Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / ded93581f1674f81faa0dba4b15a842756066ab2 / . / ssl / d1_lib.c
blob: 65cd7dadda18231b2f1de115262f166e576413fa [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/*
2 * DTLS implementation written by Nagendra Modadugu
3 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com). */
56
57#include <openssl/base.h>
58
59#include <stdio.h>
60
61#if defined(OPENSSL_WINDOWS)
62#include <sys/timeb.h>
63#else
64#include <sys/socket.h>
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]65#include <sys/time.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]66#endif
67
68#include <openssl/err.h>
69#include <openssl/mem.h>
70#include <openssl/obj.h>
71
72#include "ssl_locl.h"
73
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]74static void get_current_time(OPENSSL_timeval *t);
75static OPENSSL_timeval* dtls1_get_timeout(SSL *s, OPENSSL_timeval* timeleft);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]76static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len);
77static int dtls1_handshake_write(SSL *s);
78int dtls1_listen(SSL *s, struct sockaddr *client);
79
80SSL3_ENC_METHOD DTLSv1_enc_data={
81 tls1_enc,
82 tls1_mac,
83 tls1_setup_key_block,
84 tls1_generate_master_secret,
85 tls1_change_cipher_state,
86 tls1_final_finish_mac,
87 TLS1_FINISH_MAC_LENGTH,
88 tls1_cert_verify_mac,
89 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
90 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
91 tls1_alert_code,
92 tls1_export_keying_material,
93 SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV,
94 DTLS1_HM_HEADER_LENGTH,
95 dtls1_set_handshake_header,
96 dtls1_handshake_write
97 };
98
99SSL3_ENC_METHOD DTLSv1_2_enc_data={
100 tls1_enc,
101 tls1_mac,
102 tls1_setup_key_block,
103 tls1_generate_master_secret,
104 tls1_change_cipher_state,
105 tls1_final_finish_mac,
106 TLS1_FINISH_MAC_LENGTH,
107 tls1_cert_verify_mac,
108 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
109 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
110 tls1_alert_code,
111 tls1_export_keying_material,
112 SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS
113 |SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS,
114 DTLS1_HM_HEADER_LENGTH,
115 dtls1_set_handshake_header,
116 dtls1_handshake_write
117 };
118
119long dtls1_default_timeout(void)
120 {
121 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
122 * is way too long for http, the cache would over fill */
123 return(60*60*2);
124 }
125
126int dtls1_new(SSL *s)
127 {
128 DTLS1_STATE *d1;
129
130 if (!ssl3_new(s)) return(0);
Loganaden Velvindron389110a2014-06-26 17:46:27 -0700[diff] [blame]131 if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL)
132 {
133 ssl3_free(s);
134 return (0);
135 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]136 memset(d1,0, sizeof *d1);
137
138 /* d1->handshake_epoch=0; */
139
140 d1->unprocessed_rcds.q=pqueue_new();
141 d1->processed_rcds.q=pqueue_new();
142 d1->buffered_messages = pqueue_new();
143 d1->sent_messages=pqueue_new();
144 d1->buffered_app_data.q=pqueue_new();
145
146 if ( s->server)
147 {
148 d1->cookie_len = sizeof(s->d1->cookie);
149 }
150
151 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
152 || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
153 {
154 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
155 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
156 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
157 if ( d1->sent_messages) pqueue_free(d1->sent_messages);
158 if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);
159 OPENSSL_free(d1);
Loganaden Velvindron389110a2014-06-26 17:46:27 -0700[diff] [blame]160 ssl3_free(s);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]161 return (0);
162 }
163
164 s->d1=d1;
165 s->method->ssl_clear(s);
166 return(1);
167 }
168
169static void dtls1_clear_queues(SSL *s)
170 {
171 pitem *item = NULL;
172 hm_fragment *frag = NULL;
173 DTLS1_RECORD_DATA *rdata;
174
175 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
176 {
177 rdata = (DTLS1_RECORD_DATA *) item->data;
178 if (rdata->rbuf.buf)
179 {
180 OPENSSL_free(rdata->rbuf.buf);
181 }
182 OPENSSL_free(item->data);
183 pitem_free(item);
184 }
185
186 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
187 {
188 rdata = (DTLS1_RECORD_DATA *) item->data;
189 if (rdata->rbuf.buf)
190 {
191 OPENSSL_free(rdata->rbuf.buf);
192 }
193 OPENSSL_free(item->data);
194 pitem_free(item);
195 }
196
197 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
198 {
199 frag = (hm_fragment *)item->data;
200 OPENSSL_free(frag->fragment);
201 OPENSSL_free(frag);
202 pitem_free(item);
203 }
204
205 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
206 {
207 frag = (hm_fragment *)item->data;
208 OPENSSL_free(frag->fragment);
209 OPENSSL_free(frag);
210 pitem_free(item);
211 }
212
213 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
214 {
Adam Langleyfb5cd202014-06-20 12:00:00 -0700[diff] [blame]215 rdata = (DTLS1_RECORD_DATA *) item->data;
216 if (rdata->rbuf.buf)
217 {
218 OPENSSL_free(rdata->rbuf.buf);
219 }
220 OPENSSL_free(item->data);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]221 pitem_free(item);
222 }
223 }
224
225void dtls1_free(SSL *s)
226 {
227 ssl3_free(s);
228
229 dtls1_clear_queues(s);
230
231 pqueue_free(s->d1->unprocessed_rcds.q);
232 pqueue_free(s->d1->processed_rcds.q);
233 pqueue_free(s->d1->buffered_messages);
234 pqueue_free(s->d1->sent_messages);
235 pqueue_free(s->d1->buffered_app_data.q);
236
237 OPENSSL_free(s->d1);
238 s->d1 = NULL;
239 }
240
241void dtls1_clear(SSL *s)
242 {
243 pqueue unprocessed_rcds;
244 pqueue processed_rcds;
245 pqueue buffered_messages;
246 pqueue sent_messages;
247 pqueue buffered_app_data;
248 unsigned int mtu;
249
250 if (s->d1)
251 {
252 unprocessed_rcds = s->d1->unprocessed_rcds.q;
253 processed_rcds = s->d1->processed_rcds.q;
254 buffered_messages = s->d1->buffered_messages;
255 sent_messages = s->d1->sent_messages;
256 buffered_app_data = s->d1->buffered_app_data.q;
257 mtu = s->d1->mtu;
258
259 dtls1_clear_queues(s);
260
261 memset(s->d1, 0, sizeof(*(s->d1)));
262
263 if (s->server)
264 {
265 s->d1->cookie_len = sizeof(s->d1->cookie);
266 }
267
268 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
269 {
270 s->d1->mtu = mtu;
271 }
272
273 s->d1->unprocessed_rcds.q = unprocessed_rcds;
274 s->d1->processed_rcds.q = processed_rcds;
275 s->d1->buffered_messages = buffered_messages;
276 s->d1->sent_messages = sent_messages;
277 s->d1->buffered_app_data.q = buffered_app_data;
278 }
279
280 ssl3_clear(s);
281 if (s->options & SSL_OP_CISCO_ANYCONNECT)
282 s->version=DTLS1_BAD_VER;
283 else if (s->method->version == DTLS_ANY_VERSION)
284 s->version=DTLS1_2_VERSION;
285 else
286 s->version=s->method->version;
287 }
288
289long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
290 {
291 int ret=0;
292
293 switch (cmd)
294 {
295 case DTLS_CTRL_GET_TIMEOUT:
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]296 if (dtls1_get_timeout(s, (OPENSSL_timeval*) parg) != NULL)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]297 {
298 ret = 1;
299 }
300 break;
301 case DTLS_CTRL_HANDLE_TIMEOUT:
302 ret = dtls1_handle_timeout(s);
303 break;
304 case DTLS_CTRL_LISTEN:
305 ret = dtls1_listen(s, parg);
306 break;
307
308 default:
309 ret = ssl3_ctrl(s, cmd, larg, parg);
310 break;
311 }
312 return(ret);
313 }
314
315/*
316 * As it's impossible to use stream ciphers in "datagram" mode, this
317 * simple filter is designed to disengage them in DTLS. Unfortunately
318 * there is no universal way to identify stream SSL_CIPHER, so we have
319 * to explicitly list their SSL_* codes. Currently RC4 is the only one
320 * available, but if new ones emerge, they will have to be added...
321 */
322const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
323 {
324 const SSL_CIPHER *ciph = ssl3_get_cipher(u);
325
326 if (ciph != NULL)
327 {
328 if (ciph->algorithm_enc == SSL_RC4)
329 return NULL;
330 }
331
332 return ciph;
333 }
334
335void dtls1_start_timer(SSL *s)
336 {
337 /* If timer is not set, initialize duration with 1 second */
338 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
339 {
340 s->d1->timeout_duration = 1;
341 }
342
343 /* Set timeout to current time */
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]344 get_current_time(&s->d1->next_timeout);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]345
346 /* Add duration to current time */
347 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]348 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &s->d1->next_timeout);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]349 }
350
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]351static OPENSSL_timeval* dtls1_get_timeout(SSL *s, OPENSSL_timeval* timeleft)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]352 {
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]353 OPENSSL_timeval timenow;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]354
355 /* If no timeout is set, just return NULL */
356 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
357 {
358 return NULL;
359 }
360
361 /* Get current time */
362 get_current_time(&timenow);
363
364 /* If timer already expired, set remaining time to 0 */
365 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
366 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
367 s->d1->next_timeout.tv_usec <= timenow.tv_usec))
368 {
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]369 memset(timeleft, 0, sizeof(OPENSSL_timeval));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]370 return timeleft;
371 }
372
373 /* Calculate time left until timer expires */
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]374 memcpy(timeleft, &s->d1->next_timeout, sizeof(OPENSSL_timeval));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]375 timeleft->tv_sec -= timenow.tv_sec;
376 timeleft->tv_usec -= timenow.tv_usec;
377 if (timeleft->tv_usec < 0)
378 {
379 timeleft->tv_sec--;
380 timeleft->tv_usec += 1000000;
381 }
382
383 /* If remaining time is less than 15 ms, set it to 0
384 * to prevent issues because of small devergences with
385 * socket timeouts.
386 */
387 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
388 {
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]389 memset(timeleft, 0, sizeof(OPENSSL_timeval));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]390 }
391
392
393 return timeleft;
394 }
395
396int dtls1_is_timer_expired(SSL *s)
397 {
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]398 OPENSSL_timeval timeleft;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]399
400 /* Get time left until timeout, return false if no timer running */
401 if (dtls1_get_timeout(s, &timeleft) == NULL)
402 {
403 return 0;
404 }
405
406 /* Return false if timer is not expired yet */
407 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
408 {
409 return 0;
410 }
411
412 /* Timer expired, so return true */
413 return 1;
414 }
415
416void dtls1_double_timeout(SSL *s)
417 {
418 s->d1->timeout_duration *= 2;
419 if (s->d1->timeout_duration > 60)
420 s->d1->timeout_duration = 60;
421 dtls1_start_timer(s);
422 }
423
424void dtls1_stop_timer(SSL *s)
425 {
426 /* Reset everything */
427 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]428 memset(&s->d1->next_timeout, 0, sizeof(OPENSSL_timeval));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]429 s->d1->timeout_duration = 1;
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]430 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &s->d1->next_timeout);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]431 /* Clear retransmission buffer */
432 dtls1_clear_record_buffer(s);
433 }
434
435int dtls1_check_timeout_num(SSL *s)
436 {
437 s->d1->timeout.num_alerts++;
438
439 /* Reduce MTU after 2 unsuccessful retransmissions */
440 if (s->d1->timeout.num_alerts > 2)
441 {
442 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
443 }
444
445 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
446 {
447 /* fail the connection, enough alerts have been sent */
448 OPENSSL_PUT_ERROR(SSL, dtls1_check_timeout_num, SSL_R_READ_TIMEOUT_EXPIRED);
449 return -1;
450 }
451
452 return 0;
453 }
454
455int dtls1_handle_timeout(SSL *s)
456 {
457 /* if no timer is expired, don't do anything */
458 if (!dtls1_is_timer_expired(s))
459 {
460 return 0;
461 }
462
463 dtls1_double_timeout(s);
464
465 if (dtls1_check_timeout_num(s) < 0)
466 return -1;
467
468 s->d1->timeout.read_timeouts++;
469 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
470 {
471 s->d1->timeout.read_timeouts = 1;
472 }
473
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]474 dtls1_start_timer(s);
475 return dtls1_retransmit_buffered_messages(s);
476 }
477
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]478static void get_current_time(OPENSSL_timeval *t)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]479{
Adam Langleyded93582014-07-31 15:23:51 -0700[diff] [blame^]480#if defined(OPENSSL_WINDOWS)
481 struct _timeb time;
482 _ftime(&time);
483 t->tv_sec = time.time;
484 t->tv_usec = time.millitm * 1000;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]485#else
486 gettimeofday(t, NULL);
487#endif
488}
489
490int dtls1_listen(SSL *s, struct sockaddr *client)
491 {
492 int ret;
493
494 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
495 s->d1->listen = 1;
496
497 ret = SSL_accept(s);
498 if (ret <= 0) return ret;
499
500 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_GET_PEER, 0, &client);
501 return 1;
502 }
503
504static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
505 {
506 unsigned char *p = (unsigned char *)s->init_buf->data;
507 dtls1_set_message_header(s, p, htype, len, 0, len);
508 s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH;
509 s->init_off = 0;
510 /* Buffer the message to handle re-xmits */
511 dtls1_buffer_message(s, 0);
512 }
513
514static int dtls1_handshake_write(SSL *s)
515 {
516 return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
517 }