kris
/
boringssl
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
340 Révisions
12 Branches
38 MiB
 
 
 
 
 
 
Aborescence: 7fdeaf1101
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '7fdeaf1101'
${ noResults }
boringssl/ssl/d1_lib.c

516 lignes
13 KiB
Brut Annotations Historique 

  1. /*

  2.  * DTLS implementation written by Nagendra Modadugu

  3.  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

  4.  */

  5. /* ====================================================================

  6.  * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

  7.  *

  8.  * Redistribution and use in source and binary forms, with or without

  9.  * modification, are permitted provided that the following conditions

  10.  * are met:

  11.  *

  12.  * 1. Redistributions of source code must retain the above copyright

  13.  *    notice, this list of conditions and the following disclaimer.

  14.  *

  15.  * 2. Redistributions in binary form must reproduce the above copyright

  16.  *    notice, this list of conditions and the following disclaimer in

  17.  *    the documentation and/or other materials provided with the

  18.  *    distribution.

  19.  *

  20.  * 3. All advertising materials mentioning features or use of this

  21.  *    software must display the following acknowledgment:

  22.  *    "This product includes software developed by the OpenSSL Project

  23.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  24.  *

  25.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  26.  *    endorse or promote products derived from this software without

  27.  *    prior written permission. For written permission, please contact

  28.  *    openssl-core@OpenSSL.org.

  29.  *

  30.  * 5. Products derived from this software may not be called "OpenSSL"

  31.  *    nor may "OpenSSL" appear in their names without prior written

  32.  *    permission of the OpenSSL Project.

  33.  *

  34.  * 6. Redistributions of any form whatsoever must retain the following

  35.  *    acknowledgment:

  36.  *    "This product includes software developed by the OpenSSL Project

  37.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  38.  *

  39.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  40.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  41.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  42.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  43.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  44.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  45.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  46.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  48.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  49.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  50.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  51.  * ====================================================================

  52.  *

  53.  * This product includes cryptographic software written by Eric Young

  54.  * (eay@cryptsoft.com).  This product includes software written by Tim

  55.  * Hudson (tjh@cryptsoft.com). */

  56. 

  57. #include <openssl/base.h>

  58. 

  59. #include <stdio.h>

  60. 

  61. #if defined(OPENSSL_WINDOWS)

  62. #include <sys/timeb.h>

  63. #else

  64. #include <sys/socket.h>

  65. #endif

  66. 

  67. #include <openssl/err.h>

  68. #include <openssl/mem.h>

  69. #include <openssl/obj.h>

  70. 

  71. #include "ssl_locl.h"

  72. 

  73. static void get_current_time(struct timeval *t);

  74. static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len);

  75. static int dtls1_handshake_write(SSL *s);

  76. int dtls1_listen(SSL *s, struct sockaddr *client);

  77. 

  78. SSL3_ENC_METHOD DTLSv1_enc_data={

  79.     	tls1_enc,

  80. 	tls1_mac,

  81. 	tls1_setup_key_block,

  82. 	tls1_generate_master_secret,

  83. 	tls1_change_cipher_state,

  84. 	tls1_final_finish_mac,

  85. 	TLS1_FINISH_MAC_LENGTH,

  86. 	tls1_cert_verify_mac,

  87. 	TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,

  88. 	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,

  89. 	tls1_alert_code,

  90. 	tls1_export_keying_material,

  91. 	SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV,

  92. 	DTLS1_HM_HEADER_LENGTH,

  93. 	dtls1_set_handshake_header,

  94. 	dtls1_handshake_write	

  95. 	};

  96. 

  97. SSL3_ENC_METHOD DTLSv1_2_enc_data={

  98.     	tls1_enc,

  99. 	tls1_mac,

  100. 	tls1_setup_key_block,

  101. 	tls1_generate_master_secret,

  102. 	tls1_change_cipher_state,

  103. 	tls1_final_finish_mac,

  104. 	TLS1_FINISH_MAC_LENGTH,

  105. 	tls1_cert_verify_mac,

  106. 	TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,

  107. 	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,

  108. 	tls1_alert_code,

  109. 	tls1_export_keying_material,

  110. 	SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS

  111. 		|SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS,

  112. 	DTLS1_HM_HEADER_LENGTH,

  113. 	dtls1_set_handshake_header,

  114. 	dtls1_handshake_write	

  115. 	};

  116. 

  117. long dtls1_default_timeout(void)

  118. 	{

  119. 	/* 2 hours, the 24 hours mentioned in the DTLSv1 spec

  120. 	 * is way too long for http, the cache would over fill */

  121. 	return(60*60*2);

  122. 	}

  123. 

  124. int dtls1_new(SSL *s)

  125. 	{

  126. 	DTLS1_STATE *d1;

  127. 

  128. 	if (!ssl3_new(s)) return(0);

  129. 	if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL)

  130. 		{

  131. 		ssl3_free(s);

  132. 		return (0);

  133. 		}

  134. 	memset(d1,0, sizeof *d1);

  135. 

  136. 	/* d1->handshake_epoch=0; */

  137. 

  138. 	d1->unprocessed_rcds.q=pqueue_new();

  139. 	d1->processed_rcds.q=pqueue_new();

  140. 	d1->buffered_messages = pqueue_new();

  141. 	d1->sent_messages=pqueue_new();

  142. 	d1->buffered_app_data.q=pqueue_new();

  143. 

  144. 	if ( s->server)

  145. 		{

  146. 		d1->cookie_len = sizeof(s->d1->cookie);

  147. 		}

  148. 

  149. 	if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q 

  150.         || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)

  151. 		{

  152.         if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);

  153.         if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);

  154.         if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);

  155. 		if ( d1->sent_messages) pqueue_free(d1->sent_messages);

  156. 		if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);

  157. 		OPENSSL_free(d1);

  158. 		ssl3_free(s);

  159. 		return (0);

  160. 		}

  161. 

  162. 	s->d1=d1;

  163. 	s->method->ssl_clear(s);

  164. 	return(1);

  165. 	}

  166. 

  167. static void dtls1_clear_queues(SSL *s)

  168. 	{

  169.     pitem *item = NULL;

  170.     hm_fragment *frag = NULL;

  171. 	DTLS1_RECORD_DATA *rdata;

  172. 

  173.     while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)

  174.         {

  175. 		rdata = (DTLS1_RECORD_DATA *) item->data;

  176. 		if (rdata->rbuf.buf)

  177. 			{

  178. 			OPENSSL_free(rdata->rbuf.buf);

  179. 			}

  180.         OPENSSL_free(item->data);

  181.         pitem_free(item);

  182.         }

  183. 

  184.     while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)

  185.         {

  186. 		rdata = (DTLS1_RECORD_DATA *) item->data;

  187. 		if (rdata->rbuf.buf)

  188. 			{

  189. 			OPENSSL_free(rdata->rbuf.buf);

  190. 			}

  191.         OPENSSL_free(item->data);

  192.         pitem_free(item);

  193.         }

  194. 

  195.     while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)

  196.         {

  197.         frag = (hm_fragment *)item->data;

  198.         OPENSSL_free(frag->fragment);

  199.         OPENSSL_free(frag);

  200.         pitem_free(item);

  201.         }

  202. 

  203.     while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)

  204.         {

  205.         frag = (hm_fragment *)item->data;

  206.         OPENSSL_free(frag->fragment);

  207.         OPENSSL_free(frag);

  208.         pitem_free(item);

  209.         }

  210. 

  211. 	while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)

  212. 		{

  213. 		rdata = (DTLS1_RECORD_DATA *) item->data;

  214. 		if (rdata->rbuf.buf)

  215. 			{

  216. 			OPENSSL_free(rdata->rbuf.buf);

  217. 			}

  218. 		OPENSSL_free(item->data);

  219. 		pitem_free(item);

  220. 		}

  221. 	}

  222. 

  223. void dtls1_free(SSL *s)

  224. 	{

  225. 	ssl3_free(s);

  226. 

  227. 	dtls1_clear_queues(s);

  228. 

  229.     pqueue_free(s->d1->unprocessed_rcds.q);

  230.     pqueue_free(s->d1->processed_rcds.q);

  231.     pqueue_free(s->d1->buffered_messages);

  232. 	pqueue_free(s->d1->sent_messages);

  233. 	pqueue_free(s->d1->buffered_app_data.q);

  234. 

  235. 	OPENSSL_free(s->d1);

  236. 	s->d1 = NULL;

  237. 	}

  238. 

  239. void dtls1_clear(SSL *s)

  240. 	{

  241.     pqueue unprocessed_rcds;

  242.     pqueue processed_rcds;

  243.     pqueue buffered_messages;

  244. 	pqueue sent_messages;

  245. 	pqueue buffered_app_data;

  246. 	unsigned int mtu;

  247. 

  248. 	if (s->d1)

  249. 		{

  250. 		unprocessed_rcds = s->d1->unprocessed_rcds.q;

  251. 		processed_rcds = s->d1->processed_rcds.q;

  252. 		buffered_messages = s->d1->buffered_messages;

  253. 		sent_messages = s->d1->sent_messages;

  254. 		buffered_app_data = s->d1->buffered_app_data.q;

  255. 		mtu = s->d1->mtu;

  256. 

  257. 		dtls1_clear_queues(s);

  258. 

  259. 		memset(s->d1, 0, sizeof(*(s->d1)));

  260. 

  261. 		if (s->server)

  262. 			{

  263. 			s->d1->cookie_len = sizeof(s->d1->cookie);

  264. 			}

  265. 

  266. 		if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)

  267. 			{

  268. 			s->d1->mtu = mtu;

  269. 			}

  270. 

  271. 		s->d1->unprocessed_rcds.q = unprocessed_rcds;

  272. 		s->d1->processed_rcds.q = processed_rcds;

  273. 		s->d1->buffered_messages = buffered_messages;

  274. 		s->d1->sent_messages = sent_messages;

  275. 		s->d1->buffered_app_data.q = buffered_app_data;

  276. 		}

  277. 

  278. 	ssl3_clear(s);

  279. 	if (s->options & SSL_OP_CISCO_ANYCONNECT)

  280. 		s->version=DTLS1_BAD_VER;

  281. 	else if (s->method->version == DTLS_ANY_VERSION)

  282. 		s->version=DTLS1_2_VERSION;

  283. 	else

  284. 		s->version=s->method->version;

  285. 	}

  286. 

  287. long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)

  288. 	{

  289. 	int ret=0;

  290. 

  291. 	switch (cmd)

  292. 		{

  293. 	case DTLS_CTRL_GET_TIMEOUT:

  294. 		if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL)

  295. 			{

  296. 			ret = 1;

  297. 			}

  298. 		break;

  299. 	case DTLS_CTRL_HANDLE_TIMEOUT:

  300. 		ret = dtls1_handle_timeout(s);

  301. 		break;

  302. 	case DTLS_CTRL_LISTEN:

  303. 		ret = dtls1_listen(s, parg);

  304. 		break;

  305. 

  306. 	default:

  307. 		ret = ssl3_ctrl(s, cmd, larg, parg);

  308. 		break;

  309. 		}

  310. 	return(ret);

  311. 	}

  312. 

  313. /*

  314.  * As it's impossible to use stream ciphers in "datagram" mode, this

  315.  * simple filter is designed to disengage them in DTLS. Unfortunately

  316.  * there is no universal way to identify stream SSL_CIPHER, so we have

  317.  * to explicitly list their SSL_* codes. Currently RC4 is the only one

  318.  * available, but if new ones emerge, they will have to be added...

  319.  */

  320. const SSL_CIPHER *dtls1_get_cipher(unsigned int u)

  321. 	{

  322. 	const SSL_CIPHER *ciph = ssl3_get_cipher(u);

  323. 

  324. 	if (ciph != NULL)

  325. 		{

  326. 		if (ciph->algorithm_enc == SSL_RC4)

  327. 			return NULL;

  328. 		}

  329. 

  330. 	return ciph;

  331. 	}

  332. 

  333. void dtls1_start_timer(SSL *s)

  334. 	{

  335. 	/* If timer is not set, initialize duration with 1 second */

  336. 	if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)

  337. 		{

  338. 		s->d1->timeout_duration = 1;

  339. 		}

  340. 	

  341. 	/* Set timeout to current time */

  342. 	get_current_time(&(s->d1->next_timeout));

  343. 

  344. 	/* Add duration to current time */

  345. 	s->d1->next_timeout.tv_sec += s->d1->timeout_duration;

  346. 	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));

  347. 	}

  348. 

  349. struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)

  350. 	{

  351. 	struct timeval timenow;

  352. 

  353. 	/* If no timeout is set, just return NULL */

  354. 	if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)

  355. 		{

  356. 		return NULL;

  357. 		}

  358. 

  359. 	/* Get current time */

  360. 	get_current_time(&timenow);

  361. 

  362. 	/* If timer already expired, set remaining time to 0 */

  363. 	if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||

  364. 		(s->d1->next_timeout.tv_sec == timenow.tv_sec &&

  365. 		 s->d1->next_timeout.tv_usec <= timenow.tv_usec))

  366. 		{

  367. 		memset(timeleft, 0, sizeof(struct timeval));

  368. 		return timeleft;

  369. 		}

  370. 

  371. 	/* Calculate time left until timer expires */

  372. 	memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));

  373. 	timeleft->tv_sec -= timenow.tv_sec;

  374. 	timeleft->tv_usec -= timenow.tv_usec;

  375. 	if (timeleft->tv_usec < 0)

  376. 		{

  377. 		timeleft->tv_sec--;

  378. 		timeleft->tv_usec += 1000000;

  379. 		}

  380. 

  381. 	/* If remaining time is less than 15 ms, set it to 0

  382. 	 * to prevent issues because of small devergences with

  383. 	 * socket timeouts.

  384. 	 */

  385. 	if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)

  386. 		{

  387. 		memset(timeleft, 0, sizeof(struct timeval));

  388. 		}

  389. 	

  390. 

  391. 	return timeleft;

  392. 	}

  393. 

  394. int dtls1_is_timer_expired(SSL *s)

  395. 	{

  396. 	struct timeval timeleft;

  397. 

  398. 	/* Get time left until timeout, return false if no timer running */

  399. 	if (dtls1_get_timeout(s, &timeleft) == NULL)

  400. 		{

  401. 		return 0;

  402. 		}

  403. 

  404. 	/* Return false if timer is not expired yet */

  405. 	if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)

  406. 		{

  407. 		return 0;

  408. 		}

  409. 

  410. 	/* Timer expired, so return true */	

  411. 	return 1;

  412. 	}

  413. 

  414. void dtls1_double_timeout(SSL *s)

  415. 	{

  416. 	s->d1->timeout_duration *= 2;

  417. 	if (s->d1->timeout_duration > 60)

  418. 		s->d1->timeout_duration = 60;

  419. 	dtls1_start_timer(s);

  420. 	}

  421. 

  422. void dtls1_stop_timer(SSL *s)

  423. 	{

  424. 	/* Reset everything */

  425. 	memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));

  426. 	memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));

  427. 	s->d1->timeout_duration = 1;

  428. 	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));

  429. 	/* Clear retransmission buffer */

  430. 	dtls1_clear_record_buffer(s);

  431. 	}

  432. 

  433. int dtls1_check_timeout_num(SSL *s)

  434. 	{

  435. 	s->d1->timeout.num_alerts++;

  436. 

  437. 	/* Reduce MTU after 2 unsuccessful retransmissions */

  438. 	if (s->d1->timeout.num_alerts > 2)

  439. 		{

  440. 		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);		

  441. 		}

  442. 

  443. 	if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)

  444. 		{

  445. 		/* fail the connection, enough alerts have been sent */

  446. 		OPENSSL_PUT_ERROR(SSL, dtls1_check_timeout_num, SSL_R_READ_TIMEOUT_EXPIRED);

  447. 		return -1;

  448. 		}

  449. 

  450. 	return 0;

  451. 	}

  452. 

  453. int dtls1_handle_timeout(SSL *s)

  454. 	{

  455. 	/* if no timer is expired, don't do anything */

  456. 	if (!dtls1_is_timer_expired(s))

  457. 		{

  458. 		return 0;

  459. 		}

  460. 

  461. 	dtls1_double_timeout(s);

  462. 

  463. 	if (dtls1_check_timeout_num(s) < 0)

  464. 		return -1;

  465. 

  466. 	s->d1->timeout.read_timeouts++;

  467. 	if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)

  468. 		{

  469. 		s->d1->timeout.read_timeouts = 1;

  470. 		}

  471. 

  472. 	dtls1_start_timer(s);

  473. 	return dtls1_retransmit_buffered_messages(s);

  474. 	}

  475. 

  476. static void get_current_time(struct timeval *t)

  477. {

  478. #ifdef OPENSSL_SYS_WIN32

  479. 	struct _timeb tb;

  480. 	_ftime(&tb);

  481. 	t->tv_sec = (long)tb.time;

  482. 	t->tv_usec = (long)tb.millitm * 1000;

  483. #else

  484. 	gettimeofday(t, NULL);

  485. #endif

  486. }

  487. 

  488. int dtls1_listen(SSL *s, struct sockaddr *client)

  489. 	{

  490. 	int ret;

  491. 

  492. 	SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);

  493. 	s->d1->listen = 1;

  494. 

  495. 	ret = SSL_accept(s);

  496. 	if (ret <= 0) return ret;

  497. 	

  498. 	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_GET_PEER, 0, &client);

  499. 	return 1;

  500. 	}

  501. 

  502. static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)

  503. 	{

  504. 	unsigned char *p = (unsigned char *)s->init_buf->data;

  505. 	dtls1_set_message_header(s, p, htype, len, 0, len);

  506. 	s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;

  507. 	s->init_off = 0;

  508. 	/* Buffer the message to handle re-xmits */

  509. 	dtls1_buffer_message(s, 0);

  510. 	}

  511. 

  512. static int dtls1_handshake_write(SSL *s)

  513. 	{

  514. 	return dtls1_do_write(s, SSL3_RT_HANDSHAKE);

  515. 	}