Lines Matching refs:ssl
206 static bool dtls1_is_current_message_complete(const SSL *ssl) { in dtls1_is_current_message_complete() argument
207 size_t idx = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT; in dtls1_is_current_message_complete()
208 DTLSIncomingMessage *frag = ssl->d1->incoming_messages[idx].get(); in dtls1_is_current_message_complete()
217 SSL *ssl, uint8_t *out_alert, const struct hm_header_st *msg_hdr) { in dtls1_get_incoming_message() argument
218 if (msg_hdr->seq < ssl->d1->handshake_read_seq || in dtls1_get_incoming_message()
219 msg_hdr->seq - ssl->d1->handshake_read_seq >= SSL_MAX_HANDSHAKE_FLIGHT) { in dtls1_get_incoming_message()
225 DTLSIncomingMessage *frag = ssl->d1->incoming_messages[idx].get(); in dtls1_get_incoming_message()
240 ssl->d1->incoming_messages[idx] = dtls_new_incoming_message(msg_hdr); in dtls1_get_incoming_message()
241 if (!ssl->d1->incoming_messages[idx]) { in dtls1_get_incoming_message()
245 return ssl->d1->incoming_messages[idx].get(); in dtls1_get_incoming_message()
248 bool dtls1_process_handshake_fragments(SSL *ssl, uint8_t *out_alert, in dtls1_process_handshake_fragments() argument
273 if (msg_hdr.seq < ssl->d1->handshake_read_seq || in dtls1_process_handshake_fragments()
274 ssl->d1->handshake_read_overflow) { in dtls1_process_handshake_fragments()
282 if (record_number.epoch() != ssl->d1->read_epoch.epoch || in dtls1_process_handshake_fragments()
283 ssl->d1->next_read_epoch != nullptr) { in dtls1_process_handshake_fragments()
294 if (msg_len > ssl_max_handshake_message_len(ssl)) { in dtls1_process_handshake_fragments()
300 if (SSL_in_init(ssl) && ssl_has_final_version(ssl) && in dtls1_process_handshake_fragments()
301 ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in dtls1_process_handshake_fragments()
314 if (msg_hdr.seq - ssl->d1->handshake_read_seq > SSL_MAX_HANDSHAKE_FLIGHT) { in dtls1_process_handshake_fragments()
321 dtls1_get_incoming_message(ssl, out_alert, &msg_hdr); in dtls1_process_handshake_fragments()
340 dtls1_stop_timer(ssl); in dtls1_process_handshake_fragments()
341 dtls_clear_outgoing_messages(ssl); in dtls1_process_handshake_fragments()
345 ssl->d1->records_to_ack.PushBack(record_number); in dtls1_process_handshake_fragments()
347 if (ssl_has_final_version(ssl) && in dtls1_process_handshake_fragments()
348 ssl_protocol_version(ssl) >= TLS1_3_VERSION && in dtls1_process_handshake_fragments()
349 !ssl->d1->ack_timer.IsSet() && !ssl->d1->sending_ack) { in dtls1_process_handshake_fragments()
358 OPENSSL_timeval now = ssl_ctx_get_current_time(ssl->ctx.get()); in dtls1_process_handshake_fragments()
359 ssl->d1->ack_timer.StartMicroseconds( in dtls1_process_handshake_fragments()
360 now, uint64_t{ssl->d1->timeout_duration_ms} * 1000 / 4); in dtls1_process_handshake_fragments()
367 ssl_open_record_t dtls1_open_handshake(SSL *ssl, size_t *out_consumed, in dtls1_open_handshake() argument
372 auto ret = dtls_open_record(ssl, &type, &record_number, &record, out_consumed, in dtls1_open_handshake()
400 if (record_number.epoch() != ssl->d1->read_epoch.epoch) { in dtls1_open_handshake()
406 ssl->d1->has_change_cipher_spec = true; in dtls1_open_handshake()
407 ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_CHANGE_CIPHER_SPEC, in dtls1_open_handshake()
412 return dtls1_process_ack(ssl, out_alert, record_number, record); in dtls1_open_handshake()
415 if (!dtls1_process_handshake_fragments(ssl, out_alert, record_number, in dtls1_open_handshake()
428 bool dtls1_get_message(const SSL *ssl, SSLMessage *out) { in dtls1_get_message() argument
429 if (!dtls1_is_current_message_complete(ssl)) { in dtls1_get_message()
433 size_t idx = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT; in dtls1_get_message()
434 const DTLSIncomingMessage *frag = ssl->d1->incoming_messages[idx].get(); in dtls1_get_message()
439 if (!ssl->s3->has_message) { in dtls1_get_message()
440 ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, out->raw); in dtls1_get_message()
441 ssl->s3->has_message = true; in dtls1_get_message()
446 void dtls1_next_message(SSL *ssl) { in dtls1_next_message() argument
447 assert(ssl->s3->has_message); in dtls1_next_message()
448 assert(dtls1_is_current_message_complete(ssl)); in dtls1_next_message()
449 size_t index = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT; in dtls1_next_message()
450 ssl->d1->incoming_messages[index].reset(); in dtls1_next_message()
451 ssl->d1->handshake_read_seq++; in dtls1_next_message()
452 if (ssl->d1->handshake_read_seq == 0) { in dtls1_next_message()
453 ssl->d1->handshake_read_overflow = true; in dtls1_next_message()
455 ssl->s3->has_message = false; in dtls1_next_message()
458 if (ssl->d1->outgoing_messages_complete) { in dtls1_next_message()
459 ssl->d1->flight_has_reply = true; in dtls1_next_message()
463 bool dtls_has_unprocessed_handshake_data(const SSL *ssl) { in dtls_has_unprocessed_handshake_data() argument
464 size_t current = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT; in dtls_has_unprocessed_handshake_data()
467 if (ssl->s3->has_message && i == current) { in dtls_has_unprocessed_handshake_data()
468 assert(dtls1_is_current_message_complete(ssl)); in dtls_has_unprocessed_handshake_data()
471 if (ssl->d1->incoming_messages[i] != nullptr) { in dtls_has_unprocessed_handshake_data()
494 ssl_open_record_t dtls1_open_change_cipher_spec(SSL *ssl, size_t *out_consumed, in dtls1_open_change_cipher_spec() argument
497 if (!ssl->d1->has_change_cipher_spec) { in dtls1_open_change_cipher_spec()
499 auto ret = dtls1_open_handshake(ssl, out_consumed, out_alert, in); in dtls1_open_change_cipher_spec()
504 if (ssl->d1->has_change_cipher_spec) { in dtls1_open_change_cipher_spec()
505 ssl->d1->has_change_cipher_spec = false; in dtls1_open_change_cipher_spec()
514 void dtls_clear_outgoing_messages(SSL *ssl) { in dtls_clear_outgoing_messages() argument
515 ssl->d1->outgoing_messages.clear(); in dtls_clear_outgoing_messages()
516 ssl->d1->sent_records = nullptr; in dtls_clear_outgoing_messages()
517 ssl->d1->outgoing_written = 0; in dtls_clear_outgoing_messages()
518 ssl->d1->outgoing_offset = 0; in dtls_clear_outgoing_messages()
519 ssl->d1->outgoing_messages_complete = false; in dtls_clear_outgoing_messages()
520 ssl->d1->flight_has_reply = false; in dtls_clear_outgoing_messages()
521 ssl->d1->sending_flight = false; in dtls_clear_outgoing_messages()
522 dtls_clear_unused_write_epochs(ssl); in dtls_clear_outgoing_messages()
525 void dtls_clear_unused_write_epochs(SSL *ssl) { in dtls_clear_unused_write_epochs() argument
526 ssl->d1->extra_write_epochs.EraseIf( in dtls_clear_unused_write_epochs()
527 [ssl](const UniquePtr<DTLSWriteEpoch> &write_epoch) -> bool { in dtls_clear_unused_write_epochs()
533 for (const auto &msg : ssl->d1->outgoing_messages) { in dtls_clear_unused_write_epochs()
542 bool dtls1_init_message(const SSL *ssl, CBB *cbb, CBB *body, uint8_t type) { in dtls1_init_message() argument
547 !CBB_add_u16(cbb, ssl->d1->handshake_write_seq) || // in dtls1_init_message()
556 bool dtls1_finish_message(const SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) { in dtls1_finish_message() argument
572 static bool add_outgoing(SSL *ssl, bool is_ccs, Array<uint8_t> data) { in add_outgoing() argument
573 if (ssl->d1->outgoing_messages_complete) { in add_outgoing()
576 dtls1_stop_timer(ssl); in add_outgoing()
577 dtls_clear_outgoing_messages(ssl); in add_outgoing()
581 if (ssl->d1->handshake_write_overflow) { in add_outgoing()
587 if (ssl->s3->hs != NULL && !ssl->s3->hs->transcript.Update(data)) { in add_outgoing()
591 ssl->d1->handshake_write_seq++; in add_outgoing()
592 if (ssl->d1->handshake_write_seq == 0) { in add_outgoing()
593 ssl->d1->handshake_write_overflow = true; in add_outgoing()
599 msg.epoch = ssl->d1->write_epoch.epoch(); in add_outgoing()
614 if (!ssl->d1->outgoing_messages.TryPushBack(std::move(msg))) { in add_outgoing()
623 bool dtls1_add_message(SSL *ssl, Array<uint8_t> data) { in dtls1_add_message() argument
624 return add_outgoing(ssl, false /* handshake */, std::move(data)); in dtls1_add_message()
627 bool dtls1_add_change_cipher_spec(SSL *ssl) { in dtls1_add_change_cipher_spec() argument
630 if (ssl_protocol_version(ssl) > TLS1_2_VERSION) { in dtls1_add_change_cipher_spec()
633 return add_outgoing(ssl, true /* ChangeCipherSpec */, Array<uint8_t>()); in dtls1_add_change_cipher_spec()
638 static void dtls1_update_mtu(SSL *ssl) { in dtls1_update_mtu() argument
642 if (ssl->d1->mtu < dtls1_min_mtu() && in dtls1_update_mtu()
643 !(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) { in dtls1_update_mtu()
644 long mtu = BIO_ctrl(ssl->wbio.get(), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); in dtls1_update_mtu()
646 ssl->d1->mtu = (unsigned)mtu; in dtls1_update_mtu()
648 ssl->d1->mtu = kDefaultMTU; in dtls1_update_mtu()
649 BIO_ctrl(ssl->wbio.get(), BIO_CTRL_DGRAM_SET_MTU, ssl->d1->mtu, NULL); in dtls1_update_mtu()
654 assert(ssl->d1->mtu >= dtls1_min_mtu()); in dtls1_update_mtu()
672 static seal_result_t seal_next_record(SSL *ssl, Span<uint8_t> out, in seal_next_record() argument
677 while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size() && in seal_next_record()
678 ssl->d1->outgoing_messages[ssl->d1->outgoing_written].IsFullyAcked()) { in seal_next_record()
679 ssl->d1->outgoing_offset = 0; in seal_next_record()
680 ssl->d1->outgoing_written++; in seal_next_record()
684 if (ssl->d1->outgoing_written >= ssl->d1->outgoing_messages.size()) { in seal_next_record()
688 const auto &first_msg = ssl->d1->outgoing_messages[ssl->d1->outgoing_written]; in seal_next_record()
689 size_t prefix_len = dtls_seal_prefix_len(ssl, first_msg.epoch); in seal_next_record()
690 size_t max_in_len = dtls_seal_max_input_len(ssl, first_msg.epoch, out.size()); in seal_next_record()
699 if (!dtls_seal_record(ssl, &record_number, out.data(), out_len, out.size(), in seal_next_record()
705 ssl_do_msg_callback(ssl, /*is_write=*/1, SSL3_RT_CHANGE_CIPHER_SPEC, in seal_next_record()
707 ssl->d1->outgoing_offset = 0; in seal_next_record()
708 ssl->d1->outgoing_written++; in seal_next_record()
724 sent_record.first_msg = ssl->d1->outgoing_written; in seal_next_record()
725 sent_record.first_msg_start = ssl->d1->outgoing_offset; in seal_next_record()
726 while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size()) { in seal_next_record()
727 const auto &msg = ssl->d1->outgoing_messages[ssl->d1->outgoing_written]; in seal_next_record()
750 auto range = msg.acked.NextUnmarkedRange(ssl->d1->outgoing_offset); in seal_next_record()
753 ssl->d1->outgoing_offset = 0; in seal_next_record()
754 ssl->d1->outgoing_written++; in seal_next_record()
790 ssl_do_msg_callback(ssl, /*is_write=*/1, SSL3_RT_HANDSHAKE, in seal_next_record()
793 ssl->d1->outgoing_offset = range.start + todo; in seal_next_record()
807 sent_record.last_msg = ssl->d1->outgoing_written; in seal_next_record()
808 sent_record.last_msg_end = ssl->d1->outgoing_offset; in seal_next_record()
816 if (!dtls_seal_record(ssl, &sent_record.number, out.data(), out_len, in seal_next_record()
824 if (ssl->s3->version == 0 || ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in seal_next_record()
825 if (ssl->d1->sent_records == nullptr) { in seal_next_record()
826 ssl->d1->sent_records = in seal_next_record()
828 if (ssl->d1->sent_records == nullptr) { in seal_next_record()
832 ssl->d1->sent_records->PushBack(sent_record); in seal_next_record()
841 static bool seal_next_packet(SSL *ssl, Span<uint8_t> out, size_t *out_len) { in seal_next_packet() argument
845 seal_result_t ret = seal_next_record(ssl, out, &len); in seal_next_packet()
866 static int send_flight(SSL *ssl) { in send_flight() argument
867 if (ssl->s3->write_shutdown != ssl_shutdown_none) { in send_flight()
872 if (ssl->wbio == nullptr) { in send_flight()
877 if (ssl->d1->num_timeouts > DTLS1_MAX_TIMEOUTS) { in send_flight()
882 dtls1_update_mtu(ssl); in send_flight()
885 if (!packet.InitForOverwrite(ssl->d1->mtu)) { in send_flight()
889 while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size()) { in send_flight()
890 uint8_t old_written = ssl->d1->outgoing_written; in send_flight()
891 uint32_t old_offset = ssl->d1->outgoing_offset; in send_flight()
894 if (!seal_next_packet(ssl, Span(packet), &packet_len)) { in send_flight()
899 ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size()) { in send_flight()
907 int bio_ret = BIO_write(ssl->wbio.get(), packet.data(), packet_len); in send_flight()
910 ssl->d1->outgoing_written = old_written; in send_flight()
911 ssl->d1->outgoing_offset = old_offset; in send_flight()
912 ssl->s3->rwstate = SSL_ERROR_WANT_WRITE; in send_flight()
918 if (BIO_flush(ssl->wbio.get()) <= 0) { in send_flight()
919 ssl->s3->rwstate = SSL_ERROR_WANT_WRITE; in send_flight()
926 void dtls1_finish_flight(SSL *ssl) { in dtls1_finish_flight() argument
927 if (ssl->d1->outgoing_messages.empty() || in dtls1_finish_flight()
928 ssl->d1->outgoing_messages_complete) { in dtls1_finish_flight()
932 if (ssl->d1->outgoing_messages[0].epoch <= 2) { in dtls1_finish_flight()
938 ssl->d1->records_to_ack.Clear(); in dtls1_finish_flight()
939 ssl->d1->ack_timer.Stop(); in dtls1_finish_flight()
940 ssl->d1->sending_ack = false; in dtls1_finish_flight()
943 ssl->d1->outgoing_messages_complete = true; in dtls1_finish_flight()
944 ssl->d1->sending_flight = true; in dtls1_finish_flight()
948 dtls1_stop_timer(ssl); in dtls1_finish_flight()
951 void dtls1_schedule_ack(SSL *ssl) { in dtls1_schedule_ack() argument
952 ssl->d1->ack_timer.Stop(); in dtls1_schedule_ack()
953 ssl->d1->sending_ack = !ssl->d1->records_to_ack.empty(); in dtls1_schedule_ack()
956 static int send_ack(SSL *ssl) { in send_ack() argument
957 assert(ssl_protocol_version(ssl) >= TLS1_3_VERSION); in send_ack()
961 dtls1_update_mtu(ssl); in send_ack()
963 dtls_seal_max_input_len(ssl, ssl->d1->write_epoch.epoch(), ssl->d1->mtu); in send_ack()
969 std::min((max_plaintext - 2) / 16, ssl->d1->records_to_ack.size()); in send_ack()
976 for (size_t i = ssl->d1->records_to_ack.size() - num_acks; in send_ack()
977 i < ssl->d1->records_to_ack.size(); i++) { in send_ack()
978 sorted.PushBack(ssl->d1->records_to_ack[i]); in send_ack()
997 if (!dtls_seal_record(ssl, &record_number, record, &record_len, in send_ack()
999 CBB_len(&cbb), ssl->d1->write_epoch.epoch())) { in send_ack()
1003 ssl_do_msg_callback(ssl, /*is_write=*/1, SSL3_RT_ACK, in send_ack()
1007 BIO_write(ssl->wbio.get(), record, static_cast<int>(record_len)); in send_ack()
1009 ssl->s3->rwstate = SSL_ERROR_WANT_WRITE; in send_ack()
1013 if (BIO_flush(ssl->wbio.get()) <= 0) { in send_ack()
1014 ssl->s3->rwstate = SSL_ERROR_WANT_WRITE; in send_ack()
1021 int dtls1_flush(SSL *ssl) { in dtls1_flush() argument
1023 if (ssl->d1->sending_ack) { in dtls1_flush()
1024 int ret = send_ack(ssl); in dtls1_flush()
1028 ssl->d1->sending_ack = false; in dtls1_flush()
1032 if (ssl->d1->sending_flight) { in dtls1_flush()
1033 int ret = send_flight(ssl); in dtls1_flush()
1039 ssl->d1->outgoing_written = 0; in dtls1_flush()
1040 ssl->d1->outgoing_offset = 0; in dtls1_flush()
1041 ssl->d1->sending_flight = false; in dtls1_flush()
1046 if (SSL_in_init(ssl) || ssl_protocol_version(ssl) >= TLS1_3_VERSION) { in dtls1_flush()
1047 if (ssl->d1->num_timeouts == 0) { in dtls1_flush()
1048 ssl->d1->timeout_duration_ms = ssl->initial_timeout_duration_ms; in dtls1_flush()
1050 ssl->d1->timeout_duration_ms = in dtls1_flush()
1051 std::min(ssl->d1->timeout_duration_ms * 2, uint32_t{60000}); in dtls1_flush()
1054 OPENSSL_timeval now = ssl_ctx_get_current_time(ssl->ctx.get()); in dtls1_flush()
1055 ssl->d1->retransmit_timer.StartMicroseconds( in dtls1_flush()
1056 now, uint64_t{ssl->d1->timeout_duration_ms} * 1000); in dtls1_flush()