rec_layer_d1.c 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692
  1. /*
  2. * Copyright 2005-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <errno.h>
  11. #include "../ssl_local.h"
  12. #include <openssl/evp.h>
  13. #include <openssl/buffer.h>
  14. #include "record_local.h"
  15. #include "internal/packet.h"
  16. #include "internal/cryptlib.h"
  17. int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
  18. {
  19. DTLS_RECORD_LAYER *d;
  20. if ((d = OPENSSL_malloc(sizeof(*d))) == NULL)
  21. return 0;
  22. rl->d = d;
  23. d->buffered_app_data = pqueue_new();
  24. if (d->buffered_app_data == NULL) {
  25. OPENSSL_free(d);
  26. rl->d = NULL;
  27. return 0;
  28. }
  29. return 1;
  30. }
  31. void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
  32. {
  33. if (rl->d == NULL)
  34. return;
  35. DTLS_RECORD_LAYER_clear(rl);
  36. pqueue_free(rl->d->buffered_app_data);
  37. OPENSSL_free(rl->d);
  38. rl->d = NULL;
  39. }
  40. void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl)
  41. {
  42. DTLS_RECORD_LAYER *d;
  43. pitem *item = NULL;
  44. TLS_RECORD *rec;
  45. pqueue *buffered_app_data;
  46. d = rl->d;
  47. while ((item = pqueue_pop(d->buffered_app_data)) != NULL) {
  48. rec = (TLS_RECORD *)item->data;
  49. if (rl->s->options & SSL_OP_CLEANSE_PLAINTEXT)
  50. OPENSSL_cleanse(rec->allocdata, rec->length);
  51. OPENSSL_free(rec->allocdata);
  52. OPENSSL_free(item->data);
  53. pitem_free(item);
  54. }
  55. buffered_app_data = d->buffered_app_data;
  56. memset(d, 0, sizeof(*d));
  57. d->buffered_app_data = buffered_app_data;
  58. }
  59. static int dtls_buffer_record(SSL_CONNECTION *s, TLS_RECORD *rec)
  60. {
  61. TLS_RECORD *rdata;
  62. pitem *item;
  63. struct pqueue_st *queue = s->rlayer.d->buffered_app_data;
  64. /* Limit the size of the queue to prevent DOS attacks */
  65. if (pqueue_size(queue) >= 100)
  66. return 0;
  67. /* We don't buffer partially read records */
  68. if (!ossl_assert(rec->off == 0))
  69. return -1;
  70. rdata = OPENSSL_malloc(sizeof(*rdata));
  71. item = pitem_new(rec->seq_num, rdata);
  72. if (rdata == NULL || item == NULL) {
  73. OPENSSL_free(rdata);
  74. pitem_free(item);
  75. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  76. return -1;
  77. }
  78. *rdata = *rec;
  79. /*
  80. * We will release the record from the record layer soon, so we take a copy
  81. * now. Copying data isn't good - but this should be infrequent so we
  82. * accept it here.
  83. */
  84. rdata->data = rdata->allocdata = OPENSSL_memdup(rec->data, rec->length);
  85. if (rdata->data == NULL) {
  86. OPENSSL_free(rdata);
  87. pitem_free(item);
  88. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
  89. return -1;
  90. }
  91. /*
  92. * We use a NULL rechandle to indicate that the data field has been
  93. * allocated by us.
  94. */
  95. rdata->rechandle = NULL;
  96. item->data = rdata;
  97. #ifndef OPENSSL_NO_SCTP
  98. /* Store bio_dgram_sctp_rcvinfo struct */
  99. if (BIO_dgram_is_sctp(s->rbio) &&
  100. (ossl_statem_get_state(s) == TLS_ST_SR_FINISHED
  101. || ossl_statem_get_state(s) == TLS_ST_CR_FINISHED)) {
  102. BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
  103. sizeof(rdata->recordinfo), &rdata->recordinfo);
  104. }
  105. #endif
  106. if (pqueue_insert(queue, item) == NULL) {
  107. /* Must be a duplicate so ignore it */
  108. OPENSSL_free(rdata->allocdata);
  109. OPENSSL_free(rdata);
  110. pitem_free(item);
  111. }
  112. return 1;
  113. }
  114. /* Unbuffer a previously buffered TLS_RECORD structure if any */
  115. static void dtls_unbuffer_record(SSL_CONNECTION *s)
  116. {
  117. TLS_RECORD *rdata;
  118. pitem *item;
  119. /* If we already have records to handle then do nothing */
  120. if (s->rlayer.curr_rec < s->rlayer.num_recs)
  121. return;
  122. item = pqueue_pop(s->rlayer.d->buffered_app_data);
  123. if (item != NULL) {
  124. rdata = (TLS_RECORD *)item->data;
  125. s->rlayer.tlsrecs[0] = *rdata;
  126. s->rlayer.num_recs = 1;
  127. s->rlayer.curr_rec = 0;
  128. #ifndef OPENSSL_NO_SCTP
  129. /* Restore bio_dgram_sctp_rcvinfo struct */
  130. if (BIO_dgram_is_sctp(s->rbio)) {
  131. BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,
  132. sizeof(rdata->recordinfo), &rdata->recordinfo);
  133. }
  134. #endif
  135. OPENSSL_free(item->data);
  136. pitem_free(item);
  137. }
  138. }
  139. /*-
  140. * Return up to 'len' payload bytes received in 'type' records.
  141. * 'type' is one of the following:
  142. *
  143. * - SSL3_RT_HANDSHAKE
  144. * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
  145. * - 0 (during a shutdown, no data has to be returned)
  146. *
  147. * If we don't have stored data to work from, read a SSL/TLS record first
  148. * (possibly multiple records if we still don't have anything to return).
  149. *
  150. * This function must handle any surprises the peer may have for us, such as
  151. * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
  152. * messages are treated as if they were handshake messages *if* the |recd_type|
  153. * argument is non NULL.
  154. * Also if record payloads contain fragments too small to process, we store
  155. * them until there is enough for the respective protocol (the record protocol
  156. * may use arbitrary fragmentation and even interleaving):
  157. * Change cipher spec protocol
  158. * just 1 byte needed, no need for keeping anything stored
  159. * Alert protocol
  160. * 2 bytes needed (AlertLevel, AlertDescription)
  161. * Handshake protocol
  162. * 4 bytes needed (HandshakeType, uint24 length) -- we just have
  163. * to detect unexpected Client Hello and Hello Request messages
  164. * here, anything else is handled by higher layers
  165. * Application data protocol
  166. * none of our business
  167. */
  168. int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,
  169. unsigned char *buf, size_t len,
  170. int peek, size_t *readbytes)
  171. {
  172. int i, j, ret;
  173. size_t n;
  174. TLS_RECORD *rr;
  175. void (*cb) (const SSL *ssl, int type2, int val) = NULL;
  176. SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
  177. if (sc == NULL)
  178. return -1;
  179. if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
  180. (type != SSL3_RT_HANDSHAKE)) ||
  181. (peek && (type != SSL3_RT_APPLICATION_DATA))) {
  182. SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  183. return -1;
  184. }
  185. if (!ossl_statem_get_in_handshake(sc) && SSL_in_init(s)) {
  186. /* type == SSL3_RT_APPLICATION_DATA */
  187. i = sc->handshake_func(s);
  188. /* SSLfatal() already called if appropriate */
  189. if (i < 0)
  190. return i;
  191. if (i == 0)
  192. return -1;
  193. }
  194. start:
  195. sc->rwstate = SSL_NOTHING;
  196. /*
  197. * We are not handshaking and have no data yet, so process data buffered
  198. * during the last handshake in advance, if any.
  199. */
  200. if (SSL_is_init_finished(s))
  201. dtls_unbuffer_record(sc);
  202. /* Check for timeout */
  203. if (dtls1_handle_timeout(sc) > 0) {
  204. goto start;
  205. } else if (ossl_statem_in_error(sc)) {
  206. /* dtls1_handle_timeout() has failed with a fatal error */
  207. return -1;
  208. }
  209. /* get new packet if necessary */
  210. if (sc->rlayer.curr_rec >= sc->rlayer.num_recs) {
  211. sc->rlayer.curr_rec = sc->rlayer.num_recs = 0;
  212. do {
  213. rr = &sc->rlayer.tlsrecs[sc->rlayer.num_recs];
  214. ret = HANDLE_RLAYER_READ_RETURN(sc,
  215. sc->rlayer.rrlmethod->read_record(sc->rlayer.rrl,
  216. &rr->rechandle,
  217. &rr->version, &rr->type,
  218. &rr->data, &rr->length,
  219. &rr->epoch, rr->seq_num));
  220. if (ret <= 0) {
  221. ret = dtls1_read_failed(sc, ret);
  222. /*
  223. * Anything other than a timeout is an error. SSLfatal() already
  224. * called if appropriate.
  225. */
  226. if (ret <= 0)
  227. return ret;
  228. else
  229. goto start;
  230. }
  231. rr->off = 0;
  232. sc->rlayer.num_recs++;
  233. } while (sc->rlayer.rrlmethod->processed_read_pending(sc->rlayer.rrl)
  234. && sc->rlayer.num_recs < SSL_MAX_PIPELINES);
  235. }
  236. rr = &sc->rlayer.tlsrecs[sc->rlayer.curr_rec];
  237. /*
  238. * Reset the count of consecutive warning alerts if we've got a non-empty
  239. * record that isn't an alert.
  240. */
  241. if (rr->type != SSL3_RT_ALERT && rr->length != 0)
  242. sc->rlayer.alert_count = 0;
  243. /* we now have a packet which can be read and processed */
  244. if (sc->s3.change_cipher_spec /* set when we receive ChangeCipherSpec,
  245. * reset by ssl3_get_finished */
  246. && (rr->type != SSL3_RT_HANDSHAKE)) {
  247. /*
  248. * We now have application data between CCS and Finished. Most likely
  249. * the packets were reordered on their way, so buffer the application
  250. * data for later processing rather than dropping the connection.
  251. */
  252. if (dtls_buffer_record(sc, rr) < 0) {
  253. /* SSLfatal() already called */
  254. return -1;
  255. }
  256. if (!ssl_release_record(sc, rr, 0))
  257. return -1;
  258. goto start;
  259. }
  260. /*
  261. * If the other end has shut down, throw anything we read away (even in
  262. * 'peek' mode)
  263. */
  264. if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) {
  265. if (!ssl_release_record(sc, rr, 0))
  266. return -1;
  267. sc->rwstate = SSL_NOTHING;
  268. return 0;
  269. }
  270. if (type == rr->type
  271. || (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC
  272. && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
  273. /*
  274. * SSL3_RT_APPLICATION_DATA or
  275. * SSL3_RT_HANDSHAKE or
  276. * SSL3_RT_CHANGE_CIPHER_SPEC
  277. */
  278. /*
  279. * make sure that we are not getting application data when we are
  280. * doing a handshake for the first time
  281. */
  282. if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA)
  283. && (SSL_IS_FIRST_HANDSHAKE(sc))) {
  284. SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE,
  285. SSL_R_APP_DATA_IN_HANDSHAKE);
  286. return -1;
  287. }
  288. if (recvd_type != NULL)
  289. *recvd_type = rr->type;
  290. if (len == 0) {
  291. /*
  292. * Release a zero length record. This ensures multiple calls to
  293. * SSL_read() with a zero length buffer will eventually cause
  294. * SSL_pending() to report data as being available.
  295. */
  296. if (rr->length == 0 && !ssl_release_record(sc, rr, 0))
  297. return -1;
  298. return 0;
  299. }
  300. if (len > rr->length)
  301. n = rr->length;
  302. else
  303. n = len;
  304. memcpy(buf, &(rr->data[rr->off]), n);
  305. if (peek) {
  306. if (rr->length == 0 && !ssl_release_record(sc, rr, 0))
  307. return -1;
  308. } else {
  309. if (!ssl_release_record(sc, rr, n))
  310. return -1;
  311. }
  312. #ifndef OPENSSL_NO_SCTP
  313. /*
  314. * We might had to delay a close_notify alert because of reordered
  315. * app data. If there was an alert and there is no message to read
  316. * anymore, finally set shutdown.
  317. */
  318. if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
  319. sc->d1->shutdown_received
  320. && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) {
  321. sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
  322. return 0;
  323. }
  324. #endif
  325. *readbytes = n;
  326. return 1;
  327. }
  328. /*
  329. * If we get here, then type != rr->type; if we have a handshake message,
  330. * then it was unexpected (Hello Request or Client Hello).
  331. */
  332. if (rr->type == SSL3_RT_ALERT) {
  333. unsigned int alert_level, alert_descr;
  334. const unsigned char *alert_bytes = rr->data + rr->off;
  335. PACKET alert;
  336. if (!PACKET_buf_init(&alert, alert_bytes, rr->length)
  337. || !PACKET_get_1(&alert, &alert_level)
  338. || !PACKET_get_1(&alert, &alert_descr)
  339. || PACKET_remaining(&alert) != 0) {
  340. SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT);
  341. return -1;
  342. }
  343. if (sc->msg_callback)
  344. sc->msg_callback(0, sc->version, SSL3_RT_ALERT, alert_bytes, 2, s,
  345. sc->msg_callback_arg);
  346. if (sc->info_callback != NULL)
  347. cb = sc->info_callback;
  348. else if (s->ctx->info_callback != NULL)
  349. cb = s->ctx->info_callback;
  350. if (cb != NULL) {
  351. j = (alert_level << 8) | alert_descr;
  352. cb(s, SSL_CB_READ_ALERT, j);
  353. }
  354. if (alert_level == SSL3_AL_WARNING) {
  355. sc->s3.warn_alert = alert_descr;
  356. if (!ssl_release_record(sc, rr, 0))
  357. return -1;
  358. sc->rlayer.alert_count++;
  359. if (sc->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
  360. SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE,
  361. SSL_R_TOO_MANY_WARN_ALERTS);
  362. return -1;
  363. }
  364. if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
  365. #ifndef OPENSSL_NO_SCTP
  366. /*
  367. * With SCTP and streams the socket may deliver app data
  368. * after a close_notify alert. We have to check this first so
  369. * that nothing gets discarded.
  370. */
  371. if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
  372. BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) {
  373. sc->d1->shutdown_received = 1;
  374. sc->rwstate = SSL_READING;
  375. BIO_clear_retry_flags(SSL_get_rbio(s));
  376. BIO_set_retry_read(SSL_get_rbio(s));
  377. return -1;
  378. }
  379. #endif
  380. sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
  381. return 0;
  382. }
  383. } else if (alert_level == SSL3_AL_FATAL) {
  384. sc->rwstate = SSL_NOTHING;
  385. sc->s3.fatal_alert = alert_descr;
  386. SSLfatal_data(sc, SSL_AD_NO_ALERT,
  387. SSL_AD_REASON_OFFSET + alert_descr,
  388. "SSL alert number %d", alert_descr);
  389. sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
  390. if (!ssl_release_record(sc, rr, 0))
  391. return -1;
  392. SSL_CTX_remove_session(sc->session_ctx, sc->session);
  393. return 0;
  394. } else {
  395. SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE);
  396. return -1;
  397. }
  398. goto start;
  399. }
  400. if (sc->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
  401. * shutdown */
  402. sc->rwstate = SSL_NOTHING;
  403. if (!ssl_release_record(sc, rr, 0))
  404. return -1;
  405. return 0;
  406. }
  407. if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
  408. /*
  409. * We can't process a CCS now, because previous handshake messages
  410. * are still missing, so just drop it.
  411. */
  412. if (!ssl_release_record(sc, rr, 0))
  413. return -1;
  414. goto start;
  415. }
  416. /*
  417. * Unexpected handshake message (Client Hello, or protocol violation)
  418. */
  419. if (rr->type == SSL3_RT_HANDSHAKE && !ossl_statem_get_in_handshake(sc)) {
  420. struct hm_header_st msg_hdr;
  421. /*
  422. * This may just be a stale retransmit. Also sanity check that we have
  423. * at least enough record bytes for a message header
  424. */
  425. if (rr->epoch != sc->rlayer.d->r_epoch
  426. || rr->length < DTLS1_HM_HEADER_LENGTH) {
  427. if (!ssl_release_record(sc, rr, 0))
  428. return -1;
  429. goto start;
  430. }
  431. dtls1_get_message_header(rr->data, &msg_hdr);
  432. /*
  433. * If we are server, we may have a repeated FINISHED of the client
  434. * here, then retransmit our CCS and FINISHED.
  435. */
  436. if (msg_hdr.type == SSL3_MT_FINISHED) {
  437. if (dtls1_check_timeout_num(sc) < 0) {
  438. /* SSLfatal) already called */
  439. return -1;
  440. }
  441. if (dtls1_retransmit_buffered_messages(sc) <= 0) {
  442. /* Fail if we encountered a fatal error */
  443. if (ossl_statem_in_error(sc))
  444. return -1;
  445. }
  446. if (!ssl_release_record(sc, rr, 0))
  447. return -1;
  448. if (!(sc->mode & SSL_MODE_AUTO_RETRY)) {
  449. if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) {
  450. /* no read-ahead left? */
  451. BIO *bio;
  452. sc->rwstate = SSL_READING;
  453. bio = SSL_get_rbio(s);
  454. BIO_clear_retry_flags(bio);
  455. BIO_set_retry_read(bio);
  456. return -1;
  457. }
  458. }
  459. goto start;
  460. }
  461. /*
  462. * To get here we must be trying to read app data but found handshake
  463. * data. But if we're trying to read app data, and we're not in init
  464. * (which is tested for at the top of this function) then init must be
  465. * finished
  466. */
  467. if (!ossl_assert(SSL_is_init_finished(s))) {
  468. SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  469. return -1;
  470. }
  471. /* We found handshake data, so we're going back into init */
  472. ossl_statem_set_in_init(sc, 1);
  473. i = sc->handshake_func(s);
  474. /* SSLfatal() called if appropriate */
  475. if (i < 0)
  476. return i;
  477. if (i == 0)
  478. return -1;
  479. if (!(sc->mode & SSL_MODE_AUTO_RETRY)) {
  480. if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) {
  481. /* no read-ahead left? */
  482. BIO *bio;
  483. /*
  484. * In the case where we try to read application data, but we
  485. * trigger an SSL handshake, we return -1 with the retry
  486. * option set. Otherwise renegotiation may cause nasty
  487. * problems in the blocking world
  488. */
  489. sc->rwstate = SSL_READING;
  490. bio = SSL_get_rbio(s);
  491. BIO_clear_retry_flags(bio);
  492. BIO_set_retry_read(bio);
  493. return -1;
  494. }
  495. }
  496. goto start;
  497. }
  498. switch (rr->type) {
  499. default:
  500. SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
  501. return -1;
  502. case SSL3_RT_CHANGE_CIPHER_SPEC:
  503. case SSL3_RT_ALERT:
  504. case SSL3_RT_HANDSHAKE:
  505. /*
  506. * we already handled all of these, with the possible exception of
  507. * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
  508. * that should not happen when type != rr->type
  509. */
  510. SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR);
  511. return -1;
  512. case SSL3_RT_APPLICATION_DATA:
  513. /*
  514. * At this point, we were expecting handshake data, but have
  515. * application data. If the library was running inside ssl3_read()
  516. * (i.e. in_read_app_data is set) and it makes sense to read
  517. * application data at this point (session renegotiation not yet
  518. * started), we will indulge it.
  519. */
  520. if (sc->s3.in_read_app_data &&
  521. (sc->s3.total_renegotiations != 0) &&
  522. ossl_statem_app_data_allowed(sc)) {
  523. sc->s3.in_read_app_data = 2;
  524. return -1;
  525. } else {
  526. SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD);
  527. return -1;
  528. }
  529. }
  530. /* not reached */
  531. }
  532. /*
  533. * Call this to write data in records of type 'type' It will return <= 0 if
  534. * not all data has been sent or non-blocking IO.
  535. */
  536. int dtls1_write_bytes(SSL_CONNECTION *s, uint8_t type, const void *buf,
  537. size_t len, size_t *written)
  538. {
  539. int i;
  540. if (!ossl_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH)) {
  541. SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
  542. return -1;
  543. }
  544. s->rwstate = SSL_NOTHING;
  545. i = do_dtls1_write(s, type, buf, len, written);
  546. return i;
  547. }
  548. int do_dtls1_write(SSL_CONNECTION *sc, uint8_t type, const unsigned char *buf,
  549. size_t len, size_t *written)
  550. {
  551. int i;
  552. OSSL_RECORD_TEMPLATE tmpl;
  553. SSL *s = SSL_CONNECTION_GET_SSL(sc);
  554. int ret;
  555. /* If we have an alert to send, lets send it */
  556. if (sc->s3.alert_dispatch > 0) {
  557. i = s->method->ssl_dispatch_alert(s);
  558. if (i <= 0)
  559. return i;
  560. /* if it went, fall through and send more stuff */
  561. }
  562. if (len == 0)
  563. return 0;
  564. if (len > ssl_get_max_send_fragment(sc)) {
  565. SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
  566. return 0;
  567. }
  568. tmpl.type = type;
  569. /*
  570. * Special case: for hello verify request, client version 1.0 and we
  571. * haven't decided which version to use yet send back using version 1.0
  572. * header: otherwise some clients will ignore it.
  573. */
  574. if (s->method->version == DTLS_ANY_VERSION
  575. && sc->max_proto_version != DTLS1_BAD_VER)
  576. tmpl.version = DTLS1_VERSION;
  577. else
  578. tmpl.version = sc->version;
  579. tmpl.buf = buf;
  580. tmpl.buflen = len;
  581. ret = HANDLE_RLAYER_WRITE_RETURN(sc,
  582. sc->rlayer.wrlmethod->write_records(sc->rlayer.wrl, &tmpl, 1));
  583. if (ret > 0)
  584. *written = (int)len;
  585. return ret;
  586. }
  587. void dtls1_increment_epoch(SSL_CONNECTION *s, int rw)
  588. {
  589. if (rw & SSL3_CC_READ) {
  590. s->rlayer.d->r_epoch++;
  591. /*
  592. * We must not use any buffered messages received from the previous
  593. * epoch
  594. */
  595. dtls1_clear_received_buffer(s);
  596. } else {
  597. s->rlayer.d->w_epoch++;
  598. }
  599. }
  600. uint16_t dtls1_get_epoch(SSL_CONNECTION *s, int rw) {
  601. uint16_t epoch;
  602. if (rw & SSL3_CC_READ)
  603. epoch = s->rlayer.d->r_epoch;
  604. else
  605. epoch = s->rlayer.d->w_epoch;
  606. return epoch;
  607. }