_COOKIE_LENGTH];
size_t cookie_len;
/* The current data and handshake epoch. This is initially undefined, and
* starts at zero once the initial handshake is completed. */
uint16_t r_epoch;
uint16_t w_epoch;
/* records being received in the current epoch */
DTLS1_BITMAP bitmap;
/* renegotiation starts a new set of sequence numbers */
DTLS1_BITMAP next_bitmap;
/* handshake message numbers */
uint16_t handshake_write_seq;
uint16_t next_handshake_write_seq;
uint16_t handshake_read_seq;
/* save last sequence number for retransmissions */
uint8_t last_write_sequence[8];
/* Received handshake records (processed and unprocessed) */
record_pqueue unprocessed_rcds;
record_pqueue processed_rcds;
/* buffered_messages is a priority queue of incoming handshake messages that
* have yet to be processed.
*
* TODO(davidben): This data structure may as well be a ring buffer of fixed
* size. */
pqueue buffered_messages;
/* send_messages is a priority queue of outgoing handshake messages sent in
* the most recent handshake flight.
*
* TODO(davidben): This data structure may as well be a STACK_OF(T). */
pqueue sent_messages;
/* Buffered application records. Only for records between CCS and Finished to
* prevent either protocol violation or unnecessary message loss. */
record_pqueue buffered_app_data;
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
/* num_timeouts is the number of times the retransmit timer has fired since
* the last time it was reset. */
unsigned int num_timeouts;
/* Indicates when the last handshake msg or heartbeat sent will
* timeout. Because of header issues on Windows, this cannot actually be a
* struct timeval. */
OPENSSL_timeval next_timeout;
/* Timeout duration */
unsigned short timeout_duration;
unsigned int change_cipher_spec_ok;
} DTLS1_STATE;
typedef struct dtls1_record_data_st {
uint8_t *packet;
unsigned int packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
} DTLS1_RECORD_DATA;
#ifdef __cplusplus
} /* extern C */
#endif
#endif /* OPENSSL_HEADER_DTLS1_H */
Reference in New Issue View Git Blame Copy Permalink