kris
/
boringssl
1
0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Non puoi selezionare più di 25 argomenti Gli argomenti devono iniziare con una lettera o un numero, possono includere trattini ('-') e possono essere lunghi fino a 35 caratteri.
748 Commit
12 Rami (Branch)
38 MiB
 
 
 
 
 
 
Albero (Tree): cf70188d53
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da 'cf70188d53'
${ noResults }
boringssl/ssl/d1_lib.c

476 righe
14 KiB
Originale Blame Cronologia 

  1. /*

  2.  * DTLS implementation written by Nagendra Modadugu

  3.  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

  4.  */

  5. /* ====================================================================

  6.  * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

  7.  *

  8.  * Redistribution and use in source and binary forms, with or without

  9.  * modification, are permitted provided that the following conditions

  10.  * are met:

  11.  *

  12.  * 1. Redistributions of source code must retain the above copyright

  13.  *    notice, this list of conditions and the following disclaimer.

  14.  *

  15.  * 2. Redistributions in binary form must reproduce the above copyright

  16.  *    notice, this list of conditions and the following disclaimer in

  17.  *    the documentation and/or other materials provided with the

  18.  *    distribution.

  19.  *

  20.  * 3. All advertising materials mentioning features or use of this

  21.  *    software must display the following acknowledgment:

  22.  *    "This product includes software developed by the OpenSSL Project

  23.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  24.  *

  25.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  26.  *    endorse or promote products derived from this software without

  27.  *    prior written permission. For written permission, please contact

  28.  *    openssl-core@OpenSSL.org.

  29.  *

  30.  * 5. Products derived from this software may not be called "OpenSSL"

  31.  *    nor may "OpenSSL" appear in their names without prior written

  32.  *    permission of the OpenSSL Project.

  33.  *

  34.  * 6. Redistributions of any form whatsoever must retain the following

  35.  *    acknowledgment:

  36.  *    "This product includes software developed by the OpenSSL Project

  37.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  38.  *

  39.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  40.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  41.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  42.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  43.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  44.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  45.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  46.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  48.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  49.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  50.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  51.  * ====================================================================

  52.  *

  53.  * This product includes cryptographic software written by Eric Young

  54.  * (eay@cryptsoft.com).  This product includes software written by Tim

  55.  * Hudson (tjh@cryptsoft.com). */

  56. 

  57. #include <openssl/base.h>

  58. 

  59. #include <stdio.h>

  60. 

  61. #if defined(OPENSSL_WINDOWS)

  62. #include <sys/timeb.h>

  63. #else

  64. #include <sys/socket.h>

  65. #include <sys/time.h>

  66. #endif

  67. 

  68. #include <openssl/err.h>

  69. #include <openssl/mem.h>

  70. #include <openssl/obj.h>

  71. 

  72. #include "ssl_locl.h"

  73. 

  74. static void get_current_time(OPENSSL_timeval *t);

  75. static OPENSSL_timeval *dtls1_get_timeout(SSL *s, OPENSSL_timeval *timeleft);

  76. static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len);

  77. static int dtls1_handshake_write(SSL *s);

  78. 

  79. const SSL3_ENC_METHOD DTLSv1_enc_data = {

  80.   tls1_enc,

  81.   tls1_mac,

  82.   tls1_setup_key_block,

  83.   tls1_generate_master_secret,

  84.   tls1_change_cipher_state,

  85.   tls1_final_finish_mac,

  86.   TLS1_FINISH_MAC_LENGTH,

  87.   tls1_cert_verify_mac,

  88.   TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,

  89.   TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,

  90.   tls1_alert_code,

  91.   tls1_export_keying_material,

  92.   SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV,

  93.   DTLS1_HM_HEADER_LENGTH,

  94.   dtls1_set_handshake_header,

  95.   dtls1_handshake_write,

  96. };

  97. 

  98. const SSL3_ENC_METHOD DTLSv1_2_enc_data = {

  99.   tls1_enc,

  100.   tls1_mac,

  101.   tls1_setup_key_block,

  102.   tls1_generate_master_secret,

  103.   tls1_change_cipher_state,

  104.   tls1_final_finish_mac,

  105.   TLS1_FINISH_MAC_LENGTH,

  106.   tls1_cert_verify_mac,

  107.   TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,

  108.   TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,

  109.   tls1_alert_code,

  110.   tls1_export_keying_material,

  111.   SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS |

  112.       SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS,

  113.   DTLS1_HM_HEADER_LENGTH,

  114.   dtls1_set_handshake_header,

  115.   dtls1_handshake_write,

  116. };

  117. 

  118. int dtls1_new(SSL *s) {

  119.   DTLS1_STATE *d1;

  120. 

  121.   if (!ssl3_new(s)) {

  122.     return 0;

  123.   }

  124.   d1 = OPENSSL_malloc(sizeof *d1);

  125.   if (d1 == NULL) {

  126.     ssl3_free(s);

  127.     return 0;

  128.   }

  129.   memset(d1, 0, sizeof *d1);

  130. 

  131.   d1->unprocessed_rcds.q = pqueue_new();

  132.   d1->processed_rcds.q = pqueue_new();

  133.   d1->buffered_messages = pqueue_new();

  134.   d1->sent_messages = pqueue_new();

  135.   d1->buffered_app_data.q = pqueue_new();

  136. 

  137.   if (s->server) {

  138.     d1->cookie_len = sizeof(s->d1->cookie);

  139.   }

  140. 

  141.   if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q ||

  142.       !d1->buffered_messages || !d1->sent_messages ||

  143.       !d1->buffered_app_data.q) {

  144.     if (d1->unprocessed_rcds.q) {

  145.       pqueue_free(d1->unprocessed_rcds.q);

  146.     }

  147.     if (d1->processed_rcds.q) {

  148.       pqueue_free(d1->processed_rcds.q);

  149.     }

  150.     if (d1->buffered_messages) {

  151.       pqueue_free(d1->buffered_messages);

  152.     }

  153.     if (d1->sent_messages) {

  154.       pqueue_free(d1->sent_messages);

  155.     }

  156.     if (d1->buffered_app_data.q) {

  157.       pqueue_free(d1->buffered_app_data.q);

  158.     }

  159.     OPENSSL_free(d1);

  160.     ssl3_free(s);

  161.     return 0;

  162.   }

  163. 

  164.   s->d1 = d1;

  165.   s->method->ssl_clear(s);

  166.   return 1;

  167. }

  168. 

  169. static void dtls1_clear_queues(SSL *s) {

  170.   pitem *item = NULL;

  171.   hm_fragment *frag = NULL;

  172.   DTLS1_RECORD_DATA *rdata;

  173. 

  174.   while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {

  175.     rdata = (DTLS1_RECORD_DATA *)item->data;

  176.     if (rdata->rbuf.buf) {

  177.       OPENSSL_free(rdata->rbuf.buf);

  178.     }

  179.     OPENSSL_free(item->data);

  180.     pitem_free(item);

  181.   }

  182. 

  183.   while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {

  184.     rdata = (DTLS1_RECORD_DATA *)item->data;

  185.     if (rdata->rbuf.buf) {

  186.       OPENSSL_free(rdata->rbuf.buf);

  187.     }

  188.     OPENSSL_free(item->data);

  189.     pitem_free(item);

  190.   }

  191. 

  192.   while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {

  193.     frag = (hm_fragment *)item->data;

  194.     dtls1_hm_fragment_free(frag);

  195.     pitem_free(item);

  196.   }

  197. 

  198.   while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {

  199.     frag = (hm_fragment *)item->data;

  200.     dtls1_hm_fragment_free(frag);

  201.     pitem_free(item);

  202.   }

  203. 

  204.   while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {

  205.     rdata = (DTLS1_RECORD_DATA *)item->data;

  206.     if (rdata->rbuf.buf) {

  207.       OPENSSL_free(rdata->rbuf.buf);

  208.     }

  209.     OPENSSL_free(item->data);

  210.     pitem_free(item);

  211.   }

  212. }

  213. 

  214. void dtls1_free(SSL *s) {

  215.   ssl3_free(s);

  216. 

  217.   dtls1_clear_queues(s);

  218. 

  219.   pqueue_free(s->d1->unprocessed_rcds.q);

  220.   pqueue_free(s->d1->processed_rcds.q);

  221.   pqueue_free(s->d1->buffered_messages);

  222.   pqueue_free(s->d1->sent_messages);

  223.   pqueue_free(s->d1->buffered_app_data.q);

  224. 

  225.   OPENSSL_free(s->d1);

  226.   s->d1 = NULL;

  227. }

  228. 

  229. void dtls1_clear(SSL *s) {

  230.   pqueue unprocessed_rcds;

  231.   pqueue processed_rcds;

  232.   pqueue buffered_messages;

  233.   pqueue sent_messages;

  234.   pqueue buffered_app_data;

  235.   unsigned int mtu;

  236. 

  237.   if (s->d1) {

  238.     unprocessed_rcds = s->d1->unprocessed_rcds.q;

  239.     processed_rcds = s->d1->processed_rcds.q;

  240.     buffered_messages = s->d1->buffered_messages;

  241.     sent_messages = s->d1->sent_messages;

  242.     buffered_app_data = s->d1->buffered_app_data.q;

  243.     mtu = s->d1->mtu;

  244. 

  245.     dtls1_clear_queues(s);

  246. 

  247.     memset(s->d1, 0, sizeof(*(s->d1)));

  248. 

  249.     if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {

  250.       s->d1->mtu = mtu;

  251.     }

  252. 

  253.     s->d1->unprocessed_rcds.q = unprocessed_rcds;

  254.     s->d1->processed_rcds.q = processed_rcds;

  255.     s->d1->buffered_messages = buffered_messages;

  256.     s->d1->sent_messages = sent_messages;

  257.     s->d1->buffered_app_data.q = buffered_app_data;

  258.   }

  259. 

  260.   ssl3_clear(s);

  261.   s->version = DTLS1_2_VERSION;

  262. }

  263. 

  264. long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) {

  265.   int ret = 0;

  266. 

  267.   switch (cmd) {

  268.     case DTLS_CTRL_GET_TIMEOUT:

  269.       if (dtls1_get_timeout(s, (OPENSSL_timeval *)parg) != NULL) {

  270.         ret = 1;

  271.       }

  272.       break;

  273. 

  274.     case DTLS_CTRL_HANDLE_TIMEOUT:

  275.       ret = dtls1_handle_timeout(s);

  276.       break;

  277. 

  278.     default:

  279.       ret = ssl3_ctrl(s, cmd, larg, parg);

  280.       break;

  281.   }

  282. 

  283.   return ret;

  284. }

  285. 

  286. /* As it's impossible to use stream ciphers in "datagram" mode, this

  287.  * simple filter is designed to disengage them in DTLS. Unfortunately

  288.  * there is no universal way to identify stream SSL_CIPHER, so we have

  289.  * to explicitly list their SSL_* codes. Currently RC4 is the only one

  290.  * available, but if new ones emerge, they will have to be added... */

  291. const SSL_CIPHER *dtls1_get_cipher(unsigned int u) {

  292.   const SSL_CIPHER *ciph = ssl3_get_cipher(u);

  293. 

  294.   if (ciph != NULL) {

  295.     if (ciph->algorithm_enc == SSL_RC4) {

  296.       return NULL;

  297.     }

  298.     /* TODO(davidben): EVP_AEAD does not work in DTLS yet. */

  299.     if (ciph->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD ||

  300.         ciph->algorithm2 & SSL_CIPHER_ALGORITHM2_STATEFUL_AEAD) {

  301.       return NULL;

  302.     }

  303.   }

  304. 

  305.   return ciph;

  306. }

  307. 

  308. void dtls1_start_timer(SSL *s) {

  309.   /* If timer is not set, initialize duration with 1 second */

  310.   if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {

  311.     s->d1->timeout_duration = 1;

  312.   }

  313. 

  314.   /* Set timeout to current time */

  315.   get_current_time(&s->d1->next_timeout);

  316. 

  317.   /* Add duration to current time */

  318.   s->d1->next_timeout.tv_sec += s->d1->timeout_duration;

  319.   BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,

  320.            &s->d1->next_timeout);

  321. }

  322. 

  323. static OPENSSL_timeval *dtls1_get_timeout(SSL *s, OPENSSL_timeval *timeleft) {

  324.   OPENSSL_timeval timenow;

  325. 

  326.   /* If no timeout is set, just return NULL */

  327.   if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {

  328.     return NULL;

  329.   }

  330. 

  331.   /* Get current time */

  332.   get_current_time(&timenow);

  333. 

  334.   /* If timer already expired, set remaining time to 0 */

  335.   if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||

  336.       (s->d1->next_timeout.tv_sec == timenow.tv_sec &&

  337.        s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {

  338.     memset(timeleft, 0, sizeof(OPENSSL_timeval));

  339.     return timeleft;

  340.   }

  341. 

  342.   /* Calculate time left until timer expires */

  343.   memcpy(timeleft, &s->d1->next_timeout, sizeof(OPENSSL_timeval));

  344.   timeleft->tv_sec -= timenow.tv_sec;

  345.   timeleft->tv_usec -= timenow.tv_usec;

  346.   if (timeleft->tv_usec < 0) {

  347.     timeleft->tv_sec--;

  348.     timeleft->tv_usec += 1000000;

  349.   }

  350. 

  351.   /* If remaining time is less than 15 ms, set it to 0 to prevent issues

  352.    * because of small devergences with socket timeouts. */

  353.   if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {

  354.     memset(timeleft, 0, sizeof(OPENSSL_timeval));

  355.   }

  356. 

  357.   return timeleft;

  358. }

  359. 

  360. int dtls1_is_timer_expired(SSL *s) {

  361.   OPENSSL_timeval timeleft;

  362. 

  363.   /* Get time left until timeout, return false if no timer running */

  364.   if (dtls1_get_timeout(s, &timeleft) == NULL) {

  365.     return 0;

  366.   }

  367. 

  368.   /* Return false if timer is not expired yet */

  369.   if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {

  370.     return 0;

  371.   }

  372. 

  373.   /* Timer expired, so return true */

  374.   return 1;

  375. }

  376. 

  377. void dtls1_double_timeout(SSL *s) {

  378.   s->d1->timeout_duration *= 2;

  379.   if (s->d1->timeout_duration > 60) {

  380.     s->d1->timeout_duration = 60;

  381.   }

  382.   dtls1_start_timer(s);

  383. }

  384. 

  385. void dtls1_stop_timer(SSL *s) {

  386.   /* Reset everything */

  387.   memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));

  388.   memset(&s->d1->next_timeout, 0, sizeof(OPENSSL_timeval));

  389.   s->d1->timeout_duration = 1;

  390.   BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,

  391.            &s->d1->next_timeout);

  392.   /* Clear retransmission buffer */

  393.   dtls1_clear_record_buffer(s);

  394. }

  395. 

  396. int dtls1_check_timeout_num(SSL *s) {

  397.   s->d1->timeout.num_alerts++;

  398. 

  399.   /* Reduce MTU after 2 unsuccessful retransmissions */

  400.   if (s->d1->timeout.num_alerts > 2) {

  401.     s->d1->mtu =

  402.         BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);

  403.   }

  404. 

  405.   if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {

  406.     /* fail the connection, enough alerts have been sent */

  407.     OPENSSL_PUT_ERROR(SSL, dtls1_check_timeout_num, SSL_R_READ_TIMEOUT_EXPIRED);

  408.     return -1;

  409.   }

  410. 

  411.   return 0;

  412. }

  413. 

  414. int dtls1_handle_timeout(SSL *s) {

  415.   /* if no timer is expired, don't do anything */

  416.   if (!dtls1_is_timer_expired(s)) {

  417.     return 0;

  418.   }

  419. 

  420.   dtls1_double_timeout(s);

  421. 

  422.   if (dtls1_check_timeout_num(s) < 0) {

  423.     return -1;

  424.   }

  425. 

  426.   s->d1->timeout.read_timeouts++;

  427.   if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {

  428.     s->d1->timeout.read_timeouts = 1;

  429.   }

  430. 

  431.   dtls1_start_timer(s);

  432.   return dtls1_retransmit_buffered_messages(s);

  433. }

  434. 

  435. static void get_current_time(OPENSSL_timeval *t) {

  436. #if defined(OPENSSL_WINDOWS)

  437.   struct _timeb time;

  438.   _ftime(&time);

  439.   t->tv_sec = time.time;

  440.   t->tv_usec = time.millitm * 1000;

  441. #else

  442.   gettimeofday(t, NULL);

  443. #endif

  444. }

  445. 

  446. static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) {

  447.   uint8_t *message = (uint8_t *)s->init_buf->data;

  448.   const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;

  449.   uint8_t serialised_header[DTLS1_HM_HEADER_LENGTH];

  450.   uint8_t *p = serialised_header;

  451. 

  452.   s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;

  453.   s->d1->next_handshake_write_seq++;

  454. 

  455.   dtls1_set_message_header(s, htype, len, s->d1->handshake_write_seq, 0, len);

  456.   s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;

  457.   s->init_off = 0;

  458. 

  459.   /* Buffer the message to handle re-xmits */

  460.   dtls1_buffer_message(s, 0);

  461. 

  462.   /* Add the new message to the handshake hash. Serialize the message

  463.    * header as if it were a single fragment. */

  464.   *p++ = msg_hdr->type;

  465.   l2n3(msg_hdr->msg_len, p);

  466.   s2n(msg_hdr->seq, p);

  467.   l2n3(0, p);

  468.   l2n3(msg_hdr->msg_len, p);

  469.   ssl3_finish_mac(s, serialised_header, sizeof(serialised_header));

  470.   ssl3_finish_mac(s, message + DTLS1_HM_HEADER_LENGTH, len);

  471. }

  472. 

  473. static int dtls1_handshake_write(SSL *s) {

  474.   return dtls1_do_write(s, SSL3_RT_HANDSHAKE);

  475. }