]> git.ipfire.org Git - thirdparty/openssl.git/blame - ssl/record/rec_layer_d1.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
use OSSL_PARAM_construct_uint32 for max_early_data
[thirdparty/openssl.git] / ssl / record / rec_layer_d1.c
CommitLineData
0f113f3e 1/*
4333b89f 2 * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
0f113f3e 3 *
2c18d164 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
846e33c7
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
36d16f8e
BL		 8 */
9
10#include <stdio.h>
11#include <errno.h>
706457b7 12#include "../ssl_local.h"
36d16f8e
BL		 13#include <openssl/evp.h>
14#include <openssl/buffer.h>
706457b7 15#include "record_local.h"
0d345f0e 16#include "internal/packet.h"
67dc995e 17#include "internal/cryptlib.h"
40f37188
MC		 18
19int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
20{
21 DTLS_RECORD_LAYER *d;
0485d540 22
e077455e 23 if ((d = OPENSSL_malloc(sizeof(*d))) == NULL)
26a7d938 24 return 0;
40f37188
MC		 25
26 rl->d = d;
5fb6f80c 27
24a1e2f2 28 d->buffered_app_data.q = pqueue_new();
cb2ce7ab 29
eddb067e 30 if (d->buffered_app_data.q == NULL) {
cb2ce7ab
MC		 31 OPENSSL_free(d);
32 rl->d = NULL;
26a7d938 33 return 0;
cb2ce7ab 34 }
40f37188
MC		 35
36 return 1;
37}
38
39void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
40{
d0afb30e
MC		 41 if (rl->d == NULL)
42 return;
43
cb2ce7ab 44 DTLS_RECORD_LAYER_clear(rl);
24a1e2f2 45 pqueue_free(rl->d->buffered_app_data.q);
40f37188
MC		 46 OPENSSL_free(rl->d);
47 rl->d = NULL;
48}
49
50void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl)
51{
52 DTLS_RECORD_LAYER *d;
cb2ce7ab 53 pitem *item = NULL;
eddb067e 54 TLS_RECORD *rec;
cf2cede4 55 pqueue *buffered_app_data;
cb2ce7ab 56
40f37188 57 d = rl->d;
0485d540 58
24a1e2f2 59 while ((item = pqueue_pop(d->buffered_app_data.q)) != NULL) {
eddb067e 60 rec = (TLS_RECORD *)item->data;
163b8016 61 if (rl->s->options & SSL_OP_CLEANSE_PLAINTEXT)
eddb067e
MC		 62 OPENSSL_cleanse(rec->data, rec->length);
63 OPENSSL_free(rec->data);
24a1e2f2
MC		 64 OPENSSL_free(item->data);
65 pitem_free(item);
66 }
67
24a1e2f2 68 buffered_app_data = d->buffered_app_data.q;
b4faea50 69 memset(d, 0, sizeof(*d));
24a1e2f2 70 d->buffered_app_data.q = buffered_app_data;
40f37188
MC		 71}
72
eddb067e 73int dtls_buffer_record(SSL_CONNECTION *s, TLS_RECORD *rec)
0f113f3e 74{
eddb067e 75 TLS_RECORD *rdata;
0f113f3e 76 pitem *item;
eddb067e 77 record_pqueue *queue = &(s->rlayer.d->buffered_app_data);
0f113f3e
MC		 78
79 /* Limit the size of the queue to prevent DOS attacks */
80 if (pqueue_size(queue->q) >= 100)
81 return 0;
82
eddb067e
MC		 83 /* We don't buffer partially read records */
84 if (!ossl_assert(rec->off == 0))
85 return -1;
86
b4faea50 87 rdata = OPENSSL_malloc(sizeof(*rdata));
eddb067e 88 item = pitem_new(rec->seq_num, rdata);
0f113f3e 89 if (rdata == NULL || item == NULL) {
b548a1f1 90 OPENSSL_free(rdata);
25aaa98a 91 pitem_free(item);
c48ffbcc 92 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
06c6a2b4 93 return -1;
0f113f3e
MC		 94 }
95
eddb067e
MC		 96 *rdata = *rec;
97 /*
98 * We will release the record from the record layer soon, so we take a copy
99 * now. Copying data isn't good - but this should be infrequent so we
100 * accept it here.
101 */
102 rdata->data = OPENSSL_memdup(rec->data, rec->length);
103 if (rdata->data == NULL) {
104 OPENSSL_free(rdata);
105 pitem_free(item);
e077455e 106 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
eddb067e
MC		 107 return -1;
108 }
109 /*
110 * We use a NULL rechandle to indicate that the data field has been
111 * allocated by us.
112 */
113 rdata->rechandle = NULL;
0f113f3e
MC		 114
115 item->data = rdata;
36d16f8e 116
7e159e01 117#ifndef OPENSSL_NO_SCTP
0f113f3e 118 /* Store bio_dgram_sctp_rcvinfo struct */
846975f3 119 if (BIO_dgram_is_sctp(s->rbio) &&
120 (ossl_statem_get_state(s) == TLS_ST_SR_FINISHED
121 || ossl_statem_get_state(s) == TLS_ST_CR_FINISHED)) {
122 BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
0f113f3e
MC		 123 sizeof(rdata->recordinfo), &rdata->recordinfo);
124 }
7e159e01
DSH		 125#endif
126
0f113f3e 127 if (pqueue_insert(queue->q, item) == NULL) {
840facc3 128 /* Must be a duplicate so ignore it */
eddb067e 129 OPENSSL_free(rdata->data);
0f113f3e
MC		 130 OPENSSL_free(rdata);
131 pitem_free(item);
0f113f3e 132 }
36d16f8e 133
208fb891 134 return 1;
0f113f3e
MC		 135}
136
eddb067e
MC		 137/* Unbuffer a previously buffered TLS_RECORD structure if any */
138static void dtls_unbuffer_record(SSL_CONNECTION *s)
0f113f3e 139{
eddb067e 140 TLS_RECORD *rdata;
36d16f8e
BL		 141 pitem *item;
142
eddb067e
MC		 143 /* If we already have records to handle then do nothing */
144 if (s->rlayer.curr_rec < s->rlayer.num_recs)
145 return;
1fb9fdc3 146
eddb067e
MC		 147 item = pqueue_pop(s->rlayer.d->buffered_app_data.q);
148 if (item != NULL) {
149 rdata = (TLS_RECORD *)item->data;
0f113f3e 150
eddb067e
MC		 151 s->rlayer.tlsrecs[0] = *rdata;
152 s->rlayer.num_recs = 1;
153 s->rlayer.curr_rec = 0;
738ad946 154
1fb9fdc3 155#ifndef OPENSSL_NO_SCTP
eddb067e 156 /* Restore bio_dgram_sctp_rcvinfo struct */
846975f3 157 if (BIO_dgram_is_sctp(s->rbio)) {
158 BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,
159 sizeof(rdata->recordinfo), &rdata->recordinfo);
eddb067e 160 }
1fb9fdc3 161#endif
1fb9fdc3 162
eddb067e
MC		 163 OPENSSL_free(item->data);
164 pitem_free(item);
0f113f3e 165 }
0f113f3e 166}
36d16f8e 167
1d97c843
TH		 168/*-
169 * Return up to 'len' payload bytes received in 'type' records.
36d16f8e
BL		 170 * 'type' is one of the following:
171 *
172 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
173 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
174 * - 0 (during a shutdown, no data has to be returned)
175 *
176 * If we don't have stored data to work from, read a SSL/TLS record first
177 * (possibly multiple records if we still don't have anything to return).
178 *
179 * This function must handle any surprises the peer may have for us, such as
c69f2adf
MC		 180 * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
181 * messages are treated as if they were handshake messages *if* the |recd_type|
182 * argument is non NULL.
36d16f8e
BL		 183 * Also if record payloads contain fragments too small to process, we store
184 * them until there is enough for the respective protocol (the record protocol
185 * may use arbitrary fragmentation and even interleaving):
186 * Change cipher spec protocol
187 * just 1 byte needed, no need for keeping anything stored
188 * Alert protocol
189 * 2 bytes needed (AlertLevel, AlertDescription)
190 * Handshake protocol
191 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
192 * to detect unexpected Client Hello and Hello Request messages
193 * here, anything else is handled by higher layers
194 * Application data protocol
195 * none of our business
196 */
657da85e 197int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
02ba18a6 198 size_t len, int peek, size_t *readbytes)
0f113f3e 199{
eddb067e 200 int i, j, ret;
bd990e25 201 size_t n;
eddb067e 202 TLS_RECORD *rr;
0f113f3e 203 void (*cb) (const SSL *ssl, int type2, int val) = NULL;
38b051a1
TM		 204 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
205
206 if (sc == NULL)
207 return -1;
0f113f3e 208
0f113f3e
MC		 209 if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
210 (type != SSL3_RT_HANDSHAKE)) ||
211 (peek && (type != SSL3_RT_APPLICATION_DATA))) {
38b051a1 212 SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
0f113f3e
MC		 213 return -1;
214 }
215
38b051a1 216 if (!ossl_statem_get_in_handshake(sc) && SSL_in_init(s)) {
0f113f3e 217 /* type == SSL3_RT_APPLICATION_DATA */
38b051a1 218 i = sc->handshake_func(s);
c2853382 219 /* SSLfatal() already called if appropriate */
0f113f3e 220 if (i < 0)
eda75751 221 return i;
c2853382 222 if (i == 0)
eda75751 223 return -1;
0f113f3e
MC		 224 }
225
226 start:
38b051a1 227 sc->rwstate = SSL_NOTHING;
0f113f3e 228
0f113f3e
MC		 229 /*
230 * We are not handshaking and have no data yet, so process data buffered
231 * during the last handshake in advance, if any.
232 */
eddb067e
MC		 233 if (SSL_is_init_finished(s))
234 dtls_unbuffer_record(sc);
0f113f3e
MC		 235
236 /* Check for timeout */
38b051a1 237 if (dtls1_handle_timeout(sc) > 0) {
0f113f3e 238 goto start;
38b051a1 239 } else if (ossl_statem_in_error(sc)) {
d273b60b
MC		 240 /* dtls1_handle_timeout() has failed with a fatal error */
241 return -1;
242 }
0f113f3e
MC		 243
244 /* get new packet if necessary */
eddb067e
MC		 245 if (sc->rlayer.curr_rec >= sc->rlayer.num_recs) {
246 sc->rlayer.curr_rec = sc->rlayer.num_recs = 0;
247 do {
248 rr = &sc->rlayer.tlsrecs[sc->rlayer.num_recs];
249
320145d5 250 ret = HANDLE_RLAYER_READ_RETURN(sc,
cffafb5f
MC		 251 sc->rlayer.rrlmethod->read_record(sc->rlayer.rrl,
252 &rr->rechandle,
253 &rr->version, &rr->type,
254 &rr->data, &rr->length,
255 &rr->epoch, rr->seq_num));
eddb067e
MC		 256 if (ret <= 0) {
257 ret = dtls1_read_failed(sc, ret);
258 /*
259 * Anything other than a timeout is an error. SSLfatal() already
260 * called if appropriate.
261 */
262 if (ret <= 0)
263 return ret;
264 else
265 goto start;
266 }
267 rr->off = 0;
268 sc->rlayer.num_recs++;
cffafb5f 269 } while (sc->rlayer.rrlmethod->processed_read_pending(sc->rlayer.rrl)
eddb067e 270 && sc->rlayer.num_recs < SSL_MAX_PIPELINES);
0f113f3e 271 }
eddb067e 272 rr = &sc->rlayer.tlsrecs[sc->rlayer.curr_rec];
0f113f3e 273
af58be76
MC		 274 /*
275 * Reset the count of consecutive warning alerts if we've got a non-empty
276 * record that isn't an alert.
277 */
eddb067e 278 if (rr->type != SSL3_RT_ALERT && rr->length != 0)
38b051a1 279 sc->rlayer.alert_count = 0;
af58be76 280
0f113f3e
MC		 281 /* we now have a packet which can be read and processed */
282
38b051a1 283 if (sc->s3.change_cipher_spec /* set when we receive ChangeCipherSpec,
555cbb32 284 * reset by ssl3_get_finished */
eddb067e 285 && (rr->type != SSL3_RT_HANDSHAKE)) {
0f113f3e
MC		 286 /*
287 * We now have application data between CCS and Finished. Most likely
288 * the packets were reordered on their way, so buffer the application
289 * data for later processing rather than dropping the connection.
290 */
eddb067e 291 if (dtls_buffer_record(sc, rr) < 0) {
c2853382 292 /* SSLfatal() already called */
0f113f3e
MC		 293 return -1;
294 }
eddb067e 295 ssl_release_record(sc, rr);
0f113f3e
MC		 296 goto start;
297 }
298
299 /*
300 * If the other end has shut down, throw anything we read away (even in
301 * 'peek' mode)
302 */
38b051a1 303 if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
eddb067e 304 ssl_release_record(sc, rr);
38b051a1 305 sc->rwstate = SSL_NOTHING;
eda75751 306 return 0;
0f113f3e
MC		 307 }
308
eddb067e
MC		 309 if (type == rr->type
310 || (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC
a230b26e 311 && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
c69f2adf
MC		 312 /*
313 * SSL3_RT_APPLICATION_DATA or
314 * SSL3_RT_HANDSHAKE or
315 * SSL3_RT_CHANGE_CIPHER_SPEC
316 */
0f113f3e
MC		 317 /*
318 * make sure that we are not getting application data when we are
319 * doing a handshake for the first time
320 */
321 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
38b051a1
TM		 322 (sc->enc_read_ctx == NULL)) {
323 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE,
c2853382
MC		 324 SSL_R_APP_DATA_IN_HANDSHAKE);
325 return -1;
0f113f3e 326 }
7e159e01 327
c69f2adf 328 if (recvd_type != NULL)
eddb067e 329 *recvd_type = rr->type;
c69f2adf 330
66fab923
MC		 331 if (len == 0) {
332 /*
eddb067e 333 * Release a zero length record. This ensures multiple calls to
66fab923
MC		 334 * SSL_read() with a zero length buffer will eventually cause
335 * SSL_pending() to report data as being available.
336 */
eddb067e
MC		 337 if (rr->length == 0)
338 ssl_release_record(sc, rr);
eda75751 339 return 0;
66fab923 340 }
0f113f3e 341
eddb067e
MC		 342 if (len > rr->length)
343 n = rr->length;
0f113f3e 344 else
eda75751 345 n = len;
0f113f3e 346
eddb067e 347 memcpy(buf, &(rr->data[rr->off]), n);
66fab923 348 if (peek) {
eddb067e
MC		 349 if (rr->length == 0)
350 ssl_release_record(sc, rr);
66fab923 351 } else {
38b051a1 352 if (sc->options & SSL_OP_CLEANSE_PLAINTEXT)
eddb067e
MC		 353 OPENSSL_cleanse(&(rr->data[rr->off]), n);
354 rr->length -= n;
355 rr->off += n;
8bbf7ef6 356 if (rr->length == 0)
eddb067e 357 ssl_release_record(sc, rr);
0f113f3e 358 }
7e159e01 359#ifndef OPENSSL_NO_SCTP
0f113f3e
MC		 360 /*
361 * We might had to delay a close_notify alert because of reordered
362 * app data. If there was an alert and there is no message to read
363 * anymore, finally set shutdown.
364 */
365 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
38b051a1 366 sc->d1->shutdown_received
639e5760 367 && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) {
38b051a1 368 sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
eda75751 369 return 0;
0f113f3e
MC		 370 }
371#endif
02ba18a6 372 *readbytes = n;
eda75751 373 return 1;
0f113f3e
MC		 374 }
375
376 /*
377 * If we get here, then type != rr->type; if we have a handshake message,
378 * then it was unexpected (Hello Request or Client Hello).
379 */
380
eddb067e 381 if (rr->type == SSL3_RT_ALERT) {
bd990e25 382 unsigned int alert_level, alert_descr;
eddb067e 383 unsigned char *alert_bytes = rr->data + rr->off;
bd990e25 384 PACKET alert;
0f113f3e 385
eddb067e 386 if (!PACKET_buf_init(&alert, alert_bytes, rr->length)
bd990e25
MC		 387 || !PACKET_get_1(&alert, &alert_level)
388 || !PACKET_get_1(&alert, &alert_descr)
389 || PACKET_remaining(&alert) != 0) {
38b051a1 390 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT);
c2853382 391 return -1;
0f113f3e
MC		 392 }
393
38b051a1
TM		 394 if (sc->msg_callback)
395 sc->msg_callback(0, sc->version, SSL3_RT_ALERT, alert_bytes, 2, s,
396 sc->msg_callback_arg);
0f113f3e 397
38b051a1
TM		 398 if (sc->info_callback != NULL)
399 cb = sc->info_callback;
0f113f3e
MC		 400 else if (s->ctx->info_callback != NULL)
401 cb = s->ctx->info_callback;
402
403 if (cb != NULL) {
404 j = (alert_level << 8) | alert_descr;
405 cb(s, SSL_CB_READ_ALERT, j);
406 }
407
fd865cad 408 if (alert_level == SSL3_AL_WARNING) {
38b051a1 409 sc->s3.warn_alert = alert_descr;
eddb067e 410 ssl_release_record(sc, rr);
af58be76 411
38b051a1
TM		 412 sc->rlayer.alert_count++;
413 if (sc->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
414 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE,
c2853382
MC		 415 SSL_R_TOO_MANY_WARN_ALERTS);
416 return -1;
af58be76
MC		 417 }
418
0f113f3e 419 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
7e159e01 420#ifndef OPENSSL_NO_SCTP
0f113f3e
MC		 421 /*
422 * With SCTP and streams the socket may deliver app data
423 * after a close_notify alert. We have to check this first so
424 * that nothing gets discarded.
425 */
426 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
639e5760 427 BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) {
38b051a1
TM		 428 sc->d1->shutdown_received = 1;
429 sc->rwstate = SSL_READING;
0f113f3e
MC		 430 BIO_clear_retry_flags(SSL_get_rbio(s));
431 BIO_set_retry_read(SSL_get_rbio(s));
432 return -1;
433 }
7e159e01 434#endif
38b051a1 435 sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
eda75751 436 return 0;
0f113f3e 437 }
fd865cad 438 } else if (alert_level == SSL3_AL_FATAL) {
38b051a1
TM		 439 sc->rwstate = SSL_NOTHING;
440 sc->s3.fatal_alert = alert_descr;
441 SSLfatal_data(sc, SSL_AD_NO_ALERT,
c48ffbcc
RL		 442 SSL_AD_REASON_OFFSET + alert_descr,
443 "SSL alert number %d", alert_descr);
38b051a1 444 sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
eddb067e 445 ssl_release_record(sc, rr);
38b051a1 446 SSL_CTX_remove_session(sc->session_ctx, sc->session);
eda75751 447 return 0;
0f113f3e 448 } else {
38b051a1 449 SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE);
c2853382 450 return -1;
0f113f3e
MC		 451 }
452
453 goto start;
454 }
455
38b051a1 456 if (sc->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
0f113f3e 457 * shutdown */
38b051a1 458 sc->rwstate = SSL_NOTHING;
eddb067e 459 ssl_release_record(sc, rr);
eda75751 460 return 0;
0f113f3e
MC		 461 }
462
eddb067e 463 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
0f113f3e
MC		 464 /*
465 * We can't process a CCS now, because previous handshake messages
466 * are still missing, so just drop it.
467 */
eddb067e 468 ssl_release_record(sc, rr);
0f113f3e
MC		 469 goto start;
470 }
471
472 /*
473 * Unexpected handshake message (Client Hello, or protocol violation)
474 */
eddb067e 475 if (rr->type == SSL3_RT_HANDSHAKE && !ossl_statem_get_in_handshake(sc)) {
0f113f3e
MC		 476 struct hm_header_st msg_hdr;
477
bd990e25
MC		 478 /*
479 * This may just be a stale retransmit. Also sanity check that we have
480 * at least enough record bytes for a message header
481 */
eddb067e
MC		 482 if (rr->epoch != sc->rlayer.d->r_epoch
483 || rr->length < DTLS1_HM_HEADER_LENGTH) {
484 ssl_release_record(sc, rr);
0f113f3e
MC		 485 goto start;
486 }
487
bd990e25
MC		 488 dtls1_get_message_header(rr->data, &msg_hdr);
489
0f113f3e
MC		 490 /*
491 * If we are server, we may have a repeated FINISHED of the client
492 * here, then retransmit our CCS and FINISHED.
493 */
494 if (msg_hdr.type == SSL3_MT_FINISHED) {
38b051a1 495 if (dtls1_check_timeout_num(sc) < 0) {
c2853382 496 /* SSLfatal) already called */
0f113f3e 497 return -1;
c2853382 498 }
0f113f3e 499
38b051a1 500 if (dtls1_retransmit_buffered_messages(sc) <= 0) {
d273b60b 501 /* Fail if we encountered a fatal error */
38b051a1 502 if (ossl_statem_in_error(sc))
d273b60b 503 return -1;
d273b60b 504 }
eddb067e 505 ssl_release_record(sc, rr);
38b051a1 506 if (!(sc->mode & SSL_MODE_AUTO_RETRY)) {
cffafb5f 507 if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) {
ad962252
MC		 508 /* no read-ahead left? */
509 BIO *bio;
510
38b051a1 511 sc->rwstate = SSL_READING;
ad962252
MC		 512 bio = SSL_get_rbio(s);
513 BIO_clear_retry_flags(bio);
514 BIO_set_retry_read(bio);
515 return -1;
516 }
517 }
0f113f3e
MC		 518 goto start;
519 }
520
c7f47786
MC		 521 /*
522 * To get here we must be trying to read app data but found handshake
523 * data. But if we're trying to read app data, and we're not in init
524 * (which is tested for at the top of this function) then init must be
525 * finished
526 */
b77f3ed1 527 if (!ossl_assert(SSL_is_init_finished(s))) {
38b051a1 528 SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
c2853382 529 return -1;
0f113f3e 530 }
c7f47786
MC		 531
532 /* We found handshake data, so we're going back into init */
38b051a1 533 ossl_statem_set_in_init(sc, 1);
c7f47786 534
38b051a1 535 i = sc->handshake_func(s);
c2853382 536 /* SSLfatal() called if appropriate */
0f113f3e 537 if (i < 0)
eda75751 538 return i;
c2853382 539 if (i == 0)
eda75751 540 return -1;
0f113f3e 541
38b051a1 542 if (!(sc->mode & SSL_MODE_AUTO_RETRY)) {
cffafb5f 543 if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) {
28d59af8 544 /* no read-ahead left? */
0f113f3e
MC		 545 BIO *bio;
546 /*
547 * In the case where we try to read application data, but we
548 * trigger an SSL handshake, we return -1 with the retry
549 * option set. Otherwise renegotiation may cause nasty
550 * problems in the blocking world
551 */
38b051a1 552 sc->rwstate = SSL_READING;
0f113f3e
MC		 553 bio = SSL_get_rbio(s);
554 BIO_clear_retry_flags(bio);
555 BIO_set_retry_read(bio);
eda75751 556 return -1;
0f113f3e
MC		 557 }
558 }
559 goto start;
560 }
561
eddb067e 562 switch (rr->type) {
0f113f3e 563 default:
38b051a1 564 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
c2853382 565 return -1;
0f113f3e
MC		 566 case SSL3_RT_CHANGE_CIPHER_SPEC:
567 case SSL3_RT_ALERT:
568 case SSL3_RT_HANDSHAKE:
569 /*
570 * we already handled all of these, with the possible exception of
024f543c
MC		 571 * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
572 * that should not happen when type != rr->type
0f113f3e 573 */
38b051a1 574 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR);
c2853382 575 return -1;
0f113f3e
MC		 576 case SSL3_RT_APPLICATION_DATA:
577 /*
578 * At this point, we were expecting handshake data, but have
579 * application data. If the library was running inside ssl3_read()
580 * (i.e. in_read_app_data is set) and it makes sense to read
581 * application data at this point (session renegotiation not yet
582 * started), we will indulge it.
583 */
38b051a1
TM		 584 if (sc->s3.in_read_app_data &&
585 (sc->s3.total_renegotiations != 0) &&
586 ossl_statem_app_data_allowed(sc)) {
587 sc->s3.in_read_app_data = 2;
eda75751 588 return -1;
0f113f3e 589 } else {
38b051a1 590 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
c2853382 591 return -1;
0f113f3e
MC		 592 }
593 }
594 /* not reached */
0f113f3e
MC		 595}
596
0f113f3e
MC		 597/*
598 * Call this to write data in records of type 'type' It will return <= 0 if
599 * not all data has been sent or non-blocking IO.
36d16f8e 600 */
38b051a1
TM		 601int dtls1_write_bytes(SSL_CONNECTION *s, int type, const void *buf,
602 size_t len, size_t *written)
0f113f3e
MC		 603{
604 int i;
605
42bd7a16 606 if (!ossl_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH)) {
c48ffbcc 607 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
380a522f 608 return -1;
42bd7a16 609 }
0f113f3e 610 s->rwstate = SSL_NOTHING;
22d6e854 611 i = do_dtls1_write(s, type, buf, len, written);
0f113f3e
MC		 612 return i;
613}
614
88bf978e
MC		 615int do_dtls1_write(SSL_CONNECTION *sc, int type, const unsigned char *buf,
616 size_t len, size_t *written)
617{
618 int i;
619 OSSL_RECORD_TEMPLATE tmpl;
620 SSL *s = SSL_CONNECTION_GET_SSL(sc);
88bf978e
MC		 621 int ret;
622
88bf978e
MC		 623 /* If we have an alert to send, lets send it */
624 if (sc->s3.alert_dispatch) {
625 i = s->method->ssl_dispatch_alert(s);
626 if (i <= 0)
627 return i;
628 /* if it went, fall through and send more stuff */
629 }
630
631 if (len == 0)
632 return 0;
633
634 if (len > ssl_get_max_send_fragment(sc)) {
635 SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
636 return 0;
637 }
638
639 tmpl.type = type;
640 /*
641 * Special case: for hello verify request, client version 1.0 and we
642 * haven't decided which version to use yet send back using version 1.0
643 * header: otherwise some clients will ignore it.
644 */
645 if (s->method->version == DTLS_ANY_VERSION
646 && sc->max_proto_version != DTLS1_BAD_VER)
647 tmpl.version = DTLS1_VERSION;
648 else
649 tmpl.version = sc->version;
650 tmpl.buf = buf;
651 tmpl.buflen = len;
652
4cdd198e
MC		 653 ret = HANDLE_RLAYER_WRITE_RETURN(sc,
654 sc->rlayer.wrlmethod->write_records(sc->rlayer.wrl, &tmpl, 1));
88bf978e
MC		 655
656 if (ret > 0)
657 *written = (int)len;
658
659 return ret;
0f113f3e 660}
36d16f8e 661
b92fc4ae 662void dtls1_increment_epoch(SSL_CONNECTION *s, int rw)
0f113f3e 663{
0f113f3e 664 if (rw & SSL3_CC_READ) {
78a39fe7 665 s->rlayer.d->r_epoch++;
5cb4d646
MC		 666
667 /*
668 * We must not use any buffered messages received from the previous
669 * epoch
670 */
671 dtls1_clear_received_buffer(s);
0f113f3e 672 } else {
78a39fe7 673 s->rlayer.d->w_epoch++;
0f113f3e 674 }
0f113f3e 675}
A mirror of the official openssl repository