2
0

d1_lib.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450
  1. /* ssl/d1_lib.c */
  2. /*
  3. * DTLS implementation written by Nagendra Modadugu
  4. * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
  5. */
  6. /* ====================================================================
  7. * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
  8. *
  9. * Redistribution and use in source and binary forms, with or without
  10. * modification, are permitted provided that the following conditions
  11. * are met:
  12. *
  13. * 1. Redistributions of source code must retain the above copyright
  14. * notice, this list of conditions and the following disclaimer.
  15. *
  16. * 2. Redistributions in binary form must reproduce the above copyright
  17. * notice, this list of conditions and the following disclaimer in
  18. * the documentation and/or other materials provided with the
  19. * distribution.
  20. *
  21. * 3. All advertising materials mentioning features or use of this
  22. * software must display the following acknowledgment:
  23. * "This product includes software developed by the OpenSSL Project
  24. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25. *
  26. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27. * endorse or promote products derived from this software without
  28. * prior written permission. For written permission, please contact
  29. * openssl-core@OpenSSL.org.
  30. *
  31. * 5. Products derived from this software may not be called "OpenSSL"
  32. * nor may "OpenSSL" appear in their names without prior written
  33. * permission of the OpenSSL Project.
  34. *
  35. * 6. Redistributions of any form whatsoever must retain the following
  36. * acknowledgment:
  37. * "This product includes software developed by the OpenSSL Project
  38. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39. *
  40. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51. * OF THE POSSIBILITY OF SUCH DAMAGE.
  52. * ====================================================================
  53. *
  54. * This product includes cryptographic software written by Eric Young
  55. * (eay@cryptsoft.com). This product includes software written by Tim
  56. * Hudson (tjh@cryptsoft.com).
  57. *
  58. */
  59. #include <stdio.h>
  60. #define USE_SOCKETS
  61. #include <openssl/objects.h>
  62. #include "ssl_locl.h"
  63. #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
  64. #include <sys/timeb.h>
  65. #endif
  66. static void get_current_time(struct timeval *t);
  67. const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
  68. int dtls1_listen(SSL *s, struct sockaddr *client);
  69. SSL3_ENC_METHOD DTLSv1_enc_data={
  70. dtls1_enc,
  71. tls1_mac,
  72. tls1_setup_key_block,
  73. tls1_generate_master_secret,
  74. tls1_change_cipher_state,
  75. tls1_final_finish_mac,
  76. TLS1_FINISH_MAC_LENGTH,
  77. tls1_cert_verify_mac,
  78. TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
  79. TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
  80. tls1_alert_code,
  81. };
  82. long dtls1_default_timeout(void)
  83. {
  84. /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
  85. * is way too long for http, the cache would over fill */
  86. return(60*60*2);
  87. }
  88. int dtls1_new(SSL *s)
  89. {
  90. DTLS1_STATE *d1;
  91. if (!ssl3_new(s)) return(0);
  92. if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
  93. memset(d1,0, sizeof *d1);
  94. /* d1->handshake_epoch=0; */
  95. d1->unprocessed_rcds.q=pqueue_new();
  96. d1->processed_rcds.q=pqueue_new();
  97. d1->buffered_messages = pqueue_new();
  98. d1->sent_messages=pqueue_new();
  99. d1->buffered_app_data.q=pqueue_new();
  100. if ( s->server)
  101. {
  102. d1->cookie_len = sizeof(s->d1->cookie);
  103. }
  104. if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
  105. || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
  106. {
  107. if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
  108. if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
  109. if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
  110. if ( d1->sent_messages) pqueue_free(d1->sent_messages);
  111. if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);
  112. OPENSSL_free(d1);
  113. return (0);
  114. }
  115. s->d1=d1;
  116. s->method->ssl_clear(s);
  117. return(1);
  118. }
  119. static void dtls1_clear_queues(SSL *s)
  120. {
  121. pitem *item = NULL;
  122. hm_fragment *frag = NULL;
  123. DTLS1_RECORD_DATA *rdata;
  124. while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
  125. {
  126. rdata = (DTLS1_RECORD_DATA *) item->data;
  127. if (rdata->rbuf.buf)
  128. {
  129. OPENSSL_free(rdata->rbuf.buf);
  130. }
  131. OPENSSL_free(item->data);
  132. pitem_free(item);
  133. }
  134. while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
  135. {
  136. rdata = (DTLS1_RECORD_DATA *) item->data;
  137. if (rdata->rbuf.buf)
  138. {
  139. OPENSSL_free(rdata->rbuf.buf);
  140. }
  141. OPENSSL_free(item->data);
  142. pitem_free(item);
  143. }
  144. while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
  145. {
  146. frag = (hm_fragment *)item->data;
  147. OPENSSL_free(frag->fragment);
  148. OPENSSL_free(frag);
  149. pitem_free(item);
  150. }
  151. while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
  152. {
  153. frag = (hm_fragment *)item->data;
  154. OPENSSL_free(frag->fragment);
  155. OPENSSL_free(frag);
  156. pitem_free(item);
  157. }
  158. while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
  159. {
  160. frag = (hm_fragment *)item->data;
  161. OPENSSL_free(frag->fragment);
  162. OPENSSL_free(frag);
  163. pitem_free(item);
  164. }
  165. }
  166. void dtls1_free(SSL *s)
  167. {
  168. ssl3_free(s);
  169. dtls1_clear_queues(s);
  170. pqueue_free(s->d1->unprocessed_rcds.q);
  171. pqueue_free(s->d1->processed_rcds.q);
  172. pqueue_free(s->d1->buffered_messages);
  173. pqueue_free(s->d1->sent_messages);
  174. pqueue_free(s->d1->buffered_app_data.q);
  175. OPENSSL_free(s->d1);
  176. }
  177. void dtls1_clear(SSL *s)
  178. {
  179. pqueue unprocessed_rcds;
  180. pqueue processed_rcds;
  181. pqueue buffered_messages;
  182. pqueue sent_messages;
  183. pqueue buffered_app_data;
  184. unsigned int mtu;
  185. if (s->d1)
  186. {
  187. unprocessed_rcds = s->d1->unprocessed_rcds.q;
  188. processed_rcds = s->d1->processed_rcds.q;
  189. buffered_messages = s->d1->buffered_messages;
  190. sent_messages = s->d1->sent_messages;
  191. buffered_app_data = s->d1->buffered_app_data.q;
  192. mtu = s->d1->mtu;
  193. dtls1_clear_queues(s);
  194. memset(s->d1, 0, sizeof(*(s->d1)));
  195. if (s->server)
  196. {
  197. s->d1->cookie_len = sizeof(s->d1->cookie);
  198. }
  199. if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
  200. {
  201. s->d1->mtu = mtu;
  202. }
  203. s->d1->unprocessed_rcds.q = unprocessed_rcds;
  204. s->d1->processed_rcds.q = processed_rcds;
  205. s->d1->buffered_messages = buffered_messages;
  206. s->d1->sent_messages = sent_messages;
  207. s->d1->buffered_app_data.q = buffered_app_data;
  208. }
  209. ssl3_clear(s);
  210. if (s->options & SSL_OP_CISCO_ANYCONNECT)
  211. s->version=DTLS1_BAD_VER;
  212. else
  213. s->version=DTLS1_VERSION;
  214. }
  215. long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
  216. {
  217. int ret=0;
  218. switch (cmd)
  219. {
  220. case DTLS_CTRL_GET_TIMEOUT:
  221. if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL)
  222. {
  223. ret = 1;
  224. }
  225. break;
  226. case DTLS_CTRL_HANDLE_TIMEOUT:
  227. ret = dtls1_handle_timeout(s);
  228. break;
  229. case DTLS_CTRL_LISTEN:
  230. ret = dtls1_listen(s, parg);
  231. break;
  232. default:
  233. ret = ssl3_ctrl(s, cmd, larg, parg);
  234. break;
  235. }
  236. return(ret);
  237. }
  238. /*
  239. * As it's impossible to use stream ciphers in "datagram" mode, this
  240. * simple filter is designed to disengage them in DTLS. Unfortunately
  241. * there is no universal way to identify stream SSL_CIPHER, so we have
  242. * to explicitly list their SSL_* codes. Currently RC4 is the only one
  243. * available, but if new ones emerge, they will have to be added...
  244. */
  245. const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
  246. {
  247. const SSL_CIPHER *ciph = ssl3_get_cipher(u);
  248. if (ciph != NULL)
  249. {
  250. if (ciph->algorithm_enc == SSL_RC4)
  251. return NULL;
  252. }
  253. return ciph;
  254. }
  255. void dtls1_start_timer(SSL *s)
  256. {
  257. /* If timer is not set, initialize duration with 1 second */
  258. if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
  259. {
  260. s->d1->timeout_duration = 1;
  261. }
  262. /* Set timeout to current time */
  263. get_current_time(&(s->d1->next_timeout));
  264. /* Add duration to current time */
  265. s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
  266. BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
  267. }
  268. struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
  269. {
  270. struct timeval timenow;
  271. /* If no timeout is set, just return NULL */
  272. if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
  273. {
  274. return NULL;
  275. }
  276. /* Get current time */
  277. get_current_time(&timenow);
  278. /* If timer already expired, set remaining time to 0 */
  279. if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
  280. (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
  281. s->d1->next_timeout.tv_usec <= timenow.tv_usec))
  282. {
  283. memset(timeleft, 0, sizeof(struct timeval));
  284. return timeleft;
  285. }
  286. /* Calculate time left until timer expires */
  287. memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
  288. timeleft->tv_sec -= timenow.tv_sec;
  289. timeleft->tv_usec -= timenow.tv_usec;
  290. if (timeleft->tv_usec < 0)
  291. {
  292. timeleft->tv_sec--;
  293. timeleft->tv_usec += 1000000;
  294. }
  295. /* If remaining time is less than 15 ms, set it to 0
  296. * to prevent issues because of small devergences with
  297. * socket timeouts.
  298. */
  299. if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
  300. {
  301. memset(timeleft, 0, sizeof(struct timeval));
  302. }
  303. return timeleft;
  304. }
  305. int dtls1_is_timer_expired(SSL *s)
  306. {
  307. struct timeval timeleft;
  308. /* Get time left until timeout, return false if no timer running */
  309. if (dtls1_get_timeout(s, &timeleft) == NULL)
  310. {
  311. return 0;
  312. }
  313. /* Return false if timer is not expired yet */
  314. if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
  315. {
  316. return 0;
  317. }
  318. /* Timer expired, so return true */
  319. return 1;
  320. }
  321. void dtls1_double_timeout(SSL *s)
  322. {
  323. s->d1->timeout_duration *= 2;
  324. if (s->d1->timeout_duration > 60)
  325. s->d1->timeout_duration = 60;
  326. dtls1_start_timer(s);
  327. }
  328. void dtls1_stop_timer(SSL *s)
  329. {
  330. /* Reset everything */
  331. memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
  332. s->d1->timeout_duration = 1;
  333. BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
  334. /* Clear retransmission buffer */
  335. dtls1_clear_record_buffer(s);
  336. }
  337. int dtls1_handle_timeout(SSL *s)
  338. {
  339. DTLS1_STATE *state;
  340. /* if no timer is expired, don't do anything */
  341. if (!dtls1_is_timer_expired(s))
  342. {
  343. return 0;
  344. }
  345. dtls1_double_timeout(s);
  346. state = s->d1;
  347. state->timeout.num_alerts++;
  348. if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
  349. {
  350. /* fail the connection, enough alerts have been sent */
  351. SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
  352. return -1;
  353. }
  354. state->timeout.read_timeouts++;
  355. if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
  356. {
  357. state->timeout.read_timeouts = 1;
  358. }
  359. dtls1_start_timer(s);
  360. return dtls1_retransmit_buffered_messages(s);
  361. }
  362. static void get_current_time(struct timeval *t)
  363. {
  364. #ifdef OPENSSL_SYS_WIN32
  365. struct _timeb tb;
  366. _ftime(&tb);
  367. t->tv_sec = (long)tb.time;
  368. t->tv_usec = (long)tb.millitm * 1000;
  369. #elif defined(OPENSSL_SYS_VMS)
  370. struct timeb tb;
  371. ftime(&tb);
  372. t->tv_sec = (long)tb.time;
  373. t->tv_usec = (long)tb.millitm * 1000;
  374. #else
  375. gettimeofday(t, NULL);
  376. #endif
  377. }
  378. int dtls1_listen(SSL *s, struct sockaddr *client)
  379. {
  380. int ret;
  381. SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
  382. s->d1->listen = 1;
  383. ret = SSL_accept(s);
  384. if (ret <= 0) return ret;
  385. (void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
  386. return 1;
  387. }