/src/openssl/ssl/d1_lib.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* ssl/d1_lib.c */ |
2 | | /* |
3 | | * DTLS implementation written by Nagendra Modadugu |
4 | | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
5 | | */ |
6 | | /* ==================================================================== |
7 | | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. |
8 | | * |
9 | | * Redistribution and use in source and binary forms, with or without |
10 | | * modification, are permitted provided that the following conditions |
11 | | * are met: |
12 | | * |
13 | | * 1. Redistributions of source code must retain the above copyright |
14 | | * notice, this list of conditions and the following disclaimer. |
15 | | * |
16 | | * 2. Redistributions in binary form must reproduce the above copyright |
17 | | * notice, this list of conditions and the following disclaimer in |
18 | | * the documentation and/or other materials provided with the |
19 | | * distribution. |
20 | | * |
21 | | * 3. All advertising materials mentioning features or use of this |
22 | | * software must display the following acknowledgment: |
23 | | * "This product includes software developed by the OpenSSL Project |
24 | | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
25 | | * |
26 | | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
27 | | * endorse or promote products derived from this software without |
28 | | * prior written permission. For written permission, please contact |
29 | | * openssl-core@OpenSSL.org. |
30 | | * |
31 | | * 5. Products derived from this software may not be called "OpenSSL" |
32 | | * nor may "OpenSSL" appear in their names without prior written |
33 | | * permission of the OpenSSL Project. |
34 | | * |
35 | | * 6. Redistributions of any form whatsoever must retain the following |
36 | | * acknowledgment: |
37 | | * "This product includes software developed by the OpenSSL Project |
38 | | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
39 | | * |
40 | | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
41 | | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
42 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
43 | | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
44 | | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
45 | | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
46 | | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
47 | | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
48 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
49 | | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
50 | | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
51 | | * OF THE POSSIBILITY OF SUCH DAMAGE. |
52 | | * ==================================================================== |
53 | | * |
54 | | * This product includes cryptographic software written by Eric Young |
55 | | * (eay@cryptsoft.com). This product includes software written by Tim |
56 | | * Hudson (tjh@cryptsoft.com). |
57 | | * |
58 | | */ |
59 | | |
60 | | #include <stdio.h> |
61 | | #define USE_SOCKETS |
62 | | #include <openssl/objects.h> |
63 | | #include "ssl_locl.h" |
64 | | |
65 | | #if defined(OPENSSL_SYS_VMS) |
66 | | # include <sys/timeb.h> |
67 | | #endif |
68 | | |
69 | | static void get_current_time(struct timeval *t); |
70 | | static void dtls1_set_handshake_header(SSL *s, int type, unsigned long len); |
71 | | static int dtls1_handshake_write(SSL *s); |
72 | | const char dtls1_version_str[] = "DTLSv1" OPENSSL_VERSION_PTEXT; |
73 | | int dtls1_listen(SSL *s, struct sockaddr *client); |
74 | | |
75 | | SSL3_ENC_METHOD DTLSv1_enc_data = { |
76 | | tls1_enc, |
77 | | tls1_mac, |
78 | | tls1_setup_key_block, |
79 | | tls1_generate_master_secret, |
80 | | tls1_change_cipher_state, |
81 | | tls1_final_finish_mac, |
82 | | TLS1_FINISH_MAC_LENGTH, |
83 | | tls1_cert_verify_mac, |
84 | | TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, |
85 | | TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, |
86 | | tls1_alert_code, |
87 | | tls1_export_keying_material, |
88 | | SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV, |
89 | | DTLS1_HM_HEADER_LENGTH, |
90 | | dtls1_set_handshake_header, |
91 | | dtls1_handshake_write |
92 | | }; |
93 | | |
94 | | SSL3_ENC_METHOD DTLSv1_2_enc_data = { |
95 | | tls1_enc, |
96 | | tls1_mac, |
97 | | tls1_setup_key_block, |
98 | | tls1_generate_master_secret, |
99 | | tls1_change_cipher_state, |
100 | | tls1_final_finish_mac, |
101 | | TLS1_FINISH_MAC_LENGTH, |
102 | | tls1_cert_verify_mac, |
103 | | TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, |
104 | | TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, |
105 | | tls1_alert_code, |
106 | | tls1_export_keying_material, |
107 | | SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS |
108 | | | SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS, |
109 | | DTLS1_HM_HEADER_LENGTH, |
110 | | dtls1_set_handshake_header, |
111 | | dtls1_handshake_write |
112 | | }; |
113 | | |
114 | | long dtls1_default_timeout(void) |
115 | 0 | { |
116 | | /* |
117 | | * 2 hours, the 24 hours mentioned in the DTLSv1 spec is way too long for |
118 | | * http, the cache would over fill |
119 | | */ |
120 | 0 | return (60 * 60 * 2); |
121 | 0 | } |
122 | | |
123 | | int dtls1_new(SSL *s) |
124 | 0 | { |
125 | 0 | DTLS1_STATE *d1; |
126 | |
|
127 | 0 | if (!ssl3_new(s)) |
128 | 0 | return (0); |
129 | 0 | if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) |
130 | 0 | return (0); |
131 | 0 | memset(d1, 0, sizeof *d1); |
132 | | |
133 | | /* d1->handshake_epoch=0; */ |
134 | |
|
135 | 0 | d1->unprocessed_rcds.q = pqueue_new(); |
136 | 0 | d1->processed_rcds.q = pqueue_new(); |
137 | 0 | d1->buffered_messages = pqueue_new(); |
138 | 0 | d1->sent_messages = pqueue_new(); |
139 | 0 | d1->buffered_app_data.q = pqueue_new(); |
140 | |
|
141 | 0 | if (s->server) { |
142 | 0 | d1->cookie_len = sizeof(s->d1->cookie); |
143 | 0 | } |
144 | |
|
145 | 0 | d1->link_mtu = 0; |
146 | 0 | d1->mtu = 0; |
147 | |
|
148 | 0 | if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q |
149 | 0 | || !d1->buffered_messages || !d1->sent_messages |
150 | 0 | || !d1->buffered_app_data.q) { |
151 | 0 | if (d1->unprocessed_rcds.q) |
152 | 0 | pqueue_free(d1->unprocessed_rcds.q); |
153 | 0 | if (d1->processed_rcds.q) |
154 | 0 | pqueue_free(d1->processed_rcds.q); |
155 | 0 | if (d1->buffered_messages) |
156 | 0 | pqueue_free(d1->buffered_messages); |
157 | 0 | if (d1->sent_messages) |
158 | 0 | pqueue_free(d1->sent_messages); |
159 | 0 | if (d1->buffered_app_data.q) |
160 | 0 | pqueue_free(d1->buffered_app_data.q); |
161 | 0 | OPENSSL_free(d1); |
162 | 0 | return (0); |
163 | 0 | } |
164 | | |
165 | 0 | s->d1 = d1; |
166 | 0 | s->method->ssl_clear(s); |
167 | 0 | return (1); |
168 | 0 | } |
169 | | |
170 | | static void dtls1_clear_queues(SSL *s) |
171 | 0 | { |
172 | 0 | pitem *item = NULL; |
173 | 0 | DTLS1_RECORD_DATA *rdata; |
174 | |
|
175 | 0 | while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { |
176 | 0 | rdata = (DTLS1_RECORD_DATA *)item->data; |
177 | 0 | if (rdata->rbuf.buf) { |
178 | 0 | OPENSSL_free(rdata->rbuf.buf); |
179 | 0 | } |
180 | 0 | OPENSSL_free(item->data); |
181 | 0 | pitem_free(item); |
182 | 0 | } |
183 | |
|
184 | 0 | while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { |
185 | 0 | rdata = (DTLS1_RECORD_DATA *)item->data; |
186 | 0 | if (rdata->rbuf.buf) { |
187 | 0 | OPENSSL_free(rdata->rbuf.buf); |
188 | 0 | } |
189 | 0 | OPENSSL_free(item->data); |
190 | 0 | pitem_free(item); |
191 | 0 | } |
192 | |
|
193 | 0 | while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) { |
194 | 0 | rdata = (DTLS1_RECORD_DATA *)item->data; |
195 | 0 | if (rdata->rbuf.buf) { |
196 | 0 | OPENSSL_free(rdata->rbuf.buf); |
197 | 0 | } |
198 | 0 | OPENSSL_free(item->data); |
199 | 0 | pitem_free(item); |
200 | 0 | } |
201 | |
|
202 | 0 | dtls1_clear_received_buffer(s); |
203 | 0 | dtls1_clear_sent_buffer(s); |
204 | 0 | } |
205 | | |
206 | | void dtls1_clear_received_buffer(SSL *s) |
207 | 0 | { |
208 | 0 | pitem *item = NULL; |
209 | 0 | hm_fragment *frag = NULL; |
210 | |
|
211 | 0 | while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) { |
212 | 0 | frag = (hm_fragment *)item->data; |
213 | 0 | dtls1_hm_fragment_free(frag); |
214 | 0 | pitem_free(item); |
215 | 0 | } |
216 | 0 | } |
217 | | |
218 | | void dtls1_clear_sent_buffer(SSL *s) |
219 | 0 | { |
220 | 0 | pitem *item = NULL; |
221 | 0 | hm_fragment *frag = NULL; |
222 | |
|
223 | 0 | while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) { |
224 | 0 | frag = (hm_fragment *)item->data; |
225 | 0 | dtls1_hm_fragment_free(frag); |
226 | 0 | pitem_free(item); |
227 | 0 | } |
228 | 0 | } |
229 | | |
230 | | |
231 | | void dtls1_free(SSL *s) |
232 | 0 | { |
233 | 0 | ssl3_free(s); |
234 | |
|
235 | 0 | dtls1_clear_queues(s); |
236 | |
|
237 | 0 | pqueue_free(s->d1->unprocessed_rcds.q); |
238 | 0 | pqueue_free(s->d1->processed_rcds.q); |
239 | 0 | pqueue_free(s->d1->buffered_messages); |
240 | 0 | pqueue_free(s->d1->sent_messages); |
241 | 0 | pqueue_free(s->d1->buffered_app_data.q); |
242 | |
|
243 | 0 | OPENSSL_free(s->d1); |
244 | 0 | s->d1 = NULL; |
245 | 0 | } |
246 | | |
247 | | void dtls1_clear(SSL *s) |
248 | 0 | { |
249 | 0 | pqueue unprocessed_rcds; |
250 | 0 | pqueue processed_rcds; |
251 | 0 | pqueue buffered_messages; |
252 | 0 | pqueue sent_messages; |
253 | 0 | pqueue buffered_app_data; |
254 | 0 | unsigned int mtu; |
255 | 0 | unsigned int link_mtu; |
256 | |
|
257 | 0 | if (s->d1) { |
258 | 0 | unprocessed_rcds = s->d1->unprocessed_rcds.q; |
259 | 0 | processed_rcds = s->d1->processed_rcds.q; |
260 | 0 | buffered_messages = s->d1->buffered_messages; |
261 | 0 | sent_messages = s->d1->sent_messages; |
262 | 0 | buffered_app_data = s->d1->buffered_app_data.q; |
263 | 0 | mtu = s->d1->mtu; |
264 | 0 | link_mtu = s->d1->link_mtu; |
265 | |
|
266 | 0 | dtls1_clear_queues(s); |
267 | |
|
268 | 0 | memset(s->d1, 0, sizeof(*(s->d1))); |
269 | |
|
270 | 0 | if (s->server) { |
271 | 0 | s->d1->cookie_len = sizeof(s->d1->cookie); |
272 | 0 | } |
273 | |
|
274 | 0 | if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { |
275 | 0 | s->d1->mtu = mtu; |
276 | 0 | s->d1->link_mtu = link_mtu; |
277 | 0 | } |
278 | |
|
279 | 0 | s->d1->unprocessed_rcds.q = unprocessed_rcds; |
280 | 0 | s->d1->processed_rcds.q = processed_rcds; |
281 | 0 | s->d1->buffered_messages = buffered_messages; |
282 | 0 | s->d1->sent_messages = sent_messages; |
283 | 0 | s->d1->buffered_app_data.q = buffered_app_data; |
284 | 0 | } |
285 | |
|
286 | 0 | ssl3_clear(s); |
287 | 0 | if (s->options & SSL_OP_CISCO_ANYCONNECT) |
288 | 0 | s->client_version = s->version = DTLS1_BAD_VER; |
289 | 0 | else if (s->method->version == DTLS_ANY_VERSION) |
290 | 0 | s->version = DTLS1_2_VERSION; |
291 | 0 | else |
292 | 0 | s->version = s->method->version; |
293 | 0 | } |
294 | | |
295 | | long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) |
296 | 0 | { |
297 | 0 | int ret = 0; |
298 | |
|
299 | 0 | switch (cmd) { |
300 | 0 | case DTLS_CTRL_GET_TIMEOUT: |
301 | 0 | if (dtls1_get_timeout(s, (struct timeval *)parg) != NULL) { |
302 | 0 | ret = 1; |
303 | 0 | } |
304 | 0 | break; |
305 | 0 | case DTLS_CTRL_HANDLE_TIMEOUT: |
306 | 0 | ret = dtls1_handle_timeout(s); |
307 | 0 | break; |
308 | 0 | case DTLS_CTRL_LISTEN: |
309 | 0 | ret = dtls1_listen(s, parg); |
310 | 0 | break; |
311 | 0 | case SSL_CTRL_CHECK_PROTO_VERSION: |
312 | | /* |
313 | | * For library-internal use; checks that the current protocol is the |
314 | | * highest enabled version (according to s->ctx->method, as version |
315 | | * negotiation may have changed s->method). |
316 | | */ |
317 | 0 | if (s->version == s->ctx->method->version) |
318 | 0 | return 1; |
319 | | /* |
320 | | * Apparently we're using a version-flexible SSL_METHOD (not at its |
321 | | * highest protocol version). |
322 | | */ |
323 | 0 | if (s->ctx->method->version == DTLS_method()->version) { |
324 | | #if DTLS_MAX_VERSION != DTLS1_2_VERSION |
325 | | # error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION. |
326 | | #endif |
327 | 0 | if (!(s->options & SSL_OP_NO_DTLSv1_2)) |
328 | 0 | return s->version == DTLS1_2_VERSION; |
329 | 0 | if (!(s->options & SSL_OP_NO_DTLSv1)) |
330 | 0 | return s->version == DTLS1_VERSION; |
331 | 0 | } |
332 | 0 | return 0; /* Unexpected state; fail closed. */ |
333 | 0 | case DTLS_CTRL_SET_LINK_MTU: |
334 | 0 | if (larg < (long)dtls1_link_min_mtu()) |
335 | 0 | return 0; |
336 | 0 | s->d1->link_mtu = larg; |
337 | 0 | return 1; |
338 | 0 | case DTLS_CTRL_GET_LINK_MIN_MTU: |
339 | 0 | return (long)dtls1_link_min_mtu(); |
340 | 0 | case SSL_CTRL_SET_MTU: |
341 | | /* |
342 | | * We may not have a BIO set yet so can't call dtls1_min_mtu() |
343 | | * We'll have to make do with dtls1_link_min_mtu() and max overhead |
344 | | */ |
345 | 0 | if (larg < (long)dtls1_link_min_mtu() - DTLS1_MAX_MTU_OVERHEAD) |
346 | 0 | return 0; |
347 | 0 | s->d1->mtu = larg; |
348 | 0 | return larg; |
349 | 0 | default: |
350 | 0 | ret = ssl3_ctrl(s, cmd, larg, parg); |
351 | 0 | break; |
352 | 0 | } |
353 | 0 | return (ret); |
354 | 0 | } |
355 | | |
356 | | /* |
357 | | * As it's impossible to use stream ciphers in "datagram" mode, this |
358 | | * simple filter is designed to disengage them in DTLS. Unfortunately |
359 | | * there is no universal way to identify stream SSL_CIPHER, so we have |
360 | | * to explicitly list their SSL_* codes. Currently RC4 is the only one |
361 | | * available, but if new ones emerge, they will have to be added... |
362 | | */ |
363 | | const SSL_CIPHER *dtls1_get_cipher(unsigned int u) |
364 | 0 | { |
365 | 0 | const SSL_CIPHER *ciph = ssl3_get_cipher(u); |
366 | |
|
367 | 0 | if (ciph != NULL) { |
368 | 0 | if (ciph->algorithm_enc == SSL_RC4) |
369 | 0 | return NULL; |
370 | 0 | } |
371 | | |
372 | 0 | return ciph; |
373 | 0 | } |
374 | | |
375 | | void dtls1_start_timer(SSL *s) |
376 | 0 | { |
377 | | #ifndef OPENSSL_NO_SCTP |
378 | | /* Disable timer for SCTP */ |
379 | | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { |
380 | | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); |
381 | | return; |
382 | | } |
383 | | #endif |
384 | | |
385 | | /* If timer is not set, initialize duration with 1 second */ |
386 | 0 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { |
387 | 0 | s->d1->timeout_duration = 1; |
388 | 0 | } |
389 | | |
390 | | /* Set timeout to current time */ |
391 | 0 | get_current_time(&(s->d1->next_timeout)); |
392 | | |
393 | | /* Add duration to current time */ |
394 | 0 | s->d1->next_timeout.tv_sec += s->d1->timeout_duration; |
395 | 0 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, |
396 | 0 | &(s->d1->next_timeout)); |
397 | 0 | } |
398 | | |
399 | | struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft) |
400 | 0 | { |
401 | 0 | struct timeval timenow; |
402 | | |
403 | | /* If no timeout is set, just return NULL */ |
404 | 0 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { |
405 | 0 | return NULL; |
406 | 0 | } |
407 | | |
408 | | /* Get current time */ |
409 | 0 | get_current_time(&timenow); |
410 | | |
411 | | /* If timer already expired, set remaining time to 0 */ |
412 | 0 | if (s->d1->next_timeout.tv_sec < timenow.tv_sec || |
413 | 0 | (s->d1->next_timeout.tv_sec == timenow.tv_sec && |
414 | 0 | s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { |
415 | 0 | memset(timeleft, 0, sizeof(struct timeval)); |
416 | 0 | return timeleft; |
417 | 0 | } |
418 | | |
419 | | /* Calculate time left until timer expires */ |
420 | 0 | memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); |
421 | 0 | timeleft->tv_sec -= timenow.tv_sec; |
422 | 0 | timeleft->tv_usec -= timenow.tv_usec; |
423 | 0 | if (timeleft->tv_usec < 0) { |
424 | 0 | timeleft->tv_sec--; |
425 | 0 | timeleft->tv_usec += 1000000; |
426 | 0 | } |
427 | | |
428 | | /* |
429 | | * If remaining time is less than 15 ms, set it to 0 to prevent issues |
430 | | * because of small devergences with socket timeouts. |
431 | | */ |
432 | 0 | if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) { |
433 | 0 | memset(timeleft, 0, sizeof(struct timeval)); |
434 | 0 | } |
435 | |
|
436 | 0 | return timeleft; |
437 | 0 | } |
438 | | |
439 | | int dtls1_is_timer_expired(SSL *s) |
440 | 0 | { |
441 | 0 | struct timeval timeleft; |
442 | | |
443 | | /* Get time left until timeout, return false if no timer running */ |
444 | 0 | if (dtls1_get_timeout(s, &timeleft) == NULL) { |
445 | 0 | return 0; |
446 | 0 | } |
447 | | |
448 | | /* Return false if timer is not expired yet */ |
449 | 0 | if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) { |
450 | 0 | return 0; |
451 | 0 | } |
452 | | |
453 | | /* Timer expired, so return true */ |
454 | 0 | return 1; |
455 | 0 | } |
456 | | |
457 | | void dtls1_double_timeout(SSL *s) |
458 | 0 | { |
459 | 0 | s->d1->timeout_duration *= 2; |
460 | 0 | if (s->d1->timeout_duration > 60) |
461 | 0 | s->d1->timeout_duration = 60; |
462 | 0 | dtls1_start_timer(s); |
463 | 0 | } |
464 | | |
465 | | void dtls1_stop_timer(SSL *s) |
466 | 0 | { |
467 | | /* Reset everything */ |
468 | 0 | memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); |
469 | 0 | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); |
470 | 0 | s->d1->timeout_duration = 1; |
471 | 0 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, |
472 | 0 | &(s->d1->next_timeout)); |
473 | | /* Clear retransmission buffer */ |
474 | 0 | dtls1_clear_sent_buffer(s); |
475 | 0 | } |
476 | | |
477 | | int dtls1_check_timeout_num(SSL *s) |
478 | 0 | { |
479 | 0 | unsigned int mtu; |
480 | |
|
481 | 0 | s->d1->timeout.num_alerts++; |
482 | | |
483 | | /* Reduce MTU after 2 unsuccessful retransmissions */ |
484 | 0 | if (s->d1->timeout.num_alerts > 2 |
485 | 0 | && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { |
486 | 0 | mtu = |
487 | 0 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, |
488 | 0 | NULL); |
489 | 0 | if (mtu < s->d1->mtu) |
490 | 0 | s->d1->mtu = mtu; |
491 | 0 | } |
492 | |
|
493 | 0 | if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { |
494 | | /* fail the connection, enough alerts have been sent */ |
495 | 0 | SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED); |
496 | 0 | return -1; |
497 | 0 | } |
498 | | |
499 | 0 | return 0; |
500 | 0 | } |
501 | | |
502 | | int dtls1_handle_timeout(SSL *s) |
503 | 0 | { |
504 | | /* if no timer is expired, don't do anything */ |
505 | 0 | if (!dtls1_is_timer_expired(s)) { |
506 | 0 | return 0; |
507 | 0 | } |
508 | | |
509 | 0 | dtls1_double_timeout(s); |
510 | |
|
511 | 0 | if (dtls1_check_timeout_num(s) < 0) |
512 | 0 | return -1; |
513 | | |
514 | 0 | s->d1->timeout.read_timeouts++; |
515 | 0 | if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { |
516 | 0 | s->d1->timeout.read_timeouts = 1; |
517 | 0 | } |
518 | 0 | #ifndef OPENSSL_NO_HEARTBEATS |
519 | 0 | if (s->tlsext_hb_pending) { |
520 | 0 | s->tlsext_hb_pending = 0; |
521 | 0 | return dtls1_heartbeat(s); |
522 | 0 | } |
523 | 0 | #endif |
524 | | |
525 | 0 | dtls1_start_timer(s); |
526 | 0 | return dtls1_retransmit_buffered_messages(s); |
527 | 0 | } |
528 | | |
529 | | static void get_current_time(struct timeval *t) |
530 | 0 | { |
531 | | #if defined(_WIN32) |
532 | | SYSTEMTIME st; |
533 | | union { |
534 | | unsigned __int64 ul; |
535 | | FILETIME ft; |
536 | | } now; |
537 | | |
538 | | GetSystemTime(&st); |
539 | | SystemTimeToFileTime(&st, &now.ft); |
540 | | # ifdef __MINGW32__ |
541 | | now.ul -= 116444736000000000ULL; |
542 | | # else |
543 | | now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */ |
544 | | # endif |
545 | | t->tv_sec = (long)(now.ul / 10000000); |
546 | | t->tv_usec = ((int)(now.ul % 10000000)) / 10; |
547 | | #elif defined(OPENSSL_SYS_VMS) |
548 | | struct timeb tb; |
549 | | ftime(&tb); |
550 | | t->tv_sec = (long)tb.time; |
551 | | t->tv_usec = (long)tb.millitm * 1000; |
552 | | #else |
553 | 0 | gettimeofday(t, NULL); |
554 | 0 | #endif |
555 | 0 | } |
556 | | |
557 | | int dtls1_listen(SSL *s, struct sockaddr *client) |
558 | 0 | { |
559 | 0 | int ret; |
560 | | |
561 | | /* Ensure there is no state left over from a previous invocation */ |
562 | 0 | SSL_clear(s); |
563 | |
|
564 | 0 | SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); |
565 | 0 | s->d1->listen = 1; |
566 | |
|
567 | 0 | ret = SSL_accept(s); |
568 | 0 | if (ret <= 0) |
569 | 0 | return ret; |
570 | | |
571 | 0 | (void)BIO_dgram_get_peer(SSL_get_rbio(s), client); |
572 | 0 | return 1; |
573 | 0 | } |
574 | | |
575 | | static void dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) |
576 | 0 | { |
577 | 0 | unsigned char *p = (unsigned char *)s->init_buf->data; |
578 | 0 | dtls1_set_message_header(s, p, htype, len, 0, len); |
579 | 0 | s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH; |
580 | 0 | s->init_off = 0; |
581 | | /* Buffer the message to handle re-xmits */ |
582 | 0 | dtls1_buffer_message(s, 0); |
583 | 0 | } |
584 | | |
585 | | static int dtls1_handshake_write(SSL *s) |
586 | 0 | { |
587 | 0 | return dtls1_do_write(s, SSL3_RT_HANDSHAKE); |
588 | 0 | } |