| blob | 94acb15de63898058579601d145544fd9df12296 |
1 /* ssl/d1_lib.c */
2 /*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6 /* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
60 #include <stdio.h>
61 #define USE_SOCKETS
62 #include <openssl/objects.h>
65 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
66 # include <sys/timeb.h>
67 #endif
73 SSL3_ENC_METHOD DTLSv1_enc_data = {
74 dtls1_enc,
75 tls1_mac,
76 tls1_setup_key_block,
77 tls1_generate_master_secret,
78 tls1_change_cipher_state,
79 tls1_final_finish_mac,
80 TLS1_FINISH_MAC_LENGTH,
81 tls1_cert_verify_mac,
84 tls1_alert_code,
85 tls1_export_keying_material,
86 };
89 {
90 /*
91 * 2 hours, the 24 hours mentioned in the DTLSv1 spec is way too long for
92 * http, the cache would over fill
93 */
95 }
98 {
107 /* d1->handshake_epoch=0; */
117 }
137 }
142 }
145 {
154 }
157 }
163 }
166 }
172 }
178 }
184 }
187 }
188 }
191 {
204 }
207 {
208 pqueue unprocessed_rcds;
209 pqueue processed_rcds;
210 pqueue buffered_messages;
211 pqueue sent_messages;
212 pqueue buffered_app_data;
231 }
236 }
243 }
248 else
250 }
253 {
260 }
269 /*
270 * For library-internal use; checks that the current protocol is the
271 * highest enabled version (according to s->ctx->method, as version
272 * negotiation may have changed s->method).
273 */
274 #if DTLS_MAX_VERSION != DTLS1_VERSION
275 # error Code needs update for DTLS_method() support beyond DTLS1_VERSION.
276 #endif
277 /*
278 * Just one protocol version is supported so far; fail closed if the
279 * version is not as expected.
280 */
290 /*
291 * We may not have a BIO set yet so can't call dtls1_min_mtu()
292 * We'll have to make do with dtls1_link_min_mtu() and max overhead
293 */
301 }
303 }
305 /*
306 * As it's impossible to use stream ciphers in "datagram" mode, this
307 * simple filter is designed to disengage them in DTLS. Unfortunately
308 * there is no universal way to identify stream SSL_CIPHER, so we have
309 * to explicitly list their SSL_* codes. Currently RC4 is the only one
310 * available, but if new ones emerge, they will have to be added...
311 */
313 {
319 }
322 }
325 {
326 #ifndef OPENSSL_NO_SCTP
327 /* Disable timer for SCTP */
331 }
332 #endif
334 /* If timer is not set, initialize duration with 1 second */
337 }
339 /* Set timeout to current time */
342 /* Add duration to current time */
346 }
349 {
352 /* If no timeout is set, just return NULL */
355 }
357 /* Get current time */
360 /* If timer already expired, set remaining time to 0 */
366 }
368 /* Calculate time left until timer expires */
375 }
377 /*
378 * If remaining time is less than 15 ms, set it to 0 to prevent issues
379 * because of small devergences with socket timeouts.
380 */
383 }
386 }
389 {
392 /* Get time left until timeout, return false if no timer running */
395 }
397 /* Return false if timer is not expired yet */
400 }
402 /* Timer expired, so return true */
404 }
407 {
412 }
415 {
416 /* Reset everything */
422 /* Clear retransmission buffer */
424 }
427 {
432 /* Reduce MTU after 2 unsuccessful retransmissions */
435 mtu =
437 NULL);
440 }
443 /* fail the connection, enough alerts have been sent */
446 }
449 }
452 {
453 /* if no timer is expired, don't do anything */
456 }
466 }
467 #ifndef OPENSSL_NO_HEARTBEATS
471 }
472 #endif
476 }
479 {
480 #ifdef OPENSSL_SYS_WIN32
485 #elif defined(OPENSSL_SYS_VMS)
490 #else
492 #endif
493 }
496 {
508 }