diff options
| author | mpi <> | 2014-04-14 10:49:12 +0000 |
|---|---|---|
| committer | mpi <> | 2014-04-14 10:49:12 +0000 |
| commit | 2262294d1725b7aafc0a5dcdc45b9470fcd6154a (patch) | |
| tree | ab94f277eb4d10d12fbdba86cf2862f8ea0d8740 /src | |
| parent | f0cba78b86209685174e913d9a7c84a00e39f7ac (diff) | |
| download | openbsd-2262294d1725b7aafc0a5dcdc45b9470fcd6154a.tar.gz openbsd-2262294d1725b7aafc0a5dcdc45b9470fcd6154a.tar.bz2 openbsd-2262294d1725b7aafc0a5dcdc45b9470fcd6154a.zip | |
Revert to 1.1 minus the VMS stuff, I accidentally committed this chunk
in my last change.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/d1_lib.c | 319 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_lib.c | 319 |
2 files changed, 54 insertions, 584 deletions
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index 750f83e04a..2c61438f25 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c | |||
| @@ -57,18 +57,11 @@ | |||
| 57 | * | 57 | * |
| 58 | */ | 58 | */ |
| 59 | 59 | ||
| 60 | #include <sys/param.h> | ||
| 61 | #include <sys/socket.h> | ||
| 62 | |||
| 63 | #include <netinet/in.h> | ||
| 64 | |||
| 65 | #include <stdio.h> | 60 | #include <stdio.h> |
| 66 | #include <openssl/objects.h> | 61 | #include <openssl/objects.h> |
| 67 | #include "ssl_locl.h" | 62 | #include "ssl_locl.h" |
| 68 | 63 | ||
| 69 | static void get_current_time(struct timeval *t); | ||
| 70 | const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; | 64 | const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; |
| 71 | int dtls1_listen(SSL *s, struct sockaddr *client); | ||
| 72 | 65 | ||
| 73 | SSL3_ENC_METHOD DTLSv1_enc_data={ | 66 | SSL3_ENC_METHOD DTLSv1_enc_data={ |
| 74 | dtls1_enc, | 67 | dtls1_enc, |
| @@ -82,7 +75,6 @@ SSL3_ENC_METHOD DTLSv1_enc_data={ | |||
| 82 | TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, | 75 | TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, |
| 83 | TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, | 76 | TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, |
| 84 | tls1_alert_code, | 77 | tls1_alert_code, |
| 85 | tls1_export_keying_material, | ||
| 86 | }; | 78 | }; |
| 87 | 79 | ||
| 88 | long dtls1_default_timeout(void) | 80 | long dtls1_default_timeout(void) |
| @@ -92,6 +84,11 @@ long dtls1_default_timeout(void) | |||
| 92 | return(60*60*2); | 84 | return(60*60*2); |
| 93 | } | 85 | } |
| 94 | 86 | ||
| 87 | IMPLEMENT_dtls1_meth_func(dtlsv1_base_method, | ||
| 88 | ssl_undefined_function, | ||
| 89 | ssl_undefined_function, | ||
| 90 | ssl_bad_method) | ||
| 91 | |||
| 95 | int dtls1_new(SSL *s) | 92 | int dtls1_new(SSL *s) |
| 96 | { | 93 | { |
| 97 | DTLS1_STATE *d1; | 94 | DTLS1_STATE *d1; |
| @@ -101,12 +98,17 @@ int dtls1_new(SSL *s) | |||
| 101 | memset(d1,0, sizeof *d1); | 98 | memset(d1,0, sizeof *d1); |
| 102 | 99 | ||
| 103 | /* d1->handshake_epoch=0; */ | 100 | /* d1->handshake_epoch=0; */ |
| 101 | d1->bitmap.length=sizeof(d1->bitmap.map) * 8; | ||
| 102 | pq_64bit_init(&(d1->bitmap.map)); | ||
| 103 | pq_64bit_init(&(d1->bitmap.max_seq_num)); | ||
| 104 | |||
| 105 | pq_64bit_init(&(d1->next_bitmap.map)); | ||
| 106 | pq_64bit_init(&(d1->next_bitmap.max_seq_num)); | ||
| 104 | 107 | ||
| 105 | d1->unprocessed_rcds.q=pqueue_new(); | 108 | d1->unprocessed_rcds.q=pqueue_new(); |
| 106 | d1->processed_rcds.q=pqueue_new(); | 109 | d1->processed_rcds.q=pqueue_new(); |
| 107 | d1->buffered_messages = pqueue_new(); | 110 | d1->buffered_messages = pqueue_new(); |
| 108 | d1->sent_messages=pqueue_new(); | 111 | d1->sent_messages=pqueue_new(); |
| 109 | d1->buffered_app_data.q=pqueue_new(); | ||
| 110 | 112 | ||
| 111 | if ( s->server) | 113 | if ( s->server) |
| 112 | { | 114 | { |
| @@ -114,13 +116,12 @@ int dtls1_new(SSL *s) | |||
| 114 | } | 116 | } |
| 115 | 117 | ||
| 116 | if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q | 118 | if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q |
| 117 | || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) | 119 | || ! d1->buffered_messages || ! d1->sent_messages) |
| 118 | { | 120 | { |
| 119 | if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); | 121 | if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); |
| 120 | if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); | 122 | if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); |
| 121 | if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); | 123 | if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); |
| 122 | if ( d1->sent_messages) pqueue_free(d1->sent_messages); | 124 | if ( d1->sent_messages) pqueue_free(d1->sent_messages); |
| 123 | if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); | ||
| 124 | OPENSSL_free(d1); | 125 | OPENSSL_free(d1); |
| 125 | return (0); | 126 | return (0); |
| 126 | } | 127 | } |
| @@ -130,33 +131,26 @@ int dtls1_new(SSL *s) | |||
| 130 | return(1); | 131 | return(1); |
| 131 | } | 132 | } |
| 132 | 133 | ||
| 133 | static void dtls1_clear_queues(SSL *s) | 134 | void dtls1_free(SSL *s) |
| 134 | { | 135 | { |
| 135 | pitem *item = NULL; | 136 | pitem *item = NULL; |
| 136 | hm_fragment *frag = NULL; | 137 | hm_fragment *frag = NULL; |
| 137 | DTLS1_RECORD_DATA *rdata; | 138 | |
| 139 | ssl3_free(s); | ||
| 138 | 140 | ||
| 139 | while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) | 141 | while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) |
| 140 | { | 142 | { |
| 141 | rdata = (DTLS1_RECORD_DATA *) item->data; | ||
| 142 | if (rdata->rbuf.buf) | ||
| 143 | { | ||
| 144 | OPENSSL_free(rdata->rbuf.buf); | ||
| 145 | } | ||
| 146 | OPENSSL_free(item->data); | 143 | OPENSSL_free(item->data); |
| 147 | pitem_free(item); | 144 | pitem_free(item); |
| 148 | } | 145 | } |
| 146 | pqueue_free(s->d1->unprocessed_rcds.q); | ||
| 149 | 147 | ||
| 150 | while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) | 148 | while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) |
| 151 | { | 149 | { |
| 152 | rdata = (DTLS1_RECORD_DATA *) item->data; | ||
| 153 | if (rdata->rbuf.buf) | ||
| 154 | { | ||
| 155 | OPENSSL_free(rdata->rbuf.buf); | ||
| 156 | } | ||
| 157 | OPENSSL_free(item->data); | 150 | OPENSSL_free(item->data); |
| 158 | pitem_free(item); | 151 | pitem_free(item); |
| 159 | } | 152 | } |
| 153 | pqueue_free(s->d1->processed_rcds.q); | ||
| 160 | 154 | ||
| 161 | while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) | 155 | while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) |
| 162 | { | 156 | { |
| @@ -165,6 +159,7 @@ static void dtls1_clear_queues(SSL *s) | |||
| 165 | OPENSSL_free(frag); | 159 | OPENSSL_free(frag); |
| 166 | pitem_free(item); | 160 | pitem_free(item); |
| 167 | } | 161 | } |
| 162 | pqueue_free(s->d1->buffered_messages); | ||
| 168 | 163 | ||
| 169 | while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) | 164 | while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) |
| 170 | { | 165 | { |
| @@ -173,102 +168,21 @@ static void dtls1_clear_queues(SSL *s) | |||
| 173 | OPENSSL_free(frag); | 168 | OPENSSL_free(frag); |
| 174 | pitem_free(item); | 169 | pitem_free(item); |
| 175 | } | 170 | } |
| 171 | pqueue_free(s->d1->sent_messages); | ||
| 176 | 172 | ||
| 177 | while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) | 173 | pq_64bit_free(&(s->d1->bitmap.map)); |
| 178 | { | 174 | pq_64bit_free(&(s->d1->bitmap.max_seq_num)); |
| 179 | frag = (hm_fragment *)item->data; | ||
| 180 | OPENSSL_free(frag->fragment); | ||
| 181 | OPENSSL_free(frag); | ||
| 182 | pitem_free(item); | ||
| 183 | } | ||
| 184 | } | ||
| 185 | |||
| 186 | void dtls1_free(SSL *s) | ||
| 187 | { | ||
| 188 | ssl3_free(s); | ||
| 189 | |||
| 190 | dtls1_clear_queues(s); | ||
| 191 | 175 | ||
| 192 | pqueue_free(s->d1->unprocessed_rcds.q); | 176 | pq_64bit_free(&(s->d1->next_bitmap.map)); |
| 193 | pqueue_free(s->d1->processed_rcds.q); | 177 | pq_64bit_free(&(s->d1->next_bitmap.max_seq_num)); |
| 194 | pqueue_free(s->d1->buffered_messages); | ||
| 195 | pqueue_free(s->d1->sent_messages); | ||
| 196 | pqueue_free(s->d1->buffered_app_data.q); | ||
| 197 | 178 | ||
| 198 | OPENSSL_free(s->d1); | 179 | OPENSSL_free(s->d1); |
| 199 | s->d1 = NULL; | ||
| 200 | } | 180 | } |
| 201 | 181 | ||
| 202 | void dtls1_clear(SSL *s) | 182 | void dtls1_clear(SSL *s) |
| 203 | { | 183 | { |
| 204 | pqueue unprocessed_rcds; | ||
| 205 | pqueue processed_rcds; | ||
| 206 | pqueue buffered_messages; | ||
| 207 | pqueue sent_messages; | ||
| 208 | pqueue buffered_app_data; | ||
| 209 | unsigned int mtu; | ||
| 210 | |||
| 211 | if (s->d1) | ||
| 212 | { | ||
| 213 | unprocessed_rcds = s->d1->unprocessed_rcds.q; | ||
| 214 | processed_rcds = s->d1->processed_rcds.q; | ||
| 215 | buffered_messages = s->d1->buffered_messages; | ||
| 216 | sent_messages = s->d1->sent_messages; | ||
| 217 | buffered_app_data = s->d1->buffered_app_data.q; | ||
| 218 | mtu = s->d1->mtu; | ||
| 219 | |||
| 220 | dtls1_clear_queues(s); | ||
| 221 | |||
| 222 | memset(s->d1, 0, sizeof(*(s->d1))); | ||
| 223 | |||
| 224 | if (s->server) | ||
| 225 | { | ||
| 226 | s->d1->cookie_len = sizeof(s->d1->cookie); | ||
| 227 | } | ||
| 228 | |||
| 229 | if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) | ||
| 230 | { | ||
| 231 | s->d1->mtu = mtu; | ||
| 232 | } | ||
| 233 | |||
| 234 | s->d1->unprocessed_rcds.q = unprocessed_rcds; | ||
| 235 | s->d1->processed_rcds.q = processed_rcds; | ||
| 236 | s->d1->buffered_messages = buffered_messages; | ||
| 237 | s->d1->sent_messages = sent_messages; | ||
| 238 | s->d1->buffered_app_data.q = buffered_app_data; | ||
| 239 | } | ||
| 240 | |||
| 241 | ssl3_clear(s); | 184 | ssl3_clear(s); |
| 242 | if (s->options & SSL_OP_CISCO_ANYCONNECT) | 185 | s->version=DTLS1_VERSION; |
| 243 | s->version=DTLS1_BAD_VER; | ||
| 244 | else | ||
| 245 | s->version=DTLS1_VERSION; | ||
| 246 | } | ||
| 247 | |||
| 248 | long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) | ||
| 249 | { | ||
| 250 | int ret=0; | ||
| 251 | |||
| 252 | switch (cmd) | ||
| 253 | { | ||
| 254 | case DTLS_CTRL_GET_TIMEOUT: | ||
| 255 | if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) | ||
| 256 | { | ||
| 257 | ret = 1; | ||
| 258 | } | ||
| 259 | break; | ||
| 260 | case DTLS_CTRL_HANDLE_TIMEOUT: | ||
| 261 | ret = dtls1_handle_timeout(s); | ||
| 262 | break; | ||
| 263 | case DTLS_CTRL_LISTEN: | ||
| 264 | ret = dtls1_listen(s, parg); | ||
| 265 | break; | ||
| 266 | |||
| 267 | default: | ||
| 268 | ret = ssl3_ctrl(s, cmd, larg, parg); | ||
| 269 | break; | ||
| 270 | } | ||
| 271 | return(ret); | ||
| 272 | } | 186 | } |
| 273 | 187 | ||
| 274 | /* | 188 | /* |
| @@ -278,194 +192,15 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 278 | * to explicitly list their SSL_* codes. Currently RC4 is the only one | 192 | * to explicitly list their SSL_* codes. Currently RC4 is the only one |
| 279 | * available, but if new ones emerge, they will have to be added... | 193 | * available, but if new ones emerge, they will have to be added... |
| 280 | */ | 194 | */ |
| 281 | const SSL_CIPHER *dtls1_get_cipher(unsigned int u) | 195 | SSL_CIPHER *dtls1_get_cipher(unsigned int u) |
| 282 | { | 196 | { |
| 283 | const SSL_CIPHER *ciph = ssl3_get_cipher(u); | 197 | SSL_CIPHER *ciph = ssl3_get_cipher(u); |
| 284 | 198 | ||
| 285 | if (ciph != NULL) | 199 | if (ciph != NULL) |
| 286 | { | 200 | { |
| 287 | if (ciph->algorithm_enc == SSL_RC4) | 201 | if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) |
| 288 | return NULL; | 202 | return NULL; |
| 289 | } | 203 | } |
| 290 | 204 | ||
| 291 | return ciph; | 205 | return ciph; |
| 292 | } | 206 | } |
| 293 | |||
| 294 | void dtls1_start_timer(SSL *s) | ||
| 295 | { | ||
| 296 | #ifndef OPENSSL_NO_SCTP | ||
| 297 | /* Disable timer for SCTP */ | ||
| 298 | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) | ||
| 299 | { | ||
| 300 | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | ||
| 301 | return; | ||
| 302 | } | ||
| 303 | #endif | ||
| 304 | |||
| 305 | /* If timer is not set, initialize duration with 1 second */ | ||
| 306 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | ||
| 307 | { | ||
| 308 | s->d1->timeout_duration = 1; | ||
| 309 | } | ||
| 310 | |||
| 311 | /* Set timeout to current time */ | ||
| 312 | get_current_time(&(s->d1->next_timeout)); | ||
| 313 | |||
| 314 | /* Add duration to current time */ | ||
| 315 | s->d1->next_timeout.tv_sec += s->d1->timeout_duration; | ||
| 316 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); | ||
| 317 | } | ||
| 318 | |||
| 319 | struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) | ||
| 320 | { | ||
| 321 | struct timeval timenow; | ||
| 322 | |||
| 323 | /* If no timeout is set, just return NULL */ | ||
| 324 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | ||
| 325 | { | ||
| 326 | return NULL; | ||
| 327 | } | ||
| 328 | |||
| 329 | /* Get current time */ | ||
| 330 | get_current_time(&timenow); | ||
| 331 | |||
| 332 | /* If timer already expired, set remaining time to 0 */ | ||
| 333 | if (s->d1->next_timeout.tv_sec < timenow.tv_sec || | ||
| 334 | (s->d1->next_timeout.tv_sec == timenow.tv_sec && | ||
| 335 | s->d1->next_timeout.tv_usec <= timenow.tv_usec)) | ||
| 336 | { | ||
| 337 | memset(timeleft, 0, sizeof(struct timeval)); | ||
| 338 | return timeleft; | ||
| 339 | } | ||
| 340 | |||
| 341 | /* Calculate time left until timer expires */ | ||
| 342 | memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); | ||
| 343 | timeleft->tv_sec -= timenow.tv_sec; | ||
| 344 | timeleft->tv_usec -= timenow.tv_usec; | ||
| 345 | if (timeleft->tv_usec < 0) | ||
| 346 | { | ||
| 347 | timeleft->tv_sec--; | ||
| 348 | timeleft->tv_usec += 1000000; | ||
| 349 | } | ||
| 350 | |||
| 351 | /* If remaining time is less than 15 ms, set it to 0 | ||
| 352 | * to prevent issues because of small devergences with | ||
| 353 | * socket timeouts. | ||
| 354 | */ | ||
| 355 | if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) | ||
| 356 | { | ||
| 357 | memset(timeleft, 0, sizeof(struct timeval)); | ||
| 358 | } | ||
| 359 | |||
| 360 | |||
| 361 | return timeleft; | ||
| 362 | } | ||
| 363 | |||
| 364 | int dtls1_is_timer_expired(SSL *s) | ||
| 365 | { | ||
| 366 | struct timeval timeleft; | ||
| 367 | |||
| 368 | /* Get time left until timeout, return false if no timer running */ | ||
| 369 | if (dtls1_get_timeout(s, &timeleft) == NULL) | ||
| 370 | { | ||
| 371 | return 0; | ||
| 372 | } | ||
| 373 | |||
| 374 | /* Return false if timer is not expired yet */ | ||
| 375 | if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) | ||
| 376 | { | ||
| 377 | return 0; | ||
| 378 | } | ||
| 379 | |||
| 380 | /* Timer expired, so return true */ | ||
| 381 | return 1; | ||
| 382 | } | ||
| 383 | |||
| 384 | void dtls1_double_timeout(SSL *s) | ||
| 385 | { | ||
| 386 | s->d1->timeout_duration *= 2; | ||
| 387 | if (s->d1->timeout_duration > 60) | ||
| 388 | s->d1->timeout_duration = 60; | ||
| 389 | dtls1_start_timer(s); | ||
| 390 | } | ||
| 391 | |||
| 392 | void dtls1_stop_timer(SSL *s) | ||
| 393 | { | ||
| 394 | /* Reset everything */ | ||
| 395 | memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); | ||
| 396 | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | ||
| 397 | s->d1->timeout_duration = 1; | ||
| 398 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); | ||
| 399 | /* Clear retransmission buffer */ | ||
| 400 | dtls1_clear_record_buffer(s); | ||
| 401 | } | ||
| 402 | |||
| 403 | int dtls1_check_timeout_num(SSL *s) | ||
| 404 | { | ||
| 405 | s->d1->timeout.num_alerts++; | ||
| 406 | |||
| 407 | /* Reduce MTU after 2 unsuccessful retransmissions */ | ||
| 408 | if (s->d1->timeout.num_alerts > 2) | ||
| 409 | { | ||
| 410 | s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); | ||
| 411 | } | ||
| 412 | |||
| 413 | if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) | ||
| 414 | { | ||
| 415 | /* fail the connection, enough alerts have been sent */ | ||
| 416 | SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED); | ||
| 417 | return -1; | ||
| 418 | } | ||
| 419 | |||
| 420 | return 0; | ||
| 421 | } | ||
| 422 | |||
| 423 | int dtls1_handle_timeout(SSL *s) | ||
| 424 | { | ||
| 425 | /* if no timer is expired, don't do anything */ | ||
| 426 | if (!dtls1_is_timer_expired(s)) | ||
| 427 | { | ||
| 428 | return 0; | ||
| 429 | } | ||
| 430 | |||
| 431 | dtls1_double_timeout(s); | ||
| 432 | |||
| 433 | if (dtls1_check_timeout_num(s) < 0) | ||
| 434 | return -1; | ||
| 435 | |||
| 436 | s->d1->timeout.read_timeouts++; | ||
| 437 | if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) | ||
| 438 | { | ||
| 439 | s->d1->timeout.read_timeouts = 1; | ||
| 440 | } | ||
| 441 | |||
| 442 | #ifndef OPENSSL_NO_HEARTBEATS | ||
| 443 | if (s->tlsext_hb_pending) | ||
| 444 | { | ||
| 445 | s->tlsext_hb_pending = 0; | ||
| 446 | return dtls1_heartbeat(s); | ||
| 447 | } | ||
| 448 | #endif | ||
| 449 | |||
| 450 | dtls1_start_timer(s); | ||
| 451 | return dtls1_retransmit_buffered_messages(s); | ||
| 452 | } | ||
| 453 | |||
| 454 | static void get_current_time(struct timeval *t) | ||
| 455 | { | ||
| 456 | gettimeofday(t, NULL); | ||
| 457 | } | ||
| 458 | |||
| 459 | int dtls1_listen(SSL *s, struct sockaddr *client) | ||
| 460 | { | ||
| 461 | int ret; | ||
| 462 | |||
| 463 | SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); | ||
| 464 | s->d1->listen = 1; | ||
| 465 | |||
| 466 | ret = SSL_accept(s); | ||
| 467 | if (ret <= 0) return ret; | ||
| 468 | |||
| 469 | (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); | ||
| 470 | return 1; | ||
| 471 | } | ||
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c index 750f83e04a..2c61438f25 100644 --- a/src/lib/libssl/src/ssl/d1_lib.c +++ b/src/lib/libssl/src/ssl/d1_lib.c | |||
| @@ -57,18 +57,11 @@ | |||
| 57 | * | 57 | * |
| 58 | */ | 58 | */ |
| 59 | 59 | ||
| 60 | #include <sys/param.h> | ||
| 61 | #include <sys/socket.h> | ||
| 62 | |||
| 63 | #include <netinet/in.h> | ||
| 64 | |||
| 65 | #include <stdio.h> | 60 | #include <stdio.h> |
| 66 | #include <openssl/objects.h> | 61 | #include <openssl/objects.h> |
| 67 | #include "ssl_locl.h" | 62 | #include "ssl_locl.h" |
| 68 | 63 | ||
| 69 | static void get_current_time(struct timeval *t); | ||
| 70 | const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; | 64 | const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; |
| 71 | int dtls1_listen(SSL *s, struct sockaddr *client); | ||
| 72 | 65 | ||
| 73 | SSL3_ENC_METHOD DTLSv1_enc_data={ | 66 | SSL3_ENC_METHOD DTLSv1_enc_data={ |
| 74 | dtls1_enc, | 67 | dtls1_enc, |
| @@ -82,7 +75,6 @@ SSL3_ENC_METHOD DTLSv1_enc_data={ | |||
| 82 | TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, | 75 | TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, |
| 83 | TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, | 76 | TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, |
| 84 | tls1_alert_code, | 77 | tls1_alert_code, |
| 85 | tls1_export_keying_material, | ||
| 86 | }; | 78 | }; |
| 87 | 79 | ||
| 88 | long dtls1_default_timeout(void) | 80 | long dtls1_default_timeout(void) |
| @@ -92,6 +84,11 @@ long dtls1_default_timeout(void) | |||
| 92 | return(60*60*2); | 84 | return(60*60*2); |
| 93 | } | 85 | } |
| 94 | 86 | ||
| 87 | IMPLEMENT_dtls1_meth_func(dtlsv1_base_method, | ||
| 88 | ssl_undefined_function, | ||
| 89 | ssl_undefined_function, | ||
| 90 | ssl_bad_method) | ||
| 91 | |||
| 95 | int dtls1_new(SSL *s) | 92 | int dtls1_new(SSL *s) |
| 96 | { | 93 | { |
| 97 | DTLS1_STATE *d1; | 94 | DTLS1_STATE *d1; |
| @@ -101,12 +98,17 @@ int dtls1_new(SSL *s) | |||
| 101 | memset(d1,0, sizeof *d1); | 98 | memset(d1,0, sizeof *d1); |
| 102 | 99 | ||
| 103 | /* d1->handshake_epoch=0; */ | 100 | /* d1->handshake_epoch=0; */ |
| 101 | d1->bitmap.length=sizeof(d1->bitmap.map) * 8; | ||
| 102 | pq_64bit_init(&(d1->bitmap.map)); | ||
| 103 | pq_64bit_init(&(d1->bitmap.max_seq_num)); | ||
| 104 | |||
| 105 | pq_64bit_init(&(d1->next_bitmap.map)); | ||
| 106 | pq_64bit_init(&(d1->next_bitmap.max_seq_num)); | ||
| 104 | 107 | ||
| 105 | d1->unprocessed_rcds.q=pqueue_new(); | 108 | d1->unprocessed_rcds.q=pqueue_new(); |
| 106 | d1->processed_rcds.q=pqueue_new(); | 109 | d1->processed_rcds.q=pqueue_new(); |
| 107 | d1->buffered_messages = pqueue_new(); | 110 | d1->buffered_messages = pqueue_new(); |
| 108 | d1->sent_messages=pqueue_new(); | 111 | d1->sent_messages=pqueue_new(); |
| 109 | d1->buffered_app_data.q=pqueue_new(); | ||
| 110 | 112 | ||
| 111 | if ( s->server) | 113 | if ( s->server) |
| 112 | { | 114 | { |
| @@ -114,13 +116,12 @@ int dtls1_new(SSL *s) | |||
| 114 | } | 116 | } |
| 115 | 117 | ||
| 116 | if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q | 118 | if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q |
| 117 | || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q) | 119 | || ! d1->buffered_messages || ! d1->sent_messages) |
| 118 | { | 120 | { |
| 119 | if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); | 121 | if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); |
| 120 | if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); | 122 | if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); |
| 121 | if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); | 123 | if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); |
| 122 | if ( d1->sent_messages) pqueue_free(d1->sent_messages); | 124 | if ( d1->sent_messages) pqueue_free(d1->sent_messages); |
| 123 | if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q); | ||
| 124 | OPENSSL_free(d1); | 125 | OPENSSL_free(d1); |
| 125 | return (0); | 126 | return (0); |
| 126 | } | 127 | } |
| @@ -130,33 +131,26 @@ int dtls1_new(SSL *s) | |||
| 130 | return(1); | 131 | return(1); |
| 131 | } | 132 | } |
| 132 | 133 | ||
| 133 | static void dtls1_clear_queues(SSL *s) | 134 | void dtls1_free(SSL *s) |
| 134 | { | 135 | { |
| 135 | pitem *item = NULL; | 136 | pitem *item = NULL; |
| 136 | hm_fragment *frag = NULL; | 137 | hm_fragment *frag = NULL; |
| 137 | DTLS1_RECORD_DATA *rdata; | 138 | |
| 139 | ssl3_free(s); | ||
| 138 | 140 | ||
| 139 | while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) | 141 | while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) |
| 140 | { | 142 | { |
| 141 | rdata = (DTLS1_RECORD_DATA *) item->data; | ||
| 142 | if (rdata->rbuf.buf) | ||
| 143 | { | ||
| 144 | OPENSSL_free(rdata->rbuf.buf); | ||
| 145 | } | ||
| 146 | OPENSSL_free(item->data); | 143 | OPENSSL_free(item->data); |
| 147 | pitem_free(item); | 144 | pitem_free(item); |
| 148 | } | 145 | } |
| 146 | pqueue_free(s->d1->unprocessed_rcds.q); | ||
| 149 | 147 | ||
| 150 | while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) | 148 | while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) |
| 151 | { | 149 | { |
| 152 | rdata = (DTLS1_RECORD_DATA *) item->data; | ||
| 153 | if (rdata->rbuf.buf) | ||
| 154 | { | ||
| 155 | OPENSSL_free(rdata->rbuf.buf); | ||
| 156 | } | ||
| 157 | OPENSSL_free(item->data); | 150 | OPENSSL_free(item->data); |
| 158 | pitem_free(item); | 151 | pitem_free(item); |
| 159 | } | 152 | } |
| 153 | pqueue_free(s->d1->processed_rcds.q); | ||
| 160 | 154 | ||
| 161 | while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) | 155 | while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) |
| 162 | { | 156 | { |
| @@ -165,6 +159,7 @@ static void dtls1_clear_queues(SSL *s) | |||
| 165 | OPENSSL_free(frag); | 159 | OPENSSL_free(frag); |
| 166 | pitem_free(item); | 160 | pitem_free(item); |
| 167 | } | 161 | } |
| 162 | pqueue_free(s->d1->buffered_messages); | ||
| 168 | 163 | ||
| 169 | while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) | 164 | while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) |
| 170 | { | 165 | { |
| @@ -173,102 +168,21 @@ static void dtls1_clear_queues(SSL *s) | |||
| 173 | OPENSSL_free(frag); | 168 | OPENSSL_free(frag); |
| 174 | pitem_free(item); | 169 | pitem_free(item); |
| 175 | } | 170 | } |
| 171 | pqueue_free(s->d1->sent_messages); | ||
| 176 | 172 | ||
| 177 | while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) | 173 | pq_64bit_free(&(s->d1->bitmap.map)); |
| 178 | { | 174 | pq_64bit_free(&(s->d1->bitmap.max_seq_num)); |
| 179 | frag = (hm_fragment *)item->data; | ||
| 180 | OPENSSL_free(frag->fragment); | ||
| 181 | OPENSSL_free(frag); | ||
| 182 | pitem_free(item); | ||
| 183 | } | ||
| 184 | } | ||
| 185 | |||
| 186 | void dtls1_free(SSL *s) | ||
| 187 | { | ||
| 188 | ssl3_free(s); | ||
| 189 | |||
| 190 | dtls1_clear_queues(s); | ||
| 191 | 175 | ||
| 192 | pqueue_free(s->d1->unprocessed_rcds.q); | 176 | pq_64bit_free(&(s->d1->next_bitmap.map)); |
| 193 | pqueue_free(s->d1->processed_rcds.q); | 177 | pq_64bit_free(&(s->d1->next_bitmap.max_seq_num)); |
| 194 | pqueue_free(s->d1->buffered_messages); | ||
| 195 | pqueue_free(s->d1->sent_messages); | ||
| 196 | pqueue_free(s->d1->buffered_app_data.q); | ||
| 197 | 178 | ||
| 198 | OPENSSL_free(s->d1); | 179 | OPENSSL_free(s->d1); |
| 199 | s->d1 = NULL; | ||
| 200 | } | 180 | } |
| 201 | 181 | ||
| 202 | void dtls1_clear(SSL *s) | 182 | void dtls1_clear(SSL *s) |
| 203 | { | 183 | { |
| 204 | pqueue unprocessed_rcds; | ||
| 205 | pqueue processed_rcds; | ||
| 206 | pqueue buffered_messages; | ||
| 207 | pqueue sent_messages; | ||
| 208 | pqueue buffered_app_data; | ||
| 209 | unsigned int mtu; | ||
| 210 | |||
| 211 | if (s->d1) | ||
| 212 | { | ||
| 213 | unprocessed_rcds = s->d1->unprocessed_rcds.q; | ||
| 214 | processed_rcds = s->d1->processed_rcds.q; | ||
| 215 | buffered_messages = s->d1->buffered_messages; | ||
| 216 | sent_messages = s->d1->sent_messages; | ||
| 217 | buffered_app_data = s->d1->buffered_app_data.q; | ||
| 218 | mtu = s->d1->mtu; | ||
| 219 | |||
| 220 | dtls1_clear_queues(s); | ||
| 221 | |||
| 222 | memset(s->d1, 0, sizeof(*(s->d1))); | ||
| 223 | |||
| 224 | if (s->server) | ||
| 225 | { | ||
| 226 | s->d1->cookie_len = sizeof(s->d1->cookie); | ||
| 227 | } | ||
| 228 | |||
| 229 | if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) | ||
| 230 | { | ||
| 231 | s->d1->mtu = mtu; | ||
| 232 | } | ||
| 233 | |||
| 234 | s->d1->unprocessed_rcds.q = unprocessed_rcds; | ||
| 235 | s->d1->processed_rcds.q = processed_rcds; | ||
| 236 | s->d1->buffered_messages = buffered_messages; | ||
| 237 | s->d1->sent_messages = sent_messages; | ||
| 238 | s->d1->buffered_app_data.q = buffered_app_data; | ||
| 239 | } | ||
| 240 | |||
| 241 | ssl3_clear(s); | 184 | ssl3_clear(s); |
| 242 | if (s->options & SSL_OP_CISCO_ANYCONNECT) | 185 | s->version=DTLS1_VERSION; |
| 243 | s->version=DTLS1_BAD_VER; | ||
| 244 | else | ||
| 245 | s->version=DTLS1_VERSION; | ||
| 246 | } | ||
| 247 | |||
| 248 | long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) | ||
| 249 | { | ||
| 250 | int ret=0; | ||
| 251 | |||
| 252 | switch (cmd) | ||
| 253 | { | ||
| 254 | case DTLS_CTRL_GET_TIMEOUT: | ||
| 255 | if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) | ||
| 256 | { | ||
| 257 | ret = 1; | ||
| 258 | } | ||
| 259 | break; | ||
| 260 | case DTLS_CTRL_HANDLE_TIMEOUT: | ||
| 261 | ret = dtls1_handle_timeout(s); | ||
| 262 | break; | ||
| 263 | case DTLS_CTRL_LISTEN: | ||
| 264 | ret = dtls1_listen(s, parg); | ||
| 265 | break; | ||
| 266 | |||
| 267 | default: | ||
| 268 | ret = ssl3_ctrl(s, cmd, larg, parg); | ||
| 269 | break; | ||
| 270 | } | ||
| 271 | return(ret); | ||
| 272 | } | 186 | } |
| 273 | 187 | ||
| 274 | /* | 188 | /* |
| @@ -278,194 +192,15 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 278 | * to explicitly list their SSL_* codes. Currently RC4 is the only one | 192 | * to explicitly list their SSL_* codes. Currently RC4 is the only one |
| 279 | * available, but if new ones emerge, they will have to be added... | 193 | * available, but if new ones emerge, they will have to be added... |
| 280 | */ | 194 | */ |
| 281 | const SSL_CIPHER *dtls1_get_cipher(unsigned int u) | 195 | SSL_CIPHER *dtls1_get_cipher(unsigned int u) |
| 282 | { | 196 | { |
| 283 | const SSL_CIPHER *ciph = ssl3_get_cipher(u); | 197 | SSL_CIPHER *ciph = ssl3_get_cipher(u); |
| 284 | 198 | ||
| 285 | if (ciph != NULL) | 199 | if (ciph != NULL) |
| 286 | { | 200 | { |
| 287 | if (ciph->algorithm_enc == SSL_RC4) | 201 | if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) |
| 288 | return NULL; | 202 | return NULL; |
| 289 | } | 203 | } |
| 290 | 204 | ||
| 291 | return ciph; | 205 | return ciph; |
| 292 | } | 206 | } |
| 293 | |||
| 294 | void dtls1_start_timer(SSL *s) | ||
| 295 | { | ||
| 296 | #ifndef OPENSSL_NO_SCTP | ||
| 297 | /* Disable timer for SCTP */ | ||
| 298 | if (BIO_dgram_is_sctp(SSL_get_wbio(s))) | ||
| 299 | { | ||
| 300 | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | ||
| 301 | return; | ||
| 302 | } | ||
| 303 | #endif | ||
| 304 | |||
| 305 | /* If timer is not set, initialize duration with 1 second */ | ||
| 306 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | ||
| 307 | { | ||
| 308 | s->d1->timeout_duration = 1; | ||
| 309 | } | ||
| 310 | |||
| 311 | /* Set timeout to current time */ | ||
| 312 | get_current_time(&(s->d1->next_timeout)); | ||
| 313 | |||
| 314 | /* Add duration to current time */ | ||
| 315 | s->d1->next_timeout.tv_sec += s->d1->timeout_duration; | ||
| 316 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); | ||
| 317 | } | ||
| 318 | |||
| 319 | struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft) | ||
| 320 | { | ||
| 321 | struct timeval timenow; | ||
| 322 | |||
| 323 | /* If no timeout is set, just return NULL */ | ||
| 324 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) | ||
| 325 | { | ||
| 326 | return NULL; | ||
| 327 | } | ||
| 328 | |||
| 329 | /* Get current time */ | ||
| 330 | get_current_time(&timenow); | ||
| 331 | |||
| 332 | /* If timer already expired, set remaining time to 0 */ | ||
| 333 | if (s->d1->next_timeout.tv_sec < timenow.tv_sec || | ||
| 334 | (s->d1->next_timeout.tv_sec == timenow.tv_sec && | ||
| 335 | s->d1->next_timeout.tv_usec <= timenow.tv_usec)) | ||
| 336 | { | ||
| 337 | memset(timeleft, 0, sizeof(struct timeval)); | ||
| 338 | return timeleft; | ||
| 339 | } | ||
| 340 | |||
| 341 | /* Calculate time left until timer expires */ | ||
| 342 | memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); | ||
| 343 | timeleft->tv_sec -= timenow.tv_sec; | ||
| 344 | timeleft->tv_usec -= timenow.tv_usec; | ||
| 345 | if (timeleft->tv_usec < 0) | ||
| 346 | { | ||
| 347 | timeleft->tv_sec--; | ||
| 348 | timeleft->tv_usec += 1000000; | ||
| 349 | } | ||
| 350 | |||
| 351 | /* If remaining time is less than 15 ms, set it to 0 | ||
| 352 | * to prevent issues because of small devergences with | ||
| 353 | * socket timeouts. | ||
| 354 | */ | ||
| 355 | if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) | ||
| 356 | { | ||
| 357 | memset(timeleft, 0, sizeof(struct timeval)); | ||
| 358 | } | ||
| 359 | |||
| 360 | |||
| 361 | return timeleft; | ||
| 362 | } | ||
| 363 | |||
| 364 | int dtls1_is_timer_expired(SSL *s) | ||
| 365 | { | ||
| 366 | struct timeval timeleft; | ||
| 367 | |||
| 368 | /* Get time left until timeout, return false if no timer running */ | ||
| 369 | if (dtls1_get_timeout(s, &timeleft) == NULL) | ||
| 370 | { | ||
| 371 | return 0; | ||
| 372 | } | ||
| 373 | |||
| 374 | /* Return false if timer is not expired yet */ | ||
| 375 | if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) | ||
| 376 | { | ||
| 377 | return 0; | ||
| 378 | } | ||
| 379 | |||
| 380 | /* Timer expired, so return true */ | ||
| 381 | return 1; | ||
| 382 | } | ||
| 383 | |||
| 384 | void dtls1_double_timeout(SSL *s) | ||
| 385 | { | ||
| 386 | s->d1->timeout_duration *= 2; | ||
| 387 | if (s->d1->timeout_duration > 60) | ||
| 388 | s->d1->timeout_duration = 60; | ||
| 389 | dtls1_start_timer(s); | ||
| 390 | } | ||
| 391 | |||
| 392 | void dtls1_stop_timer(SSL *s) | ||
| 393 | { | ||
| 394 | /* Reset everything */ | ||
| 395 | memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); | ||
| 396 | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | ||
| 397 | s->d1->timeout_duration = 1; | ||
| 398 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); | ||
| 399 | /* Clear retransmission buffer */ | ||
| 400 | dtls1_clear_record_buffer(s); | ||
| 401 | } | ||
| 402 | |||
| 403 | int dtls1_check_timeout_num(SSL *s) | ||
| 404 | { | ||
| 405 | s->d1->timeout.num_alerts++; | ||
| 406 | |||
| 407 | /* Reduce MTU after 2 unsuccessful retransmissions */ | ||
| 408 | if (s->d1->timeout.num_alerts > 2) | ||
| 409 | { | ||
| 410 | s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); | ||
| 411 | } | ||
| 412 | |||
| 413 | if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) | ||
| 414 | { | ||
| 415 | /* fail the connection, enough alerts have been sent */ | ||
| 416 | SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED); | ||
| 417 | return -1; | ||
| 418 | } | ||
| 419 | |||
| 420 | return 0; | ||
| 421 | } | ||
| 422 | |||
| 423 | int dtls1_handle_timeout(SSL *s) | ||
| 424 | { | ||
| 425 | /* if no timer is expired, don't do anything */ | ||
| 426 | if (!dtls1_is_timer_expired(s)) | ||
| 427 | { | ||
| 428 | return 0; | ||
| 429 | } | ||
| 430 | |||
| 431 | dtls1_double_timeout(s); | ||
| 432 | |||
| 433 | if (dtls1_check_timeout_num(s) < 0) | ||
| 434 | return -1; | ||
| 435 | |||
| 436 | s->d1->timeout.read_timeouts++; | ||
| 437 | if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) | ||
| 438 | { | ||
| 439 | s->d1->timeout.read_timeouts = 1; | ||
| 440 | } | ||
| 441 | |||
| 442 | #ifndef OPENSSL_NO_HEARTBEATS | ||
| 443 | if (s->tlsext_hb_pending) | ||
| 444 | { | ||
| 445 | s->tlsext_hb_pending = 0; | ||
| 446 | return dtls1_heartbeat(s); | ||
| 447 | } | ||
| 448 | #endif | ||
| 449 | |||
| 450 | dtls1_start_timer(s); | ||
| 451 | return dtls1_retransmit_buffered_messages(s); | ||
| 452 | } | ||
| 453 | |||
| 454 | static void get_current_time(struct timeval *t) | ||
| 455 | { | ||
| 456 | gettimeofday(t, NULL); | ||
| 457 | } | ||
| 458 | |||
| 459 | int dtls1_listen(SSL *s, struct sockaddr *client) | ||
| 460 | { | ||
| 461 | int ret; | ||
| 462 | |||
| 463 | SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); | ||
| 464 | s->d1->listen = 1; | ||
| 465 | |||
| 466 | ret = SSL_accept(s); | ||
| 467 | if (ret <= 0) return ret; | ||
| 468 | |||
| 469 | (void) BIO_dgram_get_peer(SSL_get_rbio(s), client); | ||
| 470 | return 1; | ||
| 471 | } | ||