diff options
| author | jsing <> | 2014-04-14 14:16:33 +0000 |
|---|---|---|
| committer | jsing <> | 2014-04-14 14:16:33 +0000 |
| commit | 95692a60ee0169e369d59f82504e36ff376e13ba (patch) | |
| tree | d3a4c41549109f6de6427907f10589c02eec0d25 /src/lib/libssl/d1_lib.c | |
| parent | 72c1bd17672378115dcd5254ed88828e45357e7f (diff) | |
| download | openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.tar.gz openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.tar.bz2 openbsd-95692a60ee0169e369d59f82504e36ff376e13ba.zip | |
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using
tr and md5.
Diffstat (limited to 'src/lib/libssl/d1_lib.c')
| -rw-r--r-- | src/lib/libssl/d1_lib.c | 364 |
1 files changed, 180 insertions, 184 deletions
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index 750f83e04a..3da7c36545 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c | |||
| @@ -70,8 +70,8 @@ static void get_current_time(struct timeval *t); | |||
| 70 | const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; | 70 | const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; |
| 71 | int dtls1_listen(SSL *s, struct sockaddr *client); | 71 | int dtls1_listen(SSL *s, struct sockaddr *client); |
| 72 | 72 | ||
| 73 | SSL3_ENC_METHOD DTLSv1_enc_data={ | 73 | SSL3_ENC_METHOD DTLSv1_enc_data = { |
| 74 | dtls1_enc, | 74 | dtls1_enc, |
| 75 | tls1_mac, | 75 | tls1_mac, |
| 76 | tls1_setup_key_block, | 76 | tls1_setup_key_block, |
| 77 | tls1_generate_master_secret, | 77 | tls1_generate_master_secret, |
| @@ -79,137 +79,139 @@ SSL3_ENC_METHOD DTLSv1_enc_data={ | |||
| 79 | tls1_final_finish_mac, | 79 | tls1_final_finish_mac, |
| 80 | TLS1_FINISH_MAC_LENGTH, | 80 | TLS1_FINISH_MAC_LENGTH, |
| 81 | tls1_cert_verify_mac, | 81 | tls1_cert_verify_mac, |
| 82 | TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, | 82 | TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, |
| 83 | TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, | 83 | TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, |
| 84 | tls1_alert_code, | 84 | tls1_alert_code, |
| 85 | tls1_export_keying_material, | 85 | tls1_export_keying_material, |
| 86 | }; | 86 | }; |
| 87 | 87 | ||
| 88 | long dtls1_default_timeout(void) | 88 | long |
| 89 | { | 89 | dtls1_default_timeout(void) |
| 90 | { | ||
| 90 | /* 2 hours, the 24 hours mentioned in the DTLSv1 spec | 91 | /* 2 hours, the 24 hours mentioned in the DTLSv1 spec |
| 91 | * is way too long for http, the cache would over fill */ | 92 | * is way too long for http, the cache would over fill */ |
| 92 | return(60*60*2); | 93 | return (60*60*2); |
| 93 | } | 94 | } |
| 94 | 95 | ||
| 95 | int dtls1_new(SSL *s) | 96 | int |
| 96 | { | 97 | dtls1_new(SSL *s) |
| 98 | { | ||
| 97 | DTLS1_STATE *d1; | 99 | DTLS1_STATE *d1; |
| 98 | 100 | ||
| 99 | if (!ssl3_new(s)) return(0); | 101 | if (!ssl3_new(s)) |
| 100 | if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0); | 102 | return (0); |
| 101 | memset(d1,0, sizeof *d1); | 103 | if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) return (0); |
| 104 | memset(d1, 0, sizeof *d1); | ||
| 102 | 105 | ||
| 103 | /* d1->handshake_epoch=0; */ | 106 | /* d1->handshake_epoch=0; */ |
| 104 | 107 | ||
| 105 | d1->unprocessed_rcds.q=pqueue_new(); | 108 | d1->unprocessed_rcds.q = pqueue_new(); |
| 106 | d1->processed_rcds.q=pqueue_new(); | 109 | d1->processed_rcds.q = pqueue_new(); |
| 107 | d1->buffered_messages = pqueue_new(); | 110 | d1->buffered_messages = pqueue_new(); |
| 108 | d1->sent_messages=pqueue_new(); | 111 | d1->sent_messages = pqueue_new(); |
| 109 | d1->buffered_app_data.q=pqueue_new(); | 112 | d1->buffered_app_data.q = pqueue_new(); |
| 110 | 113 | ||
| 111 | if ( s->server) | 114 | if (s->server) { |
| 112 | { | ||
| 113 | d1->cookie_len = sizeof(s->d1->cookie); | 115 | d1->cookie_len = sizeof(s->d1->cookie); |
| 114 | } | 116 | } |
| 115 | 117 | ||
| 116 | if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q | 118 | if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q || |
| 117 | || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) | 119 | !d1->buffered_messages || !d1->sent_messages || |
| 118 | { | 120 | !d1->buffered_app_data.q) { |
| 119 | if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); | 121 | if (d1->unprocessed_rcds.q) |
| 120 | if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); | 122 | pqueue_free(d1->unprocessed_rcds.q); |
| 121 | if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); | 123 | if (d1->processed_rcds.q) |
| 122 | if ( d1->sent_messages) pqueue_free(d1->sent_messages); | 124 | pqueue_free(d1->processed_rcds.q); |
| 123 | if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); | 125 | if (d1->buffered_messages) |
| 126 | pqueue_free(d1->buffered_messages); | ||
| 127 | if (d1->sent_messages) | ||
| 128 | pqueue_free(d1->sent_messages); | ||
| 129 | if (d1->buffered_app_data.q) | ||
| 130 | pqueue_free(d1->buffered_app_data.q); | ||
| 124 | OPENSSL_free(d1); | 131 | OPENSSL_free(d1); |
| 125 | return (0); | 132 | return (0); |
| 126 | } | 133 | } |
| 127 | 134 | ||
| 128 | s->d1=d1; | 135 | s->d1 = d1; |
| 129 | s->method->ssl_clear(s); | 136 | s->method->ssl_clear(s); |
| 130 | return(1); | 137 | return (1); |
| 131 | } | 138 | } |
| 132 | 139 | ||
| 133 | static void dtls1_clear_queues(SSL *s) | 140 | static void |
| 134 | { | 141 | dtls1_clear_queues(SSL *s) |
| 135 | pitem *item = NULL; | 142 | { |
| 136 | hm_fragment *frag = NULL; | 143 | pitem *item = NULL; |
| 144 | hm_fragment *frag = NULL; | ||
| 137 | DTLS1_RECORD_DATA *rdata; | 145 | DTLS1_RECORD_DATA *rdata; |
| 138 | 146 | ||
| 139 | while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) | 147 | while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { |
| 140 | { | ||
| 141 | rdata = (DTLS1_RECORD_DATA *) item->data; | 148 | rdata = (DTLS1_RECORD_DATA *) item->data; |
| 142 | if (rdata->rbuf.buf) | 149 | if (rdata->rbuf.buf) { |
| 143 | { | ||
| 144 | OPENSSL_free(rdata->rbuf.buf); | 150 | OPENSSL_free(rdata->rbuf.buf); |
| 145 | } | 151 | } |
| 146 | OPENSSL_free(item->data); | 152 | OPENSSL_free(item->data); |
| 147 | pitem_free(item); | 153 | pitem_free(item); |
| 148 | } | 154 | } |
| 149 | 155 | ||
| 150 | while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) | 156 | while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { |
| 151 | { | ||
| 152 | rdata = (DTLS1_RECORD_DATA *) item->data; | 157 | rdata = (DTLS1_RECORD_DATA *) item->data; |
| 153 | if (rdata->rbuf.buf) | 158 | if (rdata->rbuf.buf) { |
| 154 | { | ||
| 155 | OPENSSL_free(rdata->rbuf.buf); | 159 | OPENSSL_free(rdata->rbuf.buf); |
| 156 | } | 160 | } |
| 157 | OPENSSL_free(item->data); | 161 | OPENSSL_free(item->data); |
| 158 | pitem_free(item); | 162 | pitem_free(item); |
| 159 | } | 163 | } |
| 160 | 164 | ||
| 161 | while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) | 165 | while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) { |
| 162 | { | ||
| 163 | frag = (hm_fragment *)item->data; | ||
| 164 | OPENSSL_free(frag->fragment); | ||
| 165 | OPENSSL_free(frag); | ||
| 166 | pitem_free(item); | ||
| 167 | } | ||
| 168 | |||
| 169 | while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) | ||
| 170 | { | ||
| 171 | frag = (hm_fragment *)item->data; | ||
| 172 | OPENSSL_free(frag->fragment); | ||
| 173 | OPENSSL_free(frag); | ||
| 174 | pitem_free(item); | ||
| 175 | } | ||
| 176 | |||
| 177 | while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) | ||
| 178 | { | ||
| 179 | frag = (hm_fragment *)item->data; | 166 | frag = (hm_fragment *)item->data; |
| 180 | OPENSSL_free(frag->fragment); | 167 | OPENSSL_free(frag->fragment); |
| 181 | OPENSSL_free(frag); | 168 | OPENSSL_free(frag); |
| 182 | pitem_free(item); | 169 | pitem_free(item); |
| 183 | } | ||
| 184 | } | 170 | } |
| 185 | 171 | ||
| 186 | void dtls1_free(SSL *s) | 172 | while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) { |
| 187 | { | 173 | frag = (hm_fragment *)item->data; |
| 174 | OPENSSL_free(frag->fragment); | ||
| 175 | OPENSSL_free(frag); | ||
| 176 | pitem_free(item); | ||
| 177 | } | ||
| 178 | |||
| 179 | while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) { | ||
| 180 | frag = (hm_fragment *)item->data; | ||
| 181 | OPENSSL_free(frag->fragment); | ||
| 182 | OPENSSL_free(frag); | ||
| 183 | pitem_free(item); | ||
| 184 | } | ||
| 185 | } | ||
| 186 | |||
| 187 | void | ||
| 188 | dtls1_free(SSL *s) | ||
| 189 | { | ||
| 188 | ssl3_free(s); | 190 | ssl3_free(s); |
| 189 | 191 | ||
| 190 | dtls1_clear_queues(s); | 192 | dtls1_clear_queues(s); |
| 191 | 193 | ||
| 192 | pqueue_free(s->d1->unprocessed_rcds.q); | 194 | pqueue_free(s->d1->unprocessed_rcds.q); |
| 193 | pqueue_free(s->d1->processed_rcds.q); | 195 | pqueue_free(s->d1->processed_rcds.q); |
| 194 | pqueue_free(s->d1->buffered_messages); | 196 | pqueue_free(s->d1->buffered_messages); |
| 195 | pqueue_free(s->d1->sent_messages); | 197 | pqueue_free(s->d1->sent_messages); |
| 196 | pqueue_free(s->d1->buffered_app_data.q); | 198 | pqueue_free(s->d1->buffered_app_data.q); |
| 197 | 199 | ||
| 198 | OPENSSL_free(s->d1); | 200 | OPENSSL_free(s->d1); |
| 199 | s->d1 = NULL; | 201 | s->d1 = NULL; |
| 200 | } | 202 | } |
| 201 | 203 | ||
| 202 | void dtls1_clear(SSL *s) | 204 | void |
| 203 | { | 205 | dtls1_clear(SSL *s) |
| 204 | pqueue unprocessed_rcds; | 206 | { |
| 205 | pqueue processed_rcds; | 207 | pqueue unprocessed_rcds; |
| 206 | pqueue buffered_messages; | 208 | pqueue processed_rcds; |
| 209 | pqueue buffered_messages; | ||
| 207 | pqueue sent_messages; | 210 | pqueue sent_messages; |
| 208 | pqueue buffered_app_data; | 211 | pqueue buffered_app_data; |
| 209 | unsigned int mtu; | 212 | unsigned int mtu; |
| 210 | 213 | ||
| 211 | if (s->d1) | 214 | if (s->d1) { |
| 212 | { | ||
| 213 | unprocessed_rcds = s->d1->unprocessed_rcds.q; | 215 | unprocessed_rcds = s->d1->unprocessed_rcds.q; |
| 214 | processed_rcds = s->d1->processed_rcds.q; | 216 | processed_rcds = s->d1->processed_rcds.q; |
| 215 | buffered_messages = s->d1->buffered_messages; | 217 | buffered_messages = s->d1->buffered_messages; |
| @@ -221,41 +223,38 @@ void dtls1_clear(SSL *s) | |||
| 221 | 223 | ||
| 222 | memset(s->d1, 0, sizeof(*(s->d1))); | 224 | memset(s->d1, 0, sizeof(*(s->d1))); |
| 223 | 225 | ||
| 224 | if (s->server) | 226 | if (s->server) { |
| 225 | { | ||
| 226 | s->d1->cookie_len = sizeof(s->d1->cookie); | 227 | s->d1->cookie_len = sizeof(s->d1->cookie); |
| 227 | } | 228 | } |
| 228 | 229 | ||
| 229 | if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) | 230 | if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { |
| 230 | { | ||
| 231 | s->d1->mtu = mtu; | 231 | s->d1->mtu = mtu; |
| 232 | } | 232 | } |
| 233 | 233 | ||
| 234 | s->d1->unprocessed_rcds.q = unprocessed_rcds; | 234 | s->d1->unprocessed_rcds.q = unprocessed_rcds; |
| 235 | s->d1->processed_rcds.q = processed_rcds; | 235 | s->d1->processed_rcds.q = processed_rcds; |
| 236 | s->d1->buffered_messages = buffered_messages; | 236 | s->d1->buffered_messages = buffered_messages; |
| 237 | s->d1->sent_messages = sent_messages; | 237 | s->d1->sent_messages = sent_messages; |
| 238 | s->d1->buffered_app_data.q = buffered_app_data; | 238 | s->d1->buffered_app_data.q = buffered_app_data; |
| 239 | } | 239 | } |
| 240 | 240 | ||
| 241 | ssl3_clear(s); | 241 | ssl3_clear(s); |
| 242 | if (s->options & SSL_OP_CISCO_ANYCONNECT) | 242 | if (s->options & SSL_OP_CISCO_ANYCONNECT) |
| 243 | s->version=DTLS1_BAD_VER; | 243 | s->version = DTLS1_BAD_VER; |
| 244 | else | 244 | else |
| 245 | s->version=DTLS1_VERSION; | 245 | s->version = DTLS1_VERSION; |
| 246 | } | 246 | } |
| 247 | 247 | ||
| 248 | long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) | 248 | long |
| 249 | { | 249 | dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) |
| 250 | int ret=0; | 250 | { |
| 251 | int ret = 0; | ||
| 251 | 252 | ||
| 252 | switch (cmd) | 253 | switch (cmd) { |
| 253 | { | ||
| 254 | case DTLS_CTRL_GET_TIMEOUT: | 254 | case DTLS_CTRL_GET_TIMEOUT: |
| 255 | if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) | 255 | if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) { |
| 256 | { | ||
| 257 | ret = 1; | 256 | ret = 1; |
| 258 | } | 257 | } |
| 259 | break; | 258 | break; |
| 260 | case DTLS_CTRL_HANDLE_TIMEOUT: | 259 | case DTLS_CTRL_HANDLE_TIMEOUT: |
| 261 | ret = dtls1_handle_timeout(s); | 260 | ret = dtls1_handle_timeout(s); |
| @@ -267,9 +266,9 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 267 | default: | 266 | default: |
| 268 | ret = ssl3_ctrl(s, cmd, larg, parg); | 267 | ret = ssl3_ctrl(s, cmd, larg, parg); |
| 269 | break; | 268 | break; |
| 270 | } | ||
| 271 | return(ret); | ||
| 272 | } | 269 | } |
| 270 | return (ret); | ||
| 271 | } | ||
| 273 | 272 | ||
| 274 | /* | 273 | /* |
| 275 | * As it's impossible to use stream ciphers in "datagram" mode, this | 274 | * As it's impossible to use stream ciphers in "datagram" mode, this |
| @@ -278,53 +277,51 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 278 | * to explicitly list their SSL_* codes. Currently RC4 is the only one | 277 | * to explicitly list their SSL_* codes. Currently RC4 is the only one |
| 279 | * available, but if new ones emerge, they will have to be added... | 278 | * available, but if new ones emerge, they will have to be added... |
| 280 | */ | 279 | */ |
| 281 | const SSL_CIPHER *dtls1_get_cipher(unsigned int u) | 280 | const SSL_CIPHER |
| 282 | { | 281 | *dtls1_get_cipher(unsigned int u) |
| 282 | { | ||
| 283 | const SSL_CIPHER *ciph = ssl3_get_cipher(u); | 283 | const SSL_CIPHER *ciph = ssl3_get_cipher(u); |
| 284 | 284 | ||
| 285 | if (ciph != NULL) | 285 | if (ciph != NULL) { |
| 286 | { | ||
| 287 | if (ciph->algorithm_enc == SSL_RC4) | 286 | if (ciph->algorithm_enc == SSL_RC4) |
| 288 | return NULL; | 287 | return NULL; |
| 289 | } | 288 | } |
| 290 | 289 | ||
| 291 | return ciph; | 290 | return ciph; |
| 292 | } | 291 | } |
| 293 | 292 | ||
| 294 | void dtls1_start_timer(SSL *s) | 293 | void |
| 295 | { | 294 | dtls1_start_timer(SSL *s) |
| 295 | { | ||
| 296 | #ifndef OPENSSL_NO_SCTP | 296 | #ifndef OPENSSL_NO_SCTP |
| 297 | /* Disable timer for SCTP */ | 297 | /* Disable timer for SCTP */ |
| 298 | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) | 298 | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { |
| 299 | { | ||
| 300 | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | 299 | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); |
| 301 | return; | 300 | return; |
| 302 | } | 301 | } |
| 303 | #endif | 302 | #endif |
| 304 | 303 | ||
| 305 | /* If timer is not set, initialize duration with 1 second */ | 304 | /* If timer is not set, initialize duration with 1 second */ |
| 306 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | 305 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { |
| 307 | { | ||
| 308 | s->d1->timeout_duration = 1; | 306 | s->d1->timeout_duration = 1; |
| 309 | } | 307 | } |
| 310 | 308 | ||
| 311 | /* Set timeout to current time */ | 309 | /* Set timeout to current time */ |
| 312 | get_current_time(&(s->d1->next_timeout)); | 310 | get_current_time(&(s->d1->next_timeout)); |
| 313 | 311 | ||
| 314 | /* Add duration to current time */ | 312 | /* Add duration to current time */ |
| 315 | s->d1->next_timeout.tv_sec += s->d1->timeout_duration; | 313 | s->d1->next_timeout.tv_sec += s->d1->timeout_duration; |
| 316 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); | 314 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); |
| 317 | } | 315 | } |
| 318 | 316 | ||
| 319 | struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) | 317 | struct timeval* |
| 320 | { | 318 | dtls1_get_timeout(SSL *s, struct timeval* timeleft) { |
| 321 | struct timeval timenow; | 319 | struct timeval timenow; |
| 322 | 320 | ||
| 323 | /* If no timeout is set, just return NULL */ | 321 | /* If no timeout is set, just return NULL */ |
| 324 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | 322 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { |
| 325 | { | ||
| 326 | return NULL; | 323 | return NULL; |
| 327 | } | 324 | } |
| 328 | 325 | ||
| 329 | /* Get current time */ | 326 | /* Get current time */ |
| 330 | get_current_time(&timenow); | 327 | get_current_time(&timenow); |
| @@ -332,65 +329,63 @@ struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) | |||
| 332 | /* If timer already expired, set remaining time to 0 */ | 329 | /* If timer already expired, set remaining time to 0 */ |
| 333 | if (s->d1->next_timeout.tv_sec < timenow.tv_sec || | 330 | if (s->d1->next_timeout.tv_sec < timenow.tv_sec || |
| 334 | (s->d1->next_timeout.tv_sec == timenow.tv_sec && | 331 | (s->d1->next_timeout.tv_sec == timenow.tv_sec && |
| 335 | s->d1->next_timeout.tv_usec <= timenow.tv_usec)) | 332 | s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { |
| 336 | { | ||
| 337 | memset(timeleft, 0, sizeof(struct timeval)); | 333 | memset(timeleft, 0, sizeof(struct timeval)); |
| 338 | return timeleft; | 334 | return timeleft; |
| 339 | } | 335 | } |
| 340 | 336 | ||
| 341 | /* Calculate time left until timer expires */ | 337 | /* Calculate time left until timer expires */ |
| 342 | memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); | 338 | memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); |
| 343 | timeleft->tv_sec -= timenow.tv_sec; | 339 | timeleft->tv_sec -= timenow.tv_sec; |
| 344 | timeleft->tv_usec -= timenow.tv_usec; | 340 | timeleft->tv_usec -= timenow.tv_usec; |
| 345 | if (timeleft->tv_usec < 0) | 341 | if (timeleft->tv_usec < 0) { |
| 346 | { | ||
| 347 | timeleft->tv_sec--; | 342 | timeleft->tv_sec--; |
| 348 | timeleft->tv_usec += 1000000; | 343 | timeleft->tv_usec += 1000000; |
| 349 | } | 344 | } |
| 350 | 345 | ||
| 351 | /* If remaining time is less than 15 ms, set it to 0 | 346 | /* If remaining time is less than 15 ms, set it to 0 |
| 352 | * to prevent issues because of small devergences with | 347 | * to prevent issues because of small devergences with |
| 353 | * socket timeouts. | 348 | * socket timeouts. |
| 354 | */ | 349 | */ |
| 355 | if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) | 350 | if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) { |
| 356 | { | ||
| 357 | memset(timeleft, 0, sizeof(struct timeval)); | 351 | memset(timeleft, 0, sizeof(struct timeval)); |
| 358 | } | 352 | } |
| 359 | 353 | ||
| 360 | 354 | ||
| 361 | return timeleft; | 355 | return timeleft; |
| 362 | } | 356 | } |
| 363 | 357 | ||
| 364 | int dtls1_is_timer_expired(SSL *s) | 358 | int |
| 365 | { | 359 | dtls1_is_timer_expired(SSL *s) |
| 360 | { | ||
| 366 | struct timeval timeleft; | 361 | struct timeval timeleft; |
| 367 | 362 | ||
| 368 | /* Get time left until timeout, return false if no timer running */ | 363 | /* Get time left until timeout, return false if no timer running */ |
| 369 | if (dtls1_get_timeout(s, &timeleft) == NULL) | 364 | if (dtls1_get_timeout(s, &timeleft) == NULL) { |
| 370 | { | ||
| 371 | return 0; | 365 | return 0; |
| 372 | } | 366 | } |
| 373 | 367 | ||
| 374 | /* Return false if timer is not expired yet */ | 368 | /* Return false if timer is not expired yet */ |
| 375 | if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) | 369 | if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) { |
| 376 | { | ||
| 377 | return 0; | 370 | return 0; |
| 378 | } | 371 | } |
| 379 | 372 | ||
| 380 | /* Timer expired, so return true */ | 373 | /* Timer expired, so return true */ |
| 381 | return 1; | 374 | return 1; |
| 382 | } | 375 | } |
| 383 | 376 | ||
| 384 | void dtls1_double_timeout(SSL *s) | 377 | void |
| 385 | { | 378 | dtls1_double_timeout(SSL *s) |
| 379 | { | ||
| 386 | s->d1->timeout_duration *= 2; | 380 | s->d1->timeout_duration *= 2; |
| 387 | if (s->d1->timeout_duration > 60) | 381 | if (s->d1->timeout_duration > 60) |
| 388 | s->d1->timeout_duration = 60; | 382 | s->d1->timeout_duration = 60; |
| 389 | dtls1_start_timer(s); | 383 | dtls1_start_timer(s); |
| 390 | } | 384 | } |
| 391 | 385 | ||
| 392 | void dtls1_stop_timer(SSL *s) | 386 | void |
| 393 | { | 387 | dtls1_stop_timer(SSL *s) |
| 388 | { | ||
| 394 | /* Reset everything */ | 389 | /* Reset everything */ |
| 395 | memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); | 390 | memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); |
| 396 | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | 391 | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); |
| @@ -398,35 +393,35 @@ void dtls1_stop_timer(SSL *s) | |||
| 398 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); | 393 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); |
| 399 | /* Clear retransmission buffer */ | 394 | /* Clear retransmission buffer */ |
| 400 | dtls1_clear_record_buffer(s); | 395 | dtls1_clear_record_buffer(s); |
| 401 | } | 396 | } |
| 402 | 397 | ||
| 403 | int dtls1_check_timeout_num(SSL *s) | 398 | int |
| 404 | { | 399 | dtls1_check_timeout_num(SSL *s) |
| 400 | { | ||
| 405 | s->d1->timeout.num_alerts++; | 401 | s->d1->timeout.num_alerts++; |
| 406 | 402 | ||
| 407 | /* Reduce MTU after 2 unsuccessful retransmissions */ | 403 | /* Reduce MTU after 2 unsuccessful retransmissions */ |
| 408 | if (s->d1->timeout.num_alerts > 2) | 404 | if (s->d1->timeout.num_alerts > 2) { |
| 409 | { | 405 | s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); |
| 410 | s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); | ||
| 411 | } | ||
| 412 | 406 | ||
| 413 | if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) | 407 | } |
| 414 | { | 408 | |
| 409 | if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { | ||
| 415 | /* fail the connection, enough alerts have been sent */ | 410 | /* fail the connection, enough alerts have been sent */ |
| 416 | SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED); | 411 | SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED); |
| 417 | return -1; | 412 | return -1; |
| 418 | } | 413 | } |
| 419 | 414 | ||
| 420 | return 0; | 415 | return 0; |
| 421 | } | 416 | } |
| 422 | 417 | ||
| 423 | int dtls1_handle_timeout(SSL *s) | 418 | int |
| 424 | { | 419 | dtls1_handle_timeout(SSL *s) |
| 420 | { | ||
| 425 | /* if no timer is expired, don't do anything */ | 421 | /* if no timer is expired, don't do anything */ |
| 426 | if (!dtls1_is_timer_expired(s)) | 422 | if (!dtls1_is_timer_expired(s)) { |
| 427 | { | ||
| 428 | return 0; | 423 | return 0; |
| 429 | } | 424 | } |
| 430 | 425 | ||
| 431 | dtls1_double_timeout(s); | 426 | dtls1_double_timeout(s); |
| 432 | 427 | ||
| @@ -434,38 +429,39 @@ int dtls1_handle_timeout(SSL *s) | |||
| 434 | return -1; | 429 | return -1; |
| 435 | 430 | ||
| 436 | s->d1->timeout.read_timeouts++; | 431 | s->d1->timeout.read_timeouts++; |
| 437 | if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) | 432 | if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { |
| 438 | { | ||
| 439 | s->d1->timeout.read_timeouts = 1; | 433 | s->d1->timeout.read_timeouts = 1; |
| 440 | } | 434 | } |
| 441 | 435 | ||
| 442 | #ifndef OPENSSL_NO_HEARTBEATS | 436 | #ifndef OPENSSL_NO_HEARTBEATS |
| 443 | if (s->tlsext_hb_pending) | 437 | if (s->tlsext_hb_pending) { |
| 444 | { | ||
| 445 | s->tlsext_hb_pending = 0; | 438 | s->tlsext_hb_pending = 0; |
| 446 | return dtls1_heartbeat(s); | 439 | return dtls1_heartbeat(s); |
| 447 | } | 440 | } |
| 448 | #endif | 441 | #endif |
| 449 | 442 | ||
| 450 | dtls1_start_timer(s); | 443 | dtls1_start_timer(s); |
| 451 | return dtls1_retransmit_buffered_messages(s); | 444 | return dtls1_retransmit_buffered_messages(s); |
| 452 | } | 445 | } |
| 453 | 446 | ||
| 454 | static void get_current_time(struct timeval *t) | 447 | static void |
| 448 | get_current_time(struct timeval *t) | ||
| 455 | { | 449 | { |
| 456 | gettimeofday(t, NULL); | 450 | gettimeofday(t, NULL); |
| 457 | } | 451 | } |
| 458 | 452 | ||
| 459 | int dtls1_listen(SSL *s, struct sockaddr *client) | 453 | int |
| 460 | { | 454 | dtls1_listen(SSL *s, struct sockaddr *client) |
| 455 | { | ||
| 461 | int ret; | 456 | int ret; |
| 462 | 457 | ||
| 463 | SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); | 458 | SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); |
| 464 | s->d1->listen = 1; | 459 | s->d1->listen = 1; |
| 465 | 460 | ||
| 466 | ret = SSL_accept(s); | 461 | ret = SSL_accept(s); |
| 467 | if (ret <= 0) return ret; | 462 | if (ret <= 0) |
| 468 | 463 | return ret; | |
| 469 | (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); | 464 | |
| 465 | (void)BIO_dgram_get_peer(SSL_get_rbio(s), client); | ||
| 470 | return 1; | 466 | return 1; |
| 471 | } | 467 | } |