d1_lib.c 5.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
  1. /* ssl/d1_lib.c */
  2. /*
  3. * DTLS implementation written by Nagendra Modadugu
  4. * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
  5. */
  6. /* ====================================================================
  7. * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
  8. *
  9. * Redistribution and use in source and binary forms, with or without
  10. * modification, are permitted provided that the following conditions
  11. * are met:
  12. *
  13. * 1. Redistributions of source code must retain the above copyright
  14. * notice, this list of conditions and the following disclaimer.
  15. *
  16. * 2. Redistributions in binary form must reproduce the above copyright
  17. * notice, this list of conditions and the following disclaimer in
  18. * the documentation and/or other materials provided with the
  19. * distribution.
  20. *
  21. * 3. All advertising materials mentioning features or use of this
  22. * software must display the following acknowledgment:
  23. * "This product includes software developed by the OpenSSL Project
  24. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25. *
  26. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27. * endorse or promote products derived from this software without
  28. * prior written permission. For written permission, please contact
  29. * openssl-core@OpenSSL.org.
  30. *
  31. * 5. Products derived from this software may not be called "OpenSSL"
  32. * nor may "OpenSSL" appear in their names without prior written
  33. * permission of the OpenSSL Project.
  34. *
  35. * 6. Redistributions of any form whatsoever must retain the following
  36. * acknowledgment:
  37. * "This product includes software developed by the OpenSSL Project
  38. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39. *
  40. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51. * OF THE POSSIBILITY OF SUCH DAMAGE.
  52. * ====================================================================
  53. *
  54. * This product includes cryptographic software written by Eric Young
  55. * (eay@cryptsoft.com). This product includes software written by Tim
  56. * Hudson (tjh@cryptsoft.com).
  57. *
  58. */
  59. #include <stdio.h>
  60. #include <openssl/objects.h>
  61. #include "ssl_locl.h"
  62. const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
  63. SSL3_ENC_METHOD DTLSv1_enc_data={
  64. dtls1_enc,
  65. tls1_mac,
  66. tls1_setup_key_block,
  67. tls1_generate_master_secret,
  68. tls1_change_cipher_state,
  69. tls1_final_finish_mac,
  70. TLS1_FINISH_MAC_LENGTH,
  71. tls1_cert_verify_mac,
  72. TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
  73. TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
  74. tls1_alert_code,
  75. };
  76. long dtls1_default_timeout(void)
  77. {
  78. /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
  79. * is way too long for http, the cache would over fill */
  80. return(60*60*2);
  81. }
  82. int dtls1_new(SSL *s)
  83. {
  84. DTLS1_STATE *d1;
  85. if (!ssl3_new(s)) return(0);
  86. if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
  87. memset(d1,0, sizeof *d1);
  88. /* d1->handshake_epoch=0; */
  89. d1->unprocessed_rcds.q=pqueue_new();
  90. d1->processed_rcds.q=pqueue_new();
  91. d1->buffered_messages = pqueue_new();
  92. d1->sent_messages=pqueue_new();
  93. if ( s->server)
  94. {
  95. d1->cookie_len = sizeof(s->d1->cookie);
  96. }
  97. if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
  98. || ! d1->buffered_messages || ! d1->sent_messages)
  99. {
  100. if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
  101. if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
  102. if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
  103. if ( d1->sent_messages) pqueue_free(d1->sent_messages);
  104. OPENSSL_free(d1);
  105. return (0);
  106. }
  107. s->d1=d1;
  108. s->method->ssl_clear(s);
  109. return(1);
  110. }
  111. void dtls1_free(SSL *s)
  112. {
  113. pitem *item = NULL;
  114. hm_fragment *frag = NULL;
  115. ssl3_free(s);
  116. while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
  117. {
  118. OPENSSL_free(item->data);
  119. pitem_free(item);
  120. }
  121. pqueue_free(s->d1->unprocessed_rcds.q);
  122. while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
  123. {
  124. OPENSSL_free(item->data);
  125. pitem_free(item);
  126. }
  127. pqueue_free(s->d1->processed_rcds.q);
  128. while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
  129. {
  130. frag = (hm_fragment *)item->data;
  131. OPENSSL_free(frag->fragment);
  132. OPENSSL_free(frag);
  133. pitem_free(item);
  134. }
  135. pqueue_free(s->d1->buffered_messages);
  136. while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
  137. {
  138. frag = (hm_fragment *)item->data;
  139. OPENSSL_free(frag->fragment);
  140. OPENSSL_free(frag);
  141. pitem_free(item);
  142. }
  143. pqueue_free(s->d1->sent_messages);
  144. OPENSSL_free(s->d1);
  145. }
  146. void dtls1_clear(SSL *s)
  147. {
  148. ssl3_clear(s);
  149. s->version=DTLS1_VERSION;
  150. }
  151. /*
  152. * As it's impossible to use stream ciphers in "datagram" mode, this
  153. * simple filter is designed to disengage them in DTLS. Unfortunately
  154. * there is no universal way to identify stream SSL_CIPHER, so we have
  155. * to explicitly list their SSL_* codes. Currently RC4 is the only one
  156. * available, but if new ones emerge, they will have to be added...
  157. */
  158. SSL_CIPHER *dtls1_get_cipher(unsigned int u)
  159. {
  160. SSL_CIPHER *ciph = ssl3_get_cipher(u);
  161. if (ciph != NULL)
  162. {
  163. if (ciph->algorithm_enc == SSL_RC4)
  164. return NULL;
  165. }
  166. return ciph;
  167. }