Lines Matching refs:ssl
250 static void dtls1_update_mtu(SSL *ssl) { in dtls1_update_mtu() argument
252 if (ssl->d1->mtu < dtls1_min_mtu() && in dtls1_update_mtu()
253 !(SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) { in dtls1_update_mtu()
254 long mtu = BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); in dtls1_update_mtu()
256 ssl->d1->mtu = (unsigned)mtu; in dtls1_update_mtu()
258 ssl->d1->mtu = kDefaultMTU; in dtls1_update_mtu()
259 BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SET_MTU, ssl->d1->mtu, NULL); in dtls1_update_mtu()
264 assert(ssl->d1->mtu >= dtls1_min_mtu()); in dtls1_update_mtu()
270 static size_t dtls1_max_record_size(SSL *ssl) { in dtls1_max_record_size() argument
271 size_t ret = ssl->d1->mtu; in dtls1_max_record_size()
273 size_t overhead = ssl_max_seal_overhead(ssl); in dtls1_max_record_size()
279 size_t pending = BIO_wpending(SSL_get_wbio(ssl)); in dtls1_max_record_size()
288 static int dtls1_write_change_cipher_spec(SSL *ssl, in dtls1_write_change_cipher_spec() argument
290 dtls1_update_mtu(ssl); in dtls1_write_change_cipher_spec()
294 if (dtls1_max_record_size(ssl) == 0) { in dtls1_write_change_cipher_spec()
295 ssl->rwstate = SSL_WRITING; in dtls1_write_change_cipher_spec()
296 int ret = BIO_flush(SSL_get_wbio(ssl)); in dtls1_write_change_cipher_spec()
300 ssl->rwstate = SSL_NOTHING; in dtls1_write_change_cipher_spec()
305 dtls1_write_bytes(ssl, SSL3_RT_CHANGE_CIPHER_SPEC, kChangeCipherSpec, in dtls1_write_change_cipher_spec()
311 if (ssl->msg_callback != NULL) { in dtls1_write_change_cipher_spec()
312 ssl->msg_callback(1 /* write */, ssl->version, SSL3_RT_CHANGE_CIPHER_SPEC, in dtls1_write_change_cipher_spec()
313 kChangeCipherSpec, sizeof(kChangeCipherSpec), ssl, in dtls1_write_change_cipher_spec()
314 ssl->msg_callback_arg); in dtls1_write_change_cipher_spec()
320 int dtls1_do_handshake_write(SSL *ssl, enum dtls1_use_epoch_t use_epoch) { in dtls1_do_handshake_write() argument
321 dtls1_update_mtu(ssl); in dtls1_do_handshake_write()
328 uint8_t *buf = OPENSSL_malloc(ssl->d1->mtu); in dtls1_do_handshake_write()
335 if (ssl->init_off == 0) { in dtls1_do_handshake_write()
336 ssl->init_off += DTLS1_HM_HEADER_LENGTH; in dtls1_do_handshake_write()
337 ssl->init_num -= DTLS1_HM_HEADER_LENGTH; in dtls1_do_handshake_write()
339 assert(ssl->init_off >= DTLS1_HM_HEADER_LENGTH); in dtls1_do_handshake_write()
344 if (dtls1_max_record_size(ssl) < DTLS1_HM_HEADER_LENGTH + 1) { in dtls1_do_handshake_write()
345 ssl->rwstate = SSL_WRITING; in dtls1_do_handshake_write()
346 int flush_ret = BIO_flush(SSL_get_wbio(ssl)); in dtls1_do_handshake_write()
351 ssl->rwstate = SSL_NOTHING; in dtls1_do_handshake_write()
352 assert(BIO_wpending(SSL_get_wbio(ssl)) == 0); in dtls1_do_handshake_write()
355 size_t todo = dtls1_max_record_size(ssl); in dtls1_do_handshake_write()
364 if (todo > (size_t)ssl->init_num) { in dtls1_do_handshake_write()
365 todo = ssl->init_num; in dtls1_do_handshake_write()
372 if (!CBB_init_fixed(&cbb, buf, ssl->d1->mtu) || in dtls1_do_handshake_write()
373 !CBB_add_u8(&cbb, ssl->d1->w_msg_hdr.type) || in dtls1_do_handshake_write()
374 !CBB_add_u24(&cbb, ssl->d1->w_msg_hdr.msg_len) || in dtls1_do_handshake_write()
375 !CBB_add_u16(&cbb, ssl->d1->w_msg_hdr.seq) || in dtls1_do_handshake_write()
376 !CBB_add_u24(&cbb, ssl->init_off - DTLS1_HM_HEADER_LENGTH) || in dtls1_do_handshake_write()
379 &cbb, (const uint8_t *)ssl->init_buf->data + ssl->init_off, todo) || in dtls1_do_handshake_write()
385 int write_ret = dtls1_write_bytes(ssl, SSL3_RT_HANDSHAKE, buf, len, in dtls1_do_handshake_write()
391 ssl->init_off += todo; in dtls1_do_handshake_write()
392 ssl->init_num -= todo; in dtls1_do_handshake_write()
393 } while (ssl->init_num > 0); in dtls1_do_handshake_write()
395 if (ssl->msg_callback != NULL) { in dtls1_do_handshake_write()
396 ssl->msg_callback( in dtls1_do_handshake_write()
397 1 /* write */, ssl->version, SSL3_RT_HANDSHAKE, ssl->init_buf->data, in dtls1_do_handshake_write()
398 (size_t)(ssl->init_off + ssl->init_num), ssl, ssl->msg_callback_arg); in dtls1_do_handshake_write()
401 ssl->init_off = 0; in dtls1_do_handshake_write()
402 ssl->init_num = 0; in dtls1_do_handshake_write()
414 static int dtls1_is_next_message_complete(SSL *ssl) { in dtls1_is_next_message_complete() argument
415 pitem *item = pqueue_peek(ssl->d1->buffered_messages); in dtls1_is_next_message_complete()
421 assert(ssl->d1->handshake_read_seq <= frag->msg_header.seq); in dtls1_is_next_message_complete()
423 return ssl->d1->handshake_read_seq == frag->msg_header.seq && in dtls1_is_next_message_complete()
432 static int dtls1_discard_fragment_body(SSL *ssl, size_t frag_len) { in dtls1_discard_fragment_body() argument
436 int ret = dtls1_read_bytes(ssl, SSL3_RT_HANDSHAKE, discard, chunk, 0); in dtls1_discard_fragment_body()
450 SSL *ssl, const struct hm_header_st *msg_hdr) { in dtls1_get_buffered_message() argument
455 pitem *item = pqueue_find(ssl->d1->buffered_messages, seq64be); in dtls1_get_buffered_message()
471 item = pqueue_insert(ssl->d1->buffered_messages, item); in dtls1_get_buffered_message()
483 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in dtls1_get_buffered_message()
493 static size_t dtls1_max_handshake_message_len(const SSL *ssl) { in dtls1_max_handshake_message_len() argument
495 if (max_len < ssl->max_cert_list) { in dtls1_max_handshake_message_len()
496 return ssl->max_cert_list; in dtls1_max_handshake_message_len()
503 static int dtls1_process_fragment(SSL *ssl) { in dtls1_process_fragment() argument
506 int ret = dtls1_read_bytes(ssl, SSL3_RT_HANDSHAKE, header, in dtls1_process_fragment()
513 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); in dtls1_process_fragment()
528 msg_len > dtls1_max_handshake_message_len(ssl) || in dtls1_process_fragment()
529 frag_len > ssl->s3->rrec.length) { in dtls1_process_fragment()
531 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); in dtls1_process_fragment()
535 if (msg_hdr.seq < ssl->d1->handshake_read_seq || in dtls1_process_fragment()
536 msg_hdr.seq > (unsigned)ssl->d1->handshake_read_seq + in dtls1_process_fragment()
539 if (!dtls1_discard_fragment_body(ssl, frag_len)) { in dtls1_process_fragment()
545 hm_fragment *frag = dtls1_get_buffered_message(ssl, &msg_hdr); in dtls1_process_fragment()
553 if (!dtls1_discard_fragment_body(ssl, frag_len)) { in dtls1_process_fragment()
561 ret = dtls1_read_bytes(ssl, SSL3_RT_HANDSHAKE, frag->fragment + frag_off, in dtls1_process_fragment()
565 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); in dtls1_process_fragment()
576 long dtls1_get_message(SSL *ssl, int st1, int stn, int msg_type, long max, in dtls1_get_message() argument
584 if (ssl->s3->tmp.reuse_message) { in dtls1_get_message()
589 ssl->s3->tmp.reuse_message = 0; in dtls1_get_message()
590 if (msg_type >= 0 && ssl->s3->tmp.message_type != msg_type) { in dtls1_get_message()
596 ssl->init_msg = (uint8_t *)ssl->init_buf->data + DTLS1_HM_HEADER_LENGTH; in dtls1_get_message()
597 ssl->init_num = (int)ssl->s3->tmp.message_size; in dtls1_get_message()
598 return ssl->init_num; in dtls1_get_message()
602 while (!dtls1_is_next_message_complete(ssl)) { in dtls1_get_message()
603 int ret = dtls1_process_fragment(ssl); in dtls1_get_message()
611 item = pqueue_pop(ssl->d1->buffered_messages); in dtls1_get_message()
614 assert(ssl->d1->handshake_read_seq == frag->msg_header.seq); in dtls1_get_message()
626 if (!BUF_MEM_grow(ssl->init_buf, (size_t)frag->msg_header.msg_len + in dtls1_get_message()
628 !CBB_init_fixed(&cbb, (uint8_t *)ssl->init_buf->data, in dtls1_get_message()
629 ssl->init_buf->max) || in dtls1_get_message()
643 ssl->d1->handshake_read_seq++; in dtls1_get_message()
647 ssl->s3->tmp.message_type = frag->msg_header.type; in dtls1_get_message()
648 ssl->s3->tmp.message_size = frag->msg_header.msg_len; in dtls1_get_message()
649 ssl->init_msg = (uint8_t *)ssl->init_buf->data + DTLS1_HM_HEADER_LENGTH; in dtls1_get_message()
650 ssl->init_num = frag->msg_header.msg_len; in dtls1_get_message()
652 if (msg_type >= 0 && ssl->s3->tmp.message_type != msg_type) { in dtls1_get_message()
657 if (hash_message == ssl_hash_message && !ssl3_hash_current_message(ssl)) { in dtls1_get_message()
660 if (ssl->msg_callback) { in dtls1_get_message()
661 ssl->msg_callback(0, ssl->version, SSL3_RT_HANDSHAKE, ssl->init_buf->data, in dtls1_get_message()
662 ssl->init_num + DTLS1_HM_HEADER_LENGTH, ssl, in dtls1_get_message()
663 ssl->msg_callback_arg); in dtls1_get_message()
669 ssl->state = stn; in dtls1_get_message()
671 return ssl->init_num; in dtls1_get_message()
674 ssl3_send_alert(ssl, SSL3_AL_FATAL, al); in dtls1_get_message()
682 int dtls1_read_failed(SSL *ssl, int code) { in dtls1_read_failed() argument
688 if (!dtls1_is_timer_expired(ssl)) { in dtls1_read_failed()
694 if (!SSL_in_init(ssl)) { in dtls1_read_failed()
696 BIO_set_flags(SSL_get_rbio(ssl), BIO_FLAGS_READ); in dtls1_read_failed()
700 return DTLSv1_handle_timeout(ssl); in dtls1_read_failed()
717 static int dtls1_retransmit_message(SSL *ssl, hm_fragment *frag) { in dtls1_retransmit_message() argument
720 assert(ssl->d1->w_epoch == 0 || ssl->d1->w_epoch == 1); in dtls1_retransmit_message()
721 assert(frag->msg_header.epoch <= ssl->d1->w_epoch); in dtls1_retransmit_message()
723 if (ssl->d1->w_epoch == 1 && frag->msg_header.epoch == 0) { in dtls1_retransmit_message()
730 ret = dtls1_write_change_cipher_spec(ssl, use_epoch); in dtls1_retransmit_message()
734 memcpy(ssl->init_buf->data, frag->fragment, in dtls1_retransmit_message()
736 ssl->init_num = frag->msg_header.msg_len + DTLS1_HM_HEADER_LENGTH; in dtls1_retransmit_message()
738 dtls1_set_message_header(ssl, frag->msg_header.type, in dtls1_retransmit_message()
741 ret = dtls1_do_handshake_write(ssl, use_epoch); in dtls1_retransmit_message()
745 (void)BIO_flush(SSL_get_wbio(ssl)); in dtls1_retransmit_message()
750 int dtls1_retransmit_buffered_messages(SSL *ssl) { in dtls1_retransmit_buffered_messages() argument
751 pqueue sent = ssl->d1->sent_messages; in dtls1_retransmit_buffered_messages()
757 if (dtls1_retransmit_message(ssl, frag) <= 0) { in dtls1_retransmit_buffered_messages()
768 static int dtls1_buffer_change_cipher_spec(SSL *ssl, uint16_t seq) { in dtls1_buffer_change_cipher_spec() argument
775 frag->msg_header.epoch = ssl->d1->w_epoch; in dtls1_buffer_change_cipher_spec()
789 pqueue_insert(ssl->d1->sent_messages, item); in dtls1_buffer_change_cipher_spec()
793 int dtls1_buffer_message(SSL *ssl) { in dtls1_buffer_message() argument
796 assert(ssl->init_off == 0); in dtls1_buffer_message()
798 hm_fragment *frag = dtls1_hm_fragment_new(ssl->init_num, 0); in dtls1_buffer_message()
803 memcpy(frag->fragment, ssl->init_buf->data, ssl->init_num); in dtls1_buffer_message()
805 assert(ssl->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == in dtls1_buffer_message()
806 (unsigned int)ssl->init_num); in dtls1_buffer_message()
808 frag->msg_header.msg_len = ssl->d1->w_msg_hdr.msg_len; in dtls1_buffer_message()
809 frag->msg_header.seq = ssl->d1->w_msg_hdr.seq; in dtls1_buffer_message()
810 frag->msg_header.type = ssl->d1->w_msg_hdr.type; in dtls1_buffer_message()
812 frag->msg_header.frag_len = ssl->d1->w_msg_hdr.msg_len; in dtls1_buffer_message()
814 frag->msg_header.epoch = ssl->d1->w_epoch; in dtls1_buffer_message()
829 pqueue_insert(ssl->d1->sent_messages, item); in dtls1_buffer_message()
833 int dtls1_send_change_cipher_spec(SSL *ssl, int a, int b) { in dtls1_send_change_cipher_spec() argument
834 if (ssl->state == a) { in dtls1_send_change_cipher_spec()
836 ssl->d1->handshake_write_seq = ssl->d1->next_handshake_write_seq; in dtls1_send_change_cipher_spec()
837 dtls1_buffer_change_cipher_spec(ssl, ssl->d1->handshake_write_seq); in dtls1_send_change_cipher_spec()
838 ssl->state = b; in dtls1_send_change_cipher_spec()
841 return dtls1_write_change_cipher_spec(ssl, dtls1_use_current_epoch); in dtls1_send_change_cipher_spec()
845 void dtls1_clear_record_buffer(SSL *ssl) { in dtls1_clear_record_buffer() argument
848 for (item = pqueue_pop(ssl->d1->sent_messages); item != NULL; in dtls1_clear_record_buffer()
849 item = pqueue_pop(ssl->d1->sent_messages)) { in dtls1_clear_record_buffer()
856 void dtls1_set_message_header(SSL *ssl, uint8_t mt, unsigned long len, in dtls1_set_message_header() argument
859 struct hm_header_st *msg_hdr = &ssl->d1->w_msg_hdr; in dtls1_set_message_header()