自学教程：C++ BIO_dgram_is_sctp函数代码示例

int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len){    int i;#ifndef OPENSSL_NO_SCTP    /*     * Check if we have to continue an interrupted handshake for reading     * belated app data with SCTP.     */    if ((SSL_in_init(s) && !s->in_handshake) ||        (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&         (s->state == DTLS1_SCTP_ST_SR_READ_SOCK          || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))#else    if (SSL_in_init(s) && !s->in_handshake)#endif    {        i = s->handshake_func(s);        if (i < 0)            return (i);        if (i == 0) {            SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,                   SSL_R_SSL_HANDSHAKE_FAILURE);            return -1;        }    }    if (len > SSL3_RT_MAX_PLAIN_LENGTH) {        SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);        return -1;    }    i = dtls1_write_bytes(s, type, buf_, len);    return i;}

int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority){    DTLS1_RECORD_DATA *rdata;    pitem *item;    /* Limit the size of the queue to prevent DOS attacks */    if (pqueue_size(queue->q) >= 100)        return 0;    rdata = OPENSSL_malloc(sizeof(*rdata));    item = pitem_new(priority, rdata);    if (rdata == NULL || item == NULL) {        OPENSSL_free(rdata);        pitem_free(item);        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);        return -1;    }    rdata->packet = s->rlayer.packet;    rdata->packet_length = s->rlayer.packet_length;    memcpy(&(rdata->rbuf), &s->rlayer.rbuf, sizeof(SSL3_BUFFER));    memcpy(&(rdata->rrec), &s->rlayer.rrec, sizeof(SSL3_RECORD));    item->data = rdata;#ifndef OPENSSL_NO_SCTP    /* Store bio_dgram_sctp_rcvinfo struct */    if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&        (SSL_get_state(s) == TLS_ST_SR_FINISHED         || SSL_get_state(s) == TLS_ST_CR_FINISHED)) {        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,                 sizeof(rdata->recordinfo), &rdata->recordinfo);    }#endif    s->rlayer.packet = NULL;    s->rlayer.packet_length = 0;    memset(&s->rlayer.rbuf, 0, sizeof(s->rlayer.rbuf));    memset(&s->rlayer.rrec, 0, sizeof(s->rlayer.rrec));    if (!ssl3_setup_buffers(s)) {        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);        OPENSSL_free(rdata->rbuf.buf);        OPENSSL_free(rdata);        pitem_free(item);        return (-1);    }    /* insert should not fail, since duplicates are dropped */    if (pqueue_insert(queue->q, item) == NULL) {        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);        OPENSSL_free(rdata->rbuf.buf);        OPENSSL_free(rdata);        pitem_free(item);        return (-1);    }    return (1);}

void dtls1_start_timer(SSL *s){#ifndef OPENSSL_NO_SCTP    /* Disable timer for SCTP */    if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {        memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));        return;    }#endif    /* If timer is not set, initialize duration with 1 second */    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {        s->d1->timeout_duration = 1;    }    /* Set timeout to current time */    get_current_time(&(s->d1->next_timeout));    /* Add duration to current time */    s->d1->next_timeout.tv_sec += s->d1->timeout_duration;    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,             &(s->d1->next_timeout));}

int dtls1_shutdown(SSL *s){    int ret;#ifndef OPENSSL_NO_SCTP    BIO *wbio;    wbio = SSL_get_wbio(s);    if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&        !(s->shutdown & SSL_SENT_SHUTDOWN)) {        ret = BIO_dgram_sctp_wait_for_dry(wbio);        if (ret < 0)            return -1;        if (ret == 0)            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1,                     NULL);    }#endif    ret = ssl3_shutdown(s);#ifndef OPENSSL_NO_SCTP    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);#endif    return ret;}

//.........这里部分代码省略.........				}			s->type=SSL_ST_ACCEPT;			if (s->init_buf == NULL)				{				if ((buf=BUF_MEM_new()) == NULL)					{					ret= -1;					goto end;					}				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))					{					ret= -1;					goto end;					}				s->init_buf=buf;				}			if (!ssl3_setup_buffers(s))				{				ret= -1;				goto end;				}			s->init_num=0;			if (s->state != SSL_ST_RENEGOTIATE)				{				/* Ok, we now need to push on a buffering BIO so that				 * the output is sent in a way that TCP likes :-)				 * ...but not with SCTP :-)				 */#ifndef OPENSSL_NO_SCTP				if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))#endif					if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }				ssl3_init_finished_mac(s);				s->state=SSL3_ST_SR_CLNT_HELLO_A;				s->ctx->stats.sess_accept++;				}			else				{				/* s->state == SSL_ST_RENEGOTIATE,				 * we will just send a HelloRequest */				s->ctx->stats.sess_accept_renegotiate++;				s->state=SSL3_ST_SW_HELLO_REQ_A;				}			break;		case SSL3_ST_SW_HELLO_REQ_A:		case SSL3_ST_SW_HELLO_REQ_B:			s->shutdown=0;			dtls1_clear_record_buffer(s);			dtls1_start_timer(s);			ret=ssl3_send_hello_request(s);			if (ret <= 0) goto end;			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;			s->state=SSL3_ST_SW_FLUSH;			s->init_num=0;			ssl3_init_finished_mac(s);			break;

//.........这里部分代码省略.........				BIO_set_retry_read(SSL_get_rbio(s));				ret = -1;				goto end;			}			s->state=s->d1->next_state;			break;#endif		case SSL3_ST_CW_CLNT_HELLO_A:		case SSL3_ST_CW_CLNT_HELLO_B:			s->shutdown=0;			/* every DTLS ClientHello resets Finished MAC */			ssl3_init_finished_mac(s);			dtls1_start_timer(s);			ret=dtls1_client_hello(s);			if (ret <= 0) goto end;			if ( s->d1->send_cookie)				{				s->state=SSL3_ST_CW_FLUSH;				s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;				}			else				s->state=SSL3_ST_CR_SRVR_HELLO_A;			s->init_num=0;#ifndef OPENSSL_NO_SCTP			/* Disable buffering for SCTP */			if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))				{#endif				/* turn on buffering for the next lot of output */				if (s->bbio != s->wbio)					s->wbio=BIO_push(s->bbio,s->wbio);#ifndef OPENSSL_NO_SCTP				}#endif			break;		case SSL3_ST_CR_SRVR_HELLO_A:		case SSL3_ST_CR_SRVR_HELLO_B:			ret=ssl3_get_server_hello(s);			if (ret <= 0) goto end;			else				{				if (s->hit)					{#ifndef OPENSSL_NO_SCTP					/* Add new shared key for SCTP-Auth,					 * will be ignored if no SCTP used.					 */					snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),					         DTLS1_SCTP_AUTH_LABEL);					SSL_export_keying_material(s, sctpauthkey,					                           sizeof(sctpauthkey), labelbuffer,					                           sizeof(labelbuffer), NULL, 0, 0);					BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,							 sizeof(sctpauthkey), sctpauthkey);

/*- * Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) *   -  0 (during a shutdown, no data has to be returned) * * If we don't have stored data to work from, read a SSL/TLS record first * (possibly multiple records if we still don't have anything to return). * * This function must handle any surprises the peer may have for us, such as * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec * messages are treated as if they were handshake messages *if* the |recd_type| * argument is non NULL. * Also if record payloads contain fragments too small to process, we store * them until there is enough for the respective protocol (the record protocol * may use arbitrary fragmentation and even interleaving): *     Change cipher spec protocol *             just 1 byte needed, no need for keeping anything stored *     Alert protocol *             2 bytes needed (AlertLevel, AlertDescription) *     Handshake protocol *             4 bytes needed (HandshakeType, uint24 length) -- we just have *             to detect unexpected Client Hello and Hello Request messages *             here, anything else is handled by higher layers *     Application data protocol *             none of our business */int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,                     size_t len, int peek, size_t *readbytes){    int i, j, iret;    size_t n;    SSL3_RECORD *rr;    void (*cb) (const SSL *ssl, int type2, int val) = NULL;    if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) {        /* Not initialized yet */        if (!ssl3_setup_buffers(s)) {            /* SSLfatal() already called */            return -1;        }    }    if ((type && (type != SSL3_RT_APPLICATION_DATA) &&         (type != SSL3_RT_HANDSHAKE)) ||        (peek && (type != SSL3_RT_APPLICATION_DATA))) {        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES,                 ERR_R_INTERNAL_ERROR);        return -1;    }    if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {        /* type == SSL3_RT_APPLICATION_DATA */        i = s->handshake_func(s);        /* SSLfatal() already called if appropriate */        if (i < 0)            return i;        if (i == 0)            return -1;    } start:    s->rwstate = SSL_NOTHING;    /*-     * s->s3.rrec.type     - is the type of record     * s->s3.rrec.data,    - data     * s->s3.rrec.off,     - offset into 'data' for next read     * s->s3.rrec.length,  - number of bytes.     */    rr = s->rlayer.rrec;    /*     * We are not handshaking and have no data yet, so process data buffered     * during the last handshake in advance, if any.     */    if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) {        pitem *item;        item = pqueue_pop(s->rlayer.d->buffered_app_data.q);        if (item) {#ifndef OPENSSL_NO_SCTP            /* Restore bio_dgram_sctp_rcvinfo struct */            if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {                DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data;                BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,                         sizeof(rdata->recordinfo), &rdata->recordinfo);            }#endif            dtls1_copy_record(s, item);            OPENSSL_free(item->data);            pitem_free(item);        }    }    /* Check for timeout */    if (dtls1_handle_timeout(s) > 0) {//.........这里部分代码省略.........

int dtls1_process_buffered_records(SSL *s){    pitem *item;    SSL3_BUFFER *rb;    SSL3_RECORD *rr;    DTLS1_BITMAP *bitmap;    unsigned int is_next_epoch;    int replayok = 1;    item = pqueue_peek(s->rlayer.d->unprocessed_rcds.q);    if (item) {        /* Check if epoch is current. */        if (s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch)            return 1;         /* Nothing to do. */        rr = RECORD_LAYER_get_rrec(&s->rlayer);        rb = RECORD_LAYER_get_rbuf(&s->rlayer);        if (SSL3_BUFFER_get_left(rb) > 0) {            /*             * We've still got data from the current packet to read. There could             * be a record from the new epoch in it - so don't overwrite it             * with the unprocessed records yet (we'll do it when we've             * finished reading the current packet).             */            return 1;        }        /* Process all the records. */        while (pqueue_peek(s->rlayer.d->unprocessed_rcds.q)) {            dtls1_get_unprocessed_record(s);            bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);            if (bitmap == NULL) {                /*                 * Should not happen. This will only ever be NULL when the                 * current record is from a different epoch. But that cannot                 * be the case because we already checked the epoch above                 */                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,                          SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,                          ERR_R_INTERNAL_ERROR);                 return 0;            }#ifndef OPENSSL_NO_SCTP            /* Only do replay check if no SCTP bio */            if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))#endif            {                /*                 * Check whether this is a repeat, or aged record. We did this                 * check once already when we first received the record - but                 * we might have updated the window since then due to                 * records we subsequently processed.                 */                replayok = dtls1_record_replay_check(s, bitmap);            }            if (!replayok || !dtls1_process_record(s, bitmap)) {                if (ossl_statem_in_error(s)) {                    /* dtls1_process_record called SSLfatal() */                    return -1;                }                /* dump this record */                rr->length = 0;                RECORD_LAYER_reset_packet_length(&s->rlayer);                continue;            }            if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),                    SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) {                /* SSLfatal() already called */                return 0;            }        }    }    /*     * sync epoch numbers once all the unprocessed records have been     * processed     */    s->rlayer.d->processed_rcds.epoch = s->rlayer.d->r_epoch;    s->rlayer.d->unprocessed_rcds.epoch = s->rlayer.d->r_epoch + 1;    return 1;}

/*- * Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) *   -  0 (during a shutdown, no data has to be returned) * * If we don't have stored data to work from, read a SSL/TLS record first * (possibly multiple records if we still don't have anything to return). * * This function must handle any surprises the peer may have for us, such as * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec * messages are treated as if they were handshake messages *if* the |recd_type| * argument is non NULL. * Also if record payloads contain fragments too small to process, we store * them until there is enough for the respective protocol (the record protocol * may use arbitrary fragmentation and even interleaving): *     Change cipher spec protocol *             just 1 byte needed, no need for keeping anything stored *     Alert protocol *             2 bytes needed (AlertLevel, AlertDescription) *     Handshake protocol *             4 bytes needed (HandshakeType, uint24 length) -- we just have *             to detect unexpected Client Hello and Hello Request messages *             here, anything else is handled by higher layers *     Application data protocol *             none of our business */int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,                     int len, int peek){    int al, i, j, ret;    unsigned int n;    SSL3_RECORD *rr;    void (*cb) (const SSL *ssl, int type2, int val) = NULL;    if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) {        /* Not initialized yet */        if (!ssl3_setup_buffers(s))            return (-1);    }    if ((type && (type != SSL3_RT_APPLICATION_DATA) &&         (type != SSL3_RT_HANDSHAKE)) ||        (peek && (type != SSL3_RT_APPLICATION_DATA))) {        SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);        return -1;    }    /*     * check whether there's a handshake message (client hello?) waiting     */    if ((ret = have_handshake_fragment(s, type, buf, len))) {        *recvd_type = SSL3_RT_HANDSHAKE;        return ret;    }    /*     * Now s->rlayer.d->handshake_fragment_len == 0 if     * type == SSL3_RT_HANDSHAKE.     */    if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s))    {        /* type == SSL3_RT_APPLICATION_DATA */        i = s->handshake_func(s);        if (i < 0)            return (i);        if (i == 0) {            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);            return (-1);        }    } start:    s->rwstate = SSL_NOTHING;    /*-     * s->s3->rrec.type         - is the type of record     * s->s3->rrec.data,    - data     * s->s3->rrec.off,     - offset into 'data' for next read     * s->s3->rrec.length,  - number of bytes.     */    rr = s->rlayer.rrec;    /*     * We are not handshaking and have no data yet, so process data buffered     * during the last handshake in advance, if any.     */    if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) {        pitem *item;        item = pqueue_pop(s->rlayer.d->buffered_app_data.q);        if (item) {#ifndef OPENSSL_NO_SCTP            /* Restore bio_dgram_sctp_rcvinfo struct */            if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {                DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data;                BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,                         sizeof(rdata->recordinfo), &rdata->recordinfo);//.........这里部分代码省略.........

intdtls1_accept(SSL *s){	void (*cb)(const SSL *ssl, int type, int val) = NULL;	unsigned long alg_k;	int ret = -1;	int new_state, state, skip = 0;	int listen;#ifndef OPENSSL_NO_SCTP	unsigned char sctpauthkey[64];	char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];#endif	ERR_clear_error();	errno = 0;	if (s->info_callback != NULL)		cb = s->info_callback;	else if (s->ctx->info_callback != NULL)		cb = s->ctx->info_callback;	listen = s->d1->listen;	/* init things to blank */	s->in_handshake++;	if (!SSL_in_init(s) || SSL_in_before(s))		SSL_clear(s);	s->d1->listen = listen;#ifndef OPENSSL_NO_SCTP	/* Notify SCTP BIO socket to enter handshake	 * mode and prevent stream identifier other	 * than 0. Will be ignored if no SCTP is used.	 */	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,	    s->in_handshake, NULL);#endif	if (s->cert == NULL) {		SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);		return (-1);	}	for (;;) {		state = s->state;		switch (s->state) {		case SSL_ST_RENEGOTIATE:			s->renegotiate = 1;			/* s->state=SSL_ST_ACCEPT; */		case SSL_ST_BEFORE:		case SSL_ST_ACCEPT:		case SSL_ST_BEFORE|SSL_ST_ACCEPT:		case SSL_ST_OK|SSL_ST_ACCEPT:			s->server = 1;			if (cb != NULL)				cb(s, SSL_CB_HANDSHAKE_START, 1);			if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {				SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);				return -1;			}			s->type = SSL_ST_ACCEPT;			if (s->init_buf == NULL) {				BUF_MEM *buf;				if ((buf = BUF_MEM_new()) == NULL) {					ret = -1;					goto end;				}				if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {					BUF_MEM_free(buf);					ret = -1;					goto end;				}				s->init_buf = buf;			}			if (!ssl3_setup_buffers(s)) {				ret = -1;				goto end;			}			s->init_num = 0;			if (s->state != SSL_ST_RENEGOTIATE) {				/* Ok, we now need to push on a buffering BIO so that				 * the output is sent in a way that TCP likes :-)				 * ...but not with SCTP :-)				 */#ifndef OPENSSL_NO_SCTP				if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))#endif				if (!ssl_init_wbio_buffer(s, 1)) {					ret = -1;					goto end;				}//.........这里部分代码省略.........