dtls_method.cc
Go to the documentation of this file.
1 /*
2  * DTLS implementation written by Nagendra Modadugu
3  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
4  */
5 /* ====================================================================
6  * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  * notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  * notice, this list of conditions and the following disclaimer in
17  * the documentation and/or other materials provided with the
18  * distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  * software must display the following acknowledgment:
22  * "This product includes software developed by the OpenSSL Project
23  * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  * endorse or promote products derived from this software without
27  * prior written permission. For written permission, please contact
28  * openssl-core@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  * nor may "OpenSSL" appear in their names without prior written
32  * permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  * acknowledgment:
36  * "This product includes software developed by the OpenSSL Project
37  * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com). This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com). */
56 
57 #include <openssl/ssl.h>
58 
59 #include <assert.h>
60 #include <string.h>
61 
62 #include <openssl/err.h>
63 
64 #include "../crypto/internal.h"
65 #include "internal.h"
66 
67 
68 using namespace bssl;
69 
70 static void dtls1_on_handshake_complete(SSL *ssl) {
71  // Stop the reply timer left by the last flight we sent.
72  dtls1_stop_timer(ssl);
73  // If the final flight had a reply, we know the peer has received it. If not,
74  // we must leave the flight around for post-handshake retransmission.
75  if (ssl->d1->flight_has_reply) {
76  dtls_clear_outgoing_messages(ssl);
77  }
78 }
79 
80 static bool dtls1_set_read_state(SSL *ssl, ssl_encryption_level_t level,
81  UniquePtr<SSLAEADContext> aead_ctx,
82  Span<const uint8_t> secret_for_quic) {
83  assert(secret_for_quic.empty()); // QUIC does not use DTLS.
84  // Cipher changes are forbidden if the current epoch has leftover data.
85  if (dtls_has_unprocessed_handshake_data(ssl)) {
86  OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
87  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
88  return false;
89  }
90 
91  ssl->d1->r_epoch++;
92  OPENSSL_memset(&ssl->d1->bitmap, 0, sizeof(ssl->d1->bitmap));
93  OPENSSL_memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));
94 
95  ssl->s3->aead_read_ctx = std::move(aead_ctx);
96  ssl->s3->read_level = level;
97  ssl->d1->has_change_cipher_spec = 0;
98  return true;
99 }
100 
101 static bool dtls1_set_write_state(SSL *ssl, ssl_encryption_level_t level,
102  UniquePtr<SSLAEADContext> aead_ctx,
103  Span<const uint8_t> secret_for_quic) {
104  assert(secret_for_quic.empty()); // QUIC does not use DTLS.
105  ssl->d1->w_epoch++;
106  OPENSSL_memcpy(ssl->d1->last_write_sequence, ssl->s3->write_sequence,
107  sizeof(ssl->s3->write_sequence));
108  OPENSSL_memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence));
109 
110  ssl->d1->last_aead_write_ctx = std::move(ssl->s3->aead_write_ctx);
111  ssl->s3->aead_write_ctx = std::move(aead_ctx);
112  ssl->s3->write_level = level;
113  return true;
114 }
115 
116 static const SSL_PROTOCOL_METHOD kDTLSProtocolMethod = {
117  true /* is_dtls */,
118  dtls1_new,
119  dtls1_free,
120  dtls1_get_message,
121  dtls1_next_message,
122  dtls_has_unprocessed_handshake_data,
123  dtls1_open_handshake,
124  dtls1_open_change_cipher_spec,
125  dtls1_open_app_data,
126  dtls1_write_app_data,
127  dtls1_dispatch_alert,
128  dtls1_init_message,
129  dtls1_finish_message,
130  dtls1_add_message,
131  dtls1_add_change_cipher_spec,
132  dtls1_flush_flight,
133  dtls1_on_handshake_complete,
134  dtls1_set_read_state,
135  dtls1_set_write_state,
136 };
137 
138 const SSL_METHOD *DTLS_method(void) {
139  static const SSL_METHOD kMethod = {
140  0,
141  &kDTLSProtocolMethod,
142  &ssl_crypto_x509_method,
143  };
144  return &kMethod;
145 }
146 
147 const SSL_METHOD *DTLS_with_buffers_method(void) {
148  static const SSL_METHOD kMethod = {
149  0,
150  &kDTLSProtocolMethod,
151  &ssl_noop_x509_method,
152  };
153  return &kMethod;
154 }
155 
156 // Legacy version-locked methods.
157 
158 const SSL_METHOD *DTLSv1_2_method(void) {
159  static const SSL_METHOD kMethod = {
160  DTLS1_2_VERSION,
161  &kDTLSProtocolMethod,
162  &ssl_crypto_x509_method,
163  };
164  return &kMethod;
165 }
166 
167 const SSL_METHOD *DTLSv1_method(void) {
168  static const SSL_METHOD kMethod = {
169  DTLS1_VERSION,
170  &kDTLSProtocolMethod,
171  &ssl_crypto_x509_method,
172  };
173  return &kMethod;
174 }
175 
176 // Legacy side-specific methods.
177 
178 const SSL_METHOD *DTLSv1_2_server_method(void) {
179  return DTLSv1_2_method();
180 }
181 
182 const SSL_METHOD *DTLSv1_server_method(void) {
183  return DTLSv1_method();
184 }
185 
186 const SSL_METHOD *DTLSv1_2_client_method(void) {
187  return DTLSv1_2_method();
188 }
189 
190 const SSL_METHOD *DTLSv1_client_method(void) {
191  return DTLSv1_method();
192 }
193 
194 const SSL_METHOD *DTLS_server_method(void) {
195  return DTLS_method();
196 }
197 
198 const SSL_METHOD *DTLS_client_method(void) {
199  return DTLS_method();
200 }
ssl_send_alert
void ssl_send_alert(SSL *ssl, int level, int desc)
Definition: s3_pkt.cc:379
DTLS_client_method
const SSL_METHOD * DTLS_client_method(void)
Definition: dtls_method.cc:198
SSL_AD_UNEXPECTED_MESSAGE
#define SSL_AD_UNEXPECTED_MESSAGE
Definition: ssl.h:3795
DTLS_with_buffers_method
const SSL_METHOD * DTLS_with_buffers_method(void)
Definition: dtls_method.cc:147
DTLS1_2_VERSION
#define DTLS1_2_VERSION
Definition: ssl.h:656
dtls1_open_change_cipher_spec
ssl_open_record_t dtls1_open_change_cipher_spec(SSL *ssl, size_t *out_consumed, uint8_t *out_alert, Span< uint8_t > in)
Definition: d1_both.cc:470
dtls1_write_app_data
int dtls1_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in, int len)
Definition: d1_pkt.cc:189
DTLSv1_method
const SSL_METHOD * DTLSv1_method(void)
Definition: dtls_method.cc:167
dtls1_get_message
bool dtls1_get_message(const SSL *ssl, SSLMessage *out)
Definition: d1_both.cc:407
dtls1_set_read_state
static bool dtls1_set_read_state(SSL *ssl, ssl_encryption_level_t level, UniquePtr< SSLAEADContext > aead_ctx, Span< const uint8_t > secret_for_quic)
Definition: dtls_method.cc:80
OPENSSL_PUT_ERROR
#define OPENSSL_PUT_ERROR(library, reason)
Definition: err.h:423
internal.h
string.h
kDTLSProtocolMethod
static const SSL_PROTOCOL_METHOD kDTLSProtocolMethod
Definition: dtls_method.cc:116
SSL_R_EXCESS_HANDSHAKE_DATA
#define SSL_R_EXCESS_HANDSHAKE_DATA
Definition: ssl.h:5522
bssl
Definition: hpke_test.cc:37
DTLS_method
const SSL_METHOD * DTLS_method(void)
Definition: dtls_method.cc:138
OPENSSL_memset
static void * OPENSSL_memset(void *dst, int c, size_t n)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:835
ssl_noop_x509_method
const SSL_X509_METHOD ssl_noop_x509_method
Definition: tls_method.cc:203
dtls1_free
void dtls1_free(SSL *ssl)
Definition: d1_lib.cc:109
absl::move
constexpr absl::remove_reference_t< T > && move(T &&t) noexcept
Definition: abseil-cpp/absl/utility/utility.h:221
DTLSv1_server_method
const SSL_METHOD * DTLSv1_server_method(void)
Definition: dtls_method.cc:182
Span::empty
bool empty() const
Definition: boringssl-with-bazel/src/include/openssl/span.h:134
ssl_st
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3698
dtls1_flush_flight
int dtls1_flush_flight(SSL *ssl)
Definition: d1_both.cc:813
dtls1_add_message
bool dtls1_add_message(SSL *ssl, Array< uint8_t > data)
Definition: d1_both.cc:591
OPENSSL_memcpy
static void * OPENSSL_memcpy(void *dst, const void *src, size_t n)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:819
dtls1_on_handshake_complete
static void dtls1_on_handshake_complete(SSL *ssl)
Definition: dtls_method.cc:70
dtls1_dispatch_alert
int dtls1_dispatch_alert(SSL *ssl)
Definition: d1_pkt.cc:252
dtls1_open_app_data
BSSL_NAMESPACE_BEGIN ssl_open_record_t dtls1_open_app_data(SSL *ssl, Span< uint8_t > *out, size_t *out_consumed, uint8_t *out_alert, Span< uint8_t > in)
Definition: d1_pkt.cc:130
err.h
SSL_PROTOCOL_METHOD
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:2427
Span< const uint8_t >
dtls1_open_handshake
ssl_open_record_t dtls1_open_handshake(SSL *ssl, size_t *out_consumed, uint8_t *out_alert, Span< uint8_t > in)
Definition: d1_both.cc:296
SSL3_AL_FATAL
#define SSL3_AL_FATAL
Definition: ssl3.h:280
ssl.h
DTLSv1_2_client_method
const SSL_METHOD * DTLSv1_2_client_method(void)
Definition: dtls_method.cc:186
dtls1_set_write_state
static bool dtls1_set_write_state(SSL *ssl, ssl_encryption_level_t level, UniquePtr< SSLAEADContext > aead_ctx, Span< const uint8_t > secret_for_quic)
Definition: dtls_method.cc:101
ssl_st::s3
bssl::SSL3_STATE * s3
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3730
ssl_st::d1
bssl::DTLS1_STATE * d1
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3731
DTLSv1_2_server_method
const SSL_METHOD * DTLSv1_2_server_method(void)
Definition: dtls_method.cc:178
ssl_method_st
Definition: third_party/boringssl-with-bazel/src/ssl/internal.h:3392
dtls_clear_outgoing_messages
void dtls_clear_outgoing_messages(SSL *ssl)
Definition: d1_both.cc:495
dtls1_add_change_cipher_spec
bool dtls1_add_change_cipher_spec(SSL *ssl)
Definition: d1_both.cc:595
dtls_has_unprocessed_handshake_data
bool dtls_has_unprocessed_handshake_data(const SSL *ssl)
Definition: d1_both.cc:439
dtls1_init_message
bool dtls1_init_message(const SSL *ssl, CBB *cbb, CBB *body, uint8_t type)
Definition: d1_both.cc:506
dtls1_stop_timer
void dtls1_stop_timer(SSL *ssl)
Definition: d1_lib.cc:162
DTLSv1_2_method
const SSL_METHOD * DTLSv1_2_method(void)
Definition: dtls_method.cc:158
ssl_crypto_x509_method
const SSL_X509_METHOD ssl_crypto_x509_method
Definition: ssl_x509.cc:511
client.level
level
Definition: examples/python/async_streaming/client.py:118
DTLS1_VERSION
#define DTLS1_VERSION
Definition: ssl.h:655
DTLSv1_client_method
const SSL_METHOD * DTLSv1_client_method(void)
Definition: dtls_method.cc:190
dtls1_new
bool dtls1_new(SSL *ssl)
Definition: d1_lib.cc:88
DTLS_server_method
const SSL_METHOD * DTLS_server_method(void)
Definition: dtls_method.cc:194
dtls1_next_message
void dtls1_next_message(SSL *ssl)
Definition: d1_both.cc:425
dtls1_finish_message
bool dtls1_finish_message(const SSL *ssl, CBB *cbb, Array< uint8_t > *out_msg)
Definition: d1_both.cc:520

grpc
Author(s):
autogenerated on Thu Mar 13 2025 02:59:13