📄 d1_both.c
字号:
/* TLSv1 sends a chain with nothing in it, instead of an alert */ buf=s->init_buf; if (!BUF_MEM_grow_clean(buf,10)) { SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); } if (x != NULL) { if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) { SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); return(0); } for (;;) { n=i2d_X509(x,NULL); if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) { SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); } p=(unsigned char *)&(buf->data[l]); l2n3(n,p); i2d_X509(x,&p); l+=n+3; if (X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)) == 0) break; i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509, X509_get_issuer_name(x),&obj); if (i <= 0) break; x=obj.data.x509; /* Count is one too high since the X509_STORE_get uped the * ref count */ X509_free(x); } X509_STORE_CTX_cleanup(&xs_ctx); } /* Thawte special :-) */ if (s->ctx->extra_certs != NULL) for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) { x=sk_X509_value(s->ctx->extra_certs,i); n=i2d_X509(x,NULL); if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) { SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); return(0); } p=(unsigned char *)&(buf->data[l]); l2n3(n,p); i2d_X509(x,&p); l+=n+3; } l-= (3 + DTLS1_HM_HEADER_LENGTH); p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); l2n3(l,p); l+=3; p=(unsigned char *)&(buf->data[0]); p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l); l+=DTLS1_HM_HEADER_LENGTH; return(l); }int dtls1_read_failed(SSL *s, int code) { DTLS1_STATE *state; BIO *bio; int send_alert = 0; if ( code > 0) { fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); return 1; } bio = SSL_get_rbio(s); if ( ! BIO_dgram_recv_timedout(bio)) { /* not a timeout, none of our business, let higher layers handle this. in fact it's probably an error */ return code; } if ( ! SSL_in_init(s)) /* done, no need to send a retransmit */ { BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); return code; } state = s->d1; state->timeout.num_alerts++; if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { /* fail the connection, enough alerts have been sent */ SSLerr(SSL_F_DTLS1_READ_FAILED,SSL_R_READ_TIMEOUT_EXPIRED); return 0; } state->timeout.read_timeouts++; if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { send_alert = 1; state->timeout.read_timeouts = 1; } #if 0 /* for now, each alert contains only one record number */ item = pqueue_peek(state->rcvd_records); if ( item ) { /* send an alert immediately for all the missing records */ } else#endif#if 0 /* no more alert sending, just retransmit the last set of messages */ if ( send_alert) ssl3_send_alert(s,SSL3_AL_WARNING, DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);#endif return dtls1_retransmit_buffered_messages(s) ; }static intdtls1_retransmit_buffered_messages(SSL *s) { pqueue sent = s->d1->sent_messages; piterator iter; pitem *item; hm_fragment *frag; int found = 0; iter = pqueue_iterator(sent); for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) { frag = (hm_fragment *)item->data; if ( dtls1_retransmit_message(s, frag->msg_header.seq, 0, &found) <= 0 && found) { fprintf(stderr, "dtls1_retransmit_message() failed\n"); return -1; } } return 1; }#if 0static dtls1_message_buffer *dtls1_message_buffer_new(unsigned int len) { dtls1_message_buffer *msg_buf; msg_buf = (dtls1_message_buffer *) OPENSSL_malloc(sizeof(dtls1_message_buffer)); if ( msg_buf == NULL) return NULL; memset(msg_buf, 0x00, sizeof(dtls1_message_buffer)); msg_buf->data = (unsigned char *) OPENSSL_malloc(len); if ( msg_buf->data == NULL) { OPENSSL_free(msg_buf); return NULL; } memset(msg_buf->data, 0x00, len); return msg_buf; }#endif#if 0static voiddtls1_message_buffer_free(dtls1_message_buffer *msg_buf) { if (msg_buf != NULL) { OPENSSL_free(msg_buf->data); OPENSSL_free(msg_buf); } }#endifintdtls1_buffer_message(SSL *s, int is_ccs) { pitem *item; hm_fragment *frag; PQ_64BIT seq64; /* this function is called immediately after a message has * been serialized */ OPENSSL_assert(s->init_off == 0); frag = dtls1_hm_fragment_new(s->init_num); memcpy(frag->fragment, s->init_buf->data, s->init_num); if ( is_ccs) { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); } else { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); } frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; frag->msg_header.seq = s->d1->w_msg_hdr.seq; frag->msg_header.type = s->d1->w_msg_hdr.type; frag->msg_header.frag_off = 0; frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; frag->msg_header.is_ccs = is_ccs; pq_64bit_init(&seq64); pq_64bit_assign_word(&seq64, frag->msg_header.seq); item = pitem_new(seq64, frag); pq_64bit_free(&seq64); if ( item == NULL) { dtls1_hm_fragment_free(frag); return 0; }#if 0 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type); fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len); fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);#endif pqueue_insert(s->d1->sent_messages, item); return 1; }intdtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, int *found) { int ret; /* XDTLS: for now assuming that read/writes are blocking */ pitem *item; hm_fragment *frag ; unsigned long header_length; PQ_64BIT seq64; /* OPENSSL_assert(s->init_num == 0); OPENSSL_assert(s->init_off == 0); */ /* XDTLS: the requested message ought to be found, otherwise error */ pq_64bit_init(&seq64); pq_64bit_assign_word(&seq64, seq); item = pqueue_find(s->d1->sent_messages, seq64); pq_64bit_free(&seq64); if ( item == NULL) { fprintf(stderr, "retransmit: message %d non-existant\n", seq); *found = 0; return 0; } *found = 1; frag = (hm_fragment *)item->data; if ( frag->msg_header.is_ccs) header_length = DTLS1_CCS_HEADER_LENGTH; else header_length = DTLS1_HM_HEADER_LENGTH; memcpy(s->init_buf->data, frag->fragment, frag->msg_header.msg_len + header_length); s->init_num = frag->msg_header.msg_len + header_length; dtls1_set_message_header_int(s, frag->msg_header.type, frag->msg_header.msg_len, frag->msg_header.seq, 0, frag->msg_header.frag_len); s->d1->retransmitting = 1; ret = dtls1_do_write(s, frag->msg_header.is_ccs ? SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); s->d1->retransmitting = 0; BIO_flush(SSL_get_wbio(s)); return ret; }/* call this function when the buffered messages are no longer needed */voiddtls1_clear_record_buffer(SSL *s) { pitem *item; for(item = pqueue_pop(s->d1->sent_messages); item != NULL; item = pqueue_pop(s->d1->sent_messages)) { dtls1_hm_fragment_free((hm_fragment *)item->data); pitem_free(item); } }unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len) { if ( frag_off == 0) { s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->d1->next_handshake_write_seq++; } dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, frag_off, frag_len); return p += DTLS1_HM_HEADER_LENGTH; }/* don't actually do the writing, wait till the MTU has been retrieved */static voiddtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; msg_hdr->type = mt; msg_hdr->msg_len = len; msg_hdr->seq = seq_num; msg_hdr->frag_off = frag_off; msg_hdr->frag_len = frag_len;}static voiddtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; msg_hdr->frag_off = frag_off; msg_hdr->frag_len = frag_len; }static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p) { struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; *p++ = msg_hdr->type; l2n3(msg_hdr->msg_len, p); s2n(msg_hdr->seq, p); l2n3(msg_hdr->frag_off, p); l2n3(msg_hdr->frag_len, p); return p; }static unsigned int dtls1_min_mtu(void) { return g_probable_mtu[(sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0])) - 1]; }static unsigned int dtls1_guess_mtu(unsigned int curr_mtu) { size_t i; if ( curr_mtu == 0 ) return g_probable_mtu[0] ; for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++) if ( curr_mtu > g_probable_mtu[i]) return g_probable_mtu[i]; return curr_mtu; }voiddtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) { memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); msg_hdr->type = *(data++); n2l3(data, msg_hdr->msg_len); n2s(data, msg_hdr->seq); n2l3(data, msg_hdr->frag_off); n2l3(data, msg_hdr->frag_len); }voiddtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) { memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); ccs_hdr->type = *(data++); n2s(data, ccs_hdr->seq);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -