1 /* $OpenBSD: d1_lib.c,v 1.65 2024/07/23 14:40:53 jsing Exp $ */
2 /*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6 /* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60 #include <sys/types.h>
61 #include <sys/socket.h>
62 #include <sys/time.h>
63
64 #include <netinet/in.h>
65
66 #include <stdio.h>
67
68 #include <openssl/objects.h>
69
70 #include "dtls_local.h"
71 #include "pqueue.h"
72 #include "ssl_local.h"
73
74 void dtls1_hm_fragment_free(hm_fragment *frag);
75
76 static int dtls1_listen(SSL *s, struct sockaddr *client);
77
78 int
dtls1_new(SSL * s)79 dtls1_new(SSL *s)
80 {
81 if (!ssl3_new(s))
82 goto err;
83
84 if ((s->d1 = calloc(1, sizeof(*s->d1))) == NULL)
85 goto err;
86
87 if ((s->d1->unprocessed_rcds.q = pqueue_new()) == NULL)
88 goto err;
89 if ((s->d1->buffered_messages = pqueue_new()) == NULL)
90 goto err;
91 if ((s->d1->sent_messages = pqueue_new()) == NULL)
92 goto err;
93 if ((s->d1->buffered_app_data.q = pqueue_new()) == NULL)
94 goto err;
95
96 if (s->server)
97 s->d1->cookie_len = sizeof(s->d1->cookie);
98
99 s->method->ssl_clear(s);
100 return (1);
101
102 err:
103 dtls1_free(s);
104 return (0);
105 }
106
107 static void
dtls1_drain_rcontents(pqueue queue)108 dtls1_drain_rcontents(pqueue queue)
109 {
110 DTLS1_RCONTENT_DATA_INTERNAL *rdata;
111 pitem *item;
112
113 if (queue == NULL)
114 return;
115
116 while ((item = pqueue_pop(queue)) != NULL) {
117 rdata = (DTLS1_RCONTENT_DATA_INTERNAL *)item->data;
118 tls_content_free(rdata->rcontent);
119 free(item->data);
120 pitem_free(item);
121 }
122 }
123
124 static void
dtls1_drain_records(pqueue queue)125 dtls1_drain_records(pqueue queue)
126 {
127 pitem *item;
128 DTLS1_RECORD_DATA_INTERNAL *rdata;
129
130 if (queue == NULL)
131 return;
132
133 while ((item = pqueue_pop(queue)) != NULL) {
134 rdata = (DTLS1_RECORD_DATA_INTERNAL *)item->data;
135 ssl3_release_buffer(&rdata->rbuf);
136 free(item->data);
137 pitem_free(item);
138 }
139 }
140
141 static void
dtls1_drain_fragments(pqueue queue)142 dtls1_drain_fragments(pqueue queue)
143 {
144 pitem *item;
145
146 if (queue == NULL)
147 return;
148
149 while ((item = pqueue_pop(queue)) != NULL) {
150 dtls1_hm_fragment_free(item->data);
151 pitem_free(item);
152 }
153 }
154
155 static void
dtls1_clear_queues(SSL * s)156 dtls1_clear_queues(SSL *s)
157 {
158 dtls1_drain_records(s->d1->unprocessed_rcds.q);
159 dtls1_drain_fragments(s->d1->buffered_messages);
160 dtls1_drain_fragments(s->d1->sent_messages);
161 dtls1_drain_rcontents(s->d1->buffered_app_data.q);
162 }
163
164 void
dtls1_free(SSL * s)165 dtls1_free(SSL *s)
166 {
167 if (s == NULL)
168 return;
169
170 ssl3_free(s);
171
172 if (s->d1 == NULL)
173 return;
174
175 dtls1_clear_queues(s);
176
177 pqueue_free(s->d1->unprocessed_rcds.q);
178 pqueue_free(s->d1->buffered_messages);
179 pqueue_free(s->d1->sent_messages);
180 pqueue_free(s->d1->buffered_app_data.q);
181
182 freezero(s->d1, sizeof(*s->d1));
183 s->d1 = NULL;
184 }
185
186 void
dtls1_clear(SSL * s)187 dtls1_clear(SSL *s)
188 {
189 pqueue unprocessed_rcds;
190 pqueue buffered_messages;
191 pqueue sent_messages;
192 pqueue buffered_app_data;
193 unsigned int mtu;
194
195 if (s->d1) {
196 unprocessed_rcds = s->d1->unprocessed_rcds.q;
197 buffered_messages = s->d1->buffered_messages;
198 sent_messages = s->d1->sent_messages;
199 buffered_app_data = s->d1->buffered_app_data.q;
200 mtu = s->d1->mtu;
201
202 dtls1_clear_queues(s);
203
204 memset(s->d1, 0, sizeof(*s->d1));
205
206 s->d1->unprocessed_rcds.epoch =
207 tls12_record_layer_read_epoch(s->rl) + 1;
208
209 if (s->server) {
210 s->d1->cookie_len = sizeof(s->d1->cookie);
211 }
212
213 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
214 s->d1->mtu = mtu;
215 }
216
217 s->d1->unprocessed_rcds.q = unprocessed_rcds;
218 s->d1->buffered_messages = buffered_messages;
219 s->d1->sent_messages = sent_messages;
220 s->d1->buffered_app_data.q = buffered_app_data;
221 }
222
223 ssl3_clear(s);
224
225 s->version = DTLS1_VERSION;
226 }
227
228 long
dtls1_ctrl(SSL * s,int cmd,long larg,void * parg)229 dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
230 {
231 int ret = 0;
232
233 switch (cmd) {
234 case DTLS_CTRL_GET_TIMEOUT:
235 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) {
236 ret = 1;
237 }
238 break;
239 case DTLS_CTRL_HANDLE_TIMEOUT:
240 ret = dtls1_handle_timeout(s);
241 break;
242 case DTLS_CTRL_LISTEN:
243 ret = dtls1_listen(s, parg);
244 break;
245
246 default:
247 ret = ssl3_ctrl(s, cmd, larg, parg);
248 break;
249 }
250 return (ret);
251 }
252
253 void
dtls1_start_timer(SSL * s)254 dtls1_start_timer(SSL *s)
255 {
256
257 /* If timer is not set, initialize duration with 1 second */
258 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
259 s->d1->timeout_duration = 1;
260 }
261
262 /* Set timeout to current time */
263 gettimeofday(&(s->d1->next_timeout), NULL);
264
265 /* Add duration to current time */
266 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
267 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
268 &s->d1->next_timeout);
269 }
270
271 struct timeval*
dtls1_get_timeout(SSL * s,struct timeval * timeleft)272 dtls1_get_timeout(SSL *s, struct timeval* timeleft)
273 {
274 struct timeval timenow;
275
276 /* If no timeout is set, just return NULL */
277 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
278 return NULL;
279 }
280
281 /* Get current time */
282 gettimeofday(&timenow, NULL);
283
284 /* If timer already expired, set remaining time to 0 */
285 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
286 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
287 s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
288 memset(timeleft, 0, sizeof(struct timeval));
289 return timeleft;
290 }
291
292 /* Calculate time left until timer expires */
293 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
294 timeleft->tv_sec -= timenow.tv_sec;
295 timeleft->tv_usec -= timenow.tv_usec;
296 if (timeleft->tv_usec < 0) {
297 timeleft->tv_sec--;
298 timeleft->tv_usec += 1000000;
299 }
300
301 /* If remaining time is less than 15 ms, set it to 0
302 * to prevent issues because of small devergences with
303 * socket timeouts.
304 */
305 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
306 memset(timeleft, 0, sizeof(struct timeval));
307 }
308
309
310 return timeleft;
311 }
312
313 int
dtls1_is_timer_expired(SSL * s)314 dtls1_is_timer_expired(SSL *s)
315 {
316 struct timeval timeleft;
317
318 /* Get time left until timeout, return false if no timer running */
319 if (dtls1_get_timeout(s, &timeleft) == NULL) {
320 return 0;
321 }
322
323 /* Return false if timer is not expired yet */
324 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
325 return 0;
326 }
327
328 /* Timer expired, so return true */
329 return 1;
330 }
331
332 void
dtls1_double_timeout(SSL * s)333 dtls1_double_timeout(SSL *s)
334 {
335 s->d1->timeout_duration *= 2;
336 if (s->d1->timeout_duration > 60)
337 s->d1->timeout_duration = 60;
338 dtls1_start_timer(s);
339 }
340
341 void
dtls1_stop_timer(SSL * s)342 dtls1_stop_timer(SSL *s)
343 {
344 /* Reset everything */
345 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
346 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
347 s->d1->timeout_duration = 1;
348 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
349 &(s->d1->next_timeout));
350 /* Clear retransmission buffer */
351 dtls1_clear_record_buffer(s);
352 }
353
354 int
dtls1_check_timeout_num(SSL * s)355 dtls1_check_timeout_num(SSL *s)
356 {
357 s->d1->timeout.num_alerts++;
358
359 /* Reduce MTU after 2 unsuccessful retransmissions */
360 if (s->d1->timeout.num_alerts > 2) {
361 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
362 BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
363
364 }
365
366 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
367 /* fail the connection, enough alerts have been sent */
368 SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED);
369 return -1;
370 }
371
372 return 0;
373 }
374
375 int
dtls1_handle_timeout(SSL * s)376 dtls1_handle_timeout(SSL *s)
377 {
378 /* if no timer is expired, don't do anything */
379 if (!dtls1_is_timer_expired(s)) {
380 return 0;
381 }
382
383 dtls1_double_timeout(s);
384
385 if (dtls1_check_timeout_num(s) < 0)
386 return -1;
387
388 s->d1->timeout.read_timeouts++;
389 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
390 s->d1->timeout.read_timeouts = 1;
391 }
392
393 dtls1_start_timer(s);
394 return dtls1_retransmit_buffered_messages(s);
395 }
396
397 int
dtls1_listen(SSL * s,struct sockaddr * client)398 dtls1_listen(SSL *s, struct sockaddr *client)
399 {
400 int ret;
401
402 /* Ensure there is no state left over from a previous invocation */
403 SSL_clear(s);
404
405 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
406 s->d1->listen = 1;
407
408 ret = SSL_accept(s);
409 if (ret <= 0)
410 return ret;
411
412 (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
413 return 1;
414 }
415