2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* Functions that are record layer specific, are included in this file.
26 /* allocate this many bytes more when encrypting or decrypting, to
27 * compensate for broken backends such as cryptodev.
29 #define CIPHER_SLACK_SIZE 32
31 #include "gnutls_int.h"
32 #include "gnutls_errors.h"
34 #include "gnutls_compress.h"
35 #include "gnutls_cipher.h"
36 #include "gnutls_buffers.h"
37 #include "gnutls_mbuffers.h"
38 #include "gnutls_handshake.h"
39 #include "gnutls_hash_int.h"
40 #include "gnutls_cipher_int.h"
41 #include "algorithms.h"
42 #include "gnutls_db.h"
43 #include "gnutls_auth.h"
44 #include "gnutls_num.h"
45 #include "gnutls_record.h"
46 #include "gnutls_datum.h"
47 #include "gnutls_constate.h"
48 #include "ext/max_record.h"
49 #include <gnutls_state.h>
50 #include <gnutls_dtls.h>
51 #include <gnutls_dh.h>
53 struct tls_record_st
{
56 uint64 sequence
; /* DTLS */
58 uint16_t packet_size
; /* header_size + length */
60 uint16_t epoch
; /* valid in DTLS only */
61 int v2
:1; /* whether an SSLv2 client hello */
66 * gnutls_record_disable_padding:
67 * @session: is a #gnutls_session_t structure.
69 * Used to disabled padding in TLS 1.0 and above. Normally you do not
70 * need to use this function, but there are buggy clients that
71 * complain if a server pads the encrypted data. This of course will
72 * disable protection against statistical attacks on the data.
74 * Normally only servers that require maximum compatibility with everything
75 * out there, need to call this function.
78 gnutls_record_disable_padding (gnutls_session_t session
)
80 session
->internals
.priorities
.no_padding
= 1;
84 * gnutls_transport_set_ptr:
85 * @session: is a #gnutls_session_t structure.
88 * Used to set the first argument of the transport function (for push
89 * and pull callbacks). In berkeley style sockets this function will set the
90 * connection descriptor.
93 gnutls_transport_set_ptr (gnutls_session_t session
,
94 gnutls_transport_ptr_t ptr
)
96 session
->internals
.transport_recv_ptr
= ptr
;
97 session
->internals
.transport_send_ptr
= ptr
;
101 * gnutls_transport_set_ptr2:
102 * @session: is a #gnutls_session_t structure.
103 * @recv_ptr: is the value for the pull function
104 * @send_ptr: is the value for the push function
106 * Used to set the first argument of the transport function (for push
107 * and pull callbacks). In berkeley style sockets this function will set the
108 * connection descriptor. With this function you can use two different
109 * pointers for receiving and sending.
112 gnutls_transport_set_ptr2 (gnutls_session_t session
,
113 gnutls_transport_ptr_t recv_ptr
,
114 gnutls_transport_ptr_t send_ptr
)
116 session
->internals
.transport_send_ptr
= send_ptr
;
117 session
->internals
.transport_recv_ptr
= recv_ptr
;
121 * gnutls_transport_get_ptr:
122 * @session: is a #gnutls_session_t structure.
124 * Used to get the first argument of the transport function (like
125 * PUSH and PULL). This must have been set using
126 * gnutls_transport_set_ptr().
128 * Returns: The first argument of the transport function.
130 gnutls_transport_ptr_t
131 gnutls_transport_get_ptr (gnutls_session_t session
)
133 return session
->internals
.transport_recv_ptr
;
137 * gnutls_transport_get_ptr2:
138 * @session: is a #gnutls_session_t structure.
139 * @recv_ptr: will hold the value for the pull function
140 * @send_ptr: will hold the value for the push function
142 * Used to get the arguments of the transport functions (like PUSH
143 * and PULL). These should have been set using
144 * gnutls_transport_set_ptr2().
147 gnutls_transport_get_ptr2 (gnutls_session_t session
,
148 gnutls_transport_ptr_t
* recv_ptr
,
149 gnutls_transport_ptr_t
* send_ptr
)
152 *recv_ptr
= session
->internals
.transport_recv_ptr
;
153 *send_ptr
= session
->internals
.transport_send_ptr
;
158 * @session: is a #gnutls_session_t structure.
159 * @how: is an integer
161 * Terminates the current TLS/SSL connection. The connection should
162 * have been initiated using gnutls_handshake(). @how should be one
163 * of %GNUTLS_SHUT_RDWR, %GNUTLS_SHUT_WR.
165 * In case of %GNUTLS_SHUT_RDWR the TLS session gets
166 * terminated and further receives and sends will be disallowed. If
167 * the return value is zero you may continue using the underlying
168 * transport layer. %GNUTLS_SHUT_RDWR sends an alert containing a close
169 * request and waits for the peer to reply with the same message.
171 * In case of %GNUTLS_SHUT_WR the TLS session gets terminated
172 * and further sends will be disallowed. In order to reuse the
173 * connection you should wait for an EOF from the peer.
174 * %GNUTLS_SHUT_WR sends an alert containing a close request.
176 * Note that not all implementations will properly terminate a TLS
177 * connection. Some of them, usually for performance reasons, will
178 * terminate only the underlying transport layer, and thus not
179 * distinguishing between a malicious party prematurely terminating
180 * the connection and normal termination.
182 * This function may also return %GNUTLS_E_AGAIN or
183 * %GNUTLS_E_INTERRUPTED; cf. gnutls_record_get_direction().
185 * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see
186 * function documentation for entire semantics.
189 gnutls_bye (gnutls_session_t session
, gnutls_close_request_t how
)
197 ret
= _gnutls_io_write_flush (session
);
207 gnutls_alert_send (session
, GNUTLS_AL_WARNING
, GNUTLS_A_CLOSE_NOTIFY
);
217 if (how
== GNUTLS_SHUT_RDWR
)
221 ret
= _gnutls_recv_int (session
, GNUTLS_ALERT
, -1, NULL
, 0, NULL
);
223 while (ret
== GNUTLS_E_GOT_APPLICATION_DATA
);
226 session
->internals
.may_not_read
= 1;
239 return GNUTLS_E_INTERNAL_ERROR
;
244 session
->internals
.may_not_write
= 1;
249 session_invalidate (gnutls_session_t session
)
251 session
->internals
.invalid_connection
= 1;
256 session_unresumable (gnutls_session_t session
)
258 session
->internals
.resumable
= RESUME_FALSE
;
261 /* returns 0 if session is valid
264 session_is_valid (gnutls_session_t session
)
266 if (session
->internals
.invalid_connection
!= 0)
267 return GNUTLS_E_INVALID_SESSION
;
272 /* Copies the record version into the headers. The
273 * version must have 2 bytes at least.
276 copy_record_version (gnutls_session_t session
,
277 gnutls_handshake_description_t htype
, uint8_t version
[2])
279 gnutls_protocol_t lver
;
281 if (session
->internals
.initial_negotiation_completed
|| htype
!= GNUTLS_HANDSHAKE_CLIENT_HELLO
282 || session
->internals
.default_record_version
[0] == 0)
284 lver
= gnutls_protocol_get_version (session
);
286 version
[0] = _gnutls_version_get_major (lver
);
287 version
[1] = _gnutls_version_get_minor (lver
);
291 version
[0] = session
->internals
.default_record_version
[0];
292 version
[1] = session
->internals
.default_record_version
[1];
296 /* Increments the sequence value
299 sequence_increment (gnutls_session_t session
,
302 if (IS_DTLS(session
))
304 return _gnutls_uint48pp(value
);
308 return _gnutls_uint64pp(value
);
312 /* This function behaves exactly like write(). The only difference is
313 * that it accepts, the gnutls_session_t and the content_type_t of data to
314 * send (if called by the user the Content is specific)
315 * It is intended to transfer data, under the current session.
317 * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE.
318 * This makes the function much easier to read, and more error resistant
319 * (there were cases were the old function could mess everything up).
322 * This function may accept a NULL pointer for data, and 0 for size, if
323 * and only if the previous send was interrupted for some reason.
327 _gnutls_send_int (gnutls_session_t session
, content_type_t type
,
328 gnutls_handshake_description_t htype
,
329 unsigned int epoch_rel
, const void *_data
,
330 size_t data_size
, unsigned int mflags
)
336 uint8_t headers
[MAX_RECORD_HEADER_SIZE
];
338 const uint8_t *data
= _data
;
339 record_parameters_st
*record_params
;
340 record_state_st
*record_state
;
342 ret
= _gnutls_epoch_get (session
, epoch_rel
, &record_params
);
344 return gnutls_assert_val(ret
);
346 /* Safeguard against processing data with an incomplete cipher state. */
347 if (!record_params
->initialized
)
348 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST
);
350 record_state
= &record_params
->write
;
352 /* Do not allow null pointer if the send buffer is empty.
353 * If the previous send was interrupted then a null pointer is
354 * ok, and means to resume.
356 if (session
->internals
.record_send_buffer
.byte_length
== 0 &&
357 (data_size
== 0 && _data
== NULL
))
360 return GNUTLS_E_INVALID_REQUEST
;
363 if (type
!= GNUTLS_ALERT
) /* alert messages are sent anyway */
364 if (session_is_valid (session
) || session
->internals
.may_not_write
!= 0)
367 return GNUTLS_E_INVALID_SESSION
;
372 /* Use the default record version, if it is
375 copy_record_version (session
, htype
, &headers
[1]);
377 header_size
= RECORD_HEADER_SIZE(session
);
378 /* Adjust header length and add sequence for DTLS */
379 if (IS_DTLS(session
))
380 memcpy(&headers
[3], &record_state
->sequence_number
.i
, 8);
383 ("REC[%p]: Preparing Packet %s(%d) with length: %d\n", session
,
384 _gnutls_packet2str (type
), type
, (int) data_size
);
386 if (data_size
> MAX_RECORD_SEND_SIZE(session
))
388 if (IS_DTLS(session
))
391 return GNUTLS_E_LARGE_PACKET
;
393 send_data_size
= MAX_RECORD_SEND_SIZE(session
);
396 send_data_size
= data_size
;
398 /* Only encrypt if we don't have data to send
399 * from the previous run. - probably interrupted.
401 if (mflags
!= 0 && session
->internals
.record_send_buffer
.byte_length
> 0)
403 ret
= _gnutls_io_write_flush (session
);
409 retval
= session
->internals
.record_send_buffer_user_size
;
413 /* now proceed to packet encryption
415 cipher_size
= send_data_size
+ MAX_RECORD_OVERHEAD
+ CIPHER_SLACK_SIZE
;
416 bufel
= _mbuffer_alloc (cipher_size
, cipher_size
);
418 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR
);
421 _gnutls_encrypt (session
, headers
, header_size
, data
,
422 send_data_size
, _mbuffer_get_udata_ptr (bufel
),
423 cipher_size
, type
, record_params
);
428 ret
= GNUTLS_E_ENCRYPTION_FAILED
;
430 return ret
; /* error */
434 retval
= send_data_size
;
435 session
->internals
.record_send_buffer_user_size
= send_data_size
;
437 /* increase sequence number
439 if (sequence_increment (session
, &record_state
->sequence_number
) != 0)
441 session_invalidate (session
);
443 return gnutls_assert_val(GNUTLS_E_RECORD_LIMIT_REACHED
);
446 _mbuffer_set_udata_size (bufel
, cipher_size
);
447 ret
= _gnutls_io_write_buffered (session
, bufel
, mflags
);
450 if (ret
!= cipher_size
)
452 /* If we have sent any data then just return
453 * the error value. Do not invalidate the session.
455 if (ret
< 0 && gnutls_error_is_fatal (ret
) == 0)
456 return gnutls_assert_val(ret
);
459 ret
= gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR
);
461 session_unresumable (session
);
462 session
->internals
.may_not_write
= 1;
463 return gnutls_assert_val(ret
);
466 session
->internals
.record_send_buffer_user_size
= 0;
468 _gnutls_record_log ("REC[%p]: Sent Packet[%d] %s(%d) in epoch %d and length: %d\n",
471 _gnutls_uint64touint32
472 (&record_state
->sequence_number
),
473 _gnutls_packet2str (type
), type
,
474 (int) record_params
->epoch
,
481 check_recv_type (gnutls_session_t session
, content_type_t recv_type
)
485 case GNUTLS_CHANGE_CIPHER_SPEC
:
487 case GNUTLS_HANDSHAKE
:
488 case GNUTLS_APPLICATION_DATA
:
492 _gnutls_audit_log(session
, "Received record packet of unknown type %u\n", (unsigned int)recv_type
);
493 return GNUTLS_E_UNEXPECTED_PACKET
;
499 /* Checks if there are pending data in the record buffers. If there are
500 * then it copies the data.
503 check_buffers (gnutls_session_t session
, content_type_t type
,
504 uint8_t * data
, int data_size
, void* seq
)
506 if ((type
== GNUTLS_APPLICATION_DATA
||
507 type
== GNUTLS_HANDSHAKE
||
508 type
== GNUTLS_CHANGE_CIPHER_SPEC
)
509 && _gnutls_record_buffer_get_size (session
) > 0)
512 ret
= _gnutls_record_buffer_get (type
, session
, data
, data_size
, seq
);
515 if (IS_DTLS(session
))
517 if (ret
== GNUTLS_E_UNEXPECTED_PACKET
)
519 ret
= GNUTLS_E_AGAIN
;
534 /* Here we check if the advertized version is the one we
535 * negotiated in the handshake.
538 record_check_version (gnutls_session_t session
,
539 gnutls_handshake_description_t htype
, uint8_t version
[2])
541 if (htype
== GNUTLS_HANDSHAKE_CLIENT_HELLO
)
543 /* Reject hello packets with major version higher than 3.
545 if (!(IS_DTLS(session
)) && version
[0] > 3)
549 ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n", session
,
550 htype
, version
[0], version
[1]);
551 return GNUTLS_E_UNSUPPORTED_VERSION_PACKET
;
554 else if (htype
!= GNUTLS_HANDSHAKE_SERVER_HELLO
&&
555 gnutls_protocol_get_version (session
) !=
556 _gnutls_version_get (version
[0], version
[1]))
558 /* Reject record packets that have a different version than the
559 * one negotiated. Note that this version is not protected by any
560 * mac. I don't really think that this check serves any purpose.
563 _gnutls_record_log ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
564 session
, htype
, version
[0], version
[1]);
566 return GNUTLS_E_UNSUPPORTED_VERSION_PACKET
;
572 /* This function will check if the received record type is
573 * the one we actually expect and adds it to the proper
574 * buffer. The bufel will be deinitialized after calling
575 * this function, even if it fails.
578 record_add_to_buffers (gnutls_session_t session
,
579 struct tls_record_st
*recv
, content_type_t type
,
580 gnutls_handshake_description_t htype
,
587 if ((recv
->type
== type
)
588 && (type
== GNUTLS_APPLICATION_DATA
||
589 type
== GNUTLS_CHANGE_CIPHER_SPEC
||
590 type
== GNUTLS_HANDSHAKE
))
592 _gnutls_record_buffer_put (session
, type
, seq
, bufel
);
594 /* if we received application data as expected then we
595 * deactivate the async timer */
596 _dtls_async_timer_delete(session
);
600 /* if the expected type is different than the received
605 if (bufel
->msg
.size
< 2)
607 ret
= gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH
);
608 goto unexpected_packet
;
612 ("REC[%p]: Alert[%d|%d] - %s - was received\n", session
,
613 bufel
->msg
.data
[0], bufel
->msg
.data
[1], gnutls_alert_get_name ((int) bufel
->msg
.data
[1]));
615 session
->internals
.last_alert
= bufel
->msg
.data
[1];
617 /* if close notify is received and
618 * the alert is not fatal
620 if (bufel
->msg
.data
[1] == GNUTLS_A_CLOSE_NOTIFY
&& bufel
->msg
.data
[0] != GNUTLS_AL_FATAL
)
622 /* If we have been expecting for an alert do
624 session
->internals
.read_eof
= 1;
625 ret
= GNUTLS_E_SESSION_EOF
;
630 /* if the alert is FATAL or WARNING
631 * return the apropriate message
635 ret
= GNUTLS_E_WARNING_ALERT_RECEIVED
;
636 if (bufel
->msg
.data
[0] == GNUTLS_AL_FATAL
)
638 session_unresumable (session
);
639 session_invalidate (session
);
640 ret
= gnutls_assert_val(GNUTLS_E_FATAL_ALERT_RECEIVED
);
646 case GNUTLS_CHANGE_CIPHER_SPEC
:
647 if (!(IS_DTLS(session
)))
648 return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET
);
650 _gnutls_record_buffer_put (session
, recv
->type
, seq
, bufel
);
653 case GNUTLS_APPLICATION_DATA
:
654 if (session
->internals
.initial_negotiation_completed
== 0)
656 ret
= gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET
);
657 goto unexpected_packet
;
661 /* the got_application data is only returned
662 * if expecting client hello (for rehandshake
663 * reasons). Otherwise it is an unexpected packet
665 if (type
== GNUTLS_ALERT
|| (htype
== GNUTLS_HANDSHAKE_CLIENT_HELLO
666 && type
== GNUTLS_HANDSHAKE
))
668 /* even if data is unexpected put it into the buffer */
670 _gnutls_record_buffer_put (session
, recv
->type
, seq
,
677 return gnutls_assert_val(GNUTLS_E_GOT_APPLICATION_DATA
);
681 ret
= gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET
);
682 goto unexpected_packet
;
686 case GNUTLS_HANDSHAKE
:
687 /* In DTLS we might receive a handshake replay from the peer to indicate
688 * the our last TLS handshake messages were not received.
690 if (IS_DTLS(session
))
692 if (type
== GNUTLS_CHANGE_CIPHER_SPEC
)
694 ret
= gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET
);
695 goto unexpected_packet
;
698 if (_dtls_is_async(session
) && _dtls_async_timer_active(session
))
700 if (session
->security_parameters
.entity
== GNUTLS_SERVER
&&
701 bufel
->htype
== GNUTLS_HANDSHAKE_CLIENT_HELLO
)
703 /* client requested rehandshake. Delete the timer */
704 _dtls_async_timer_delete(session
);
708 ret
= _dtls_retransmit(session
);
711 ret
= gnutls_assert_val(GNUTLS_E_AGAIN
);
712 goto unexpected_packet
;
719 /* This is legal if HELLO_REQUEST is received - and we are a client.
720 * If we are a server, a client may initiate a renegotiation at any time.
722 if (session
->security_parameters
.entity
== GNUTLS_SERVER
&&
723 bufel
->htype
== GNUTLS_HANDSHAKE_CLIENT_HELLO
)
727 _gnutls_record_buffer_put (session
, recv
->type
, seq
, bufel
);
733 return GNUTLS_E_REHANDSHAKE
;
736 /* If we are already in a handshake then a Hello
737 * Request is illegal. But here we don't really care
738 * since this message will never make it up here.
741 /* So we accept it, if it is a Hello. If not, this will
742 * fail and trigger flight retransmissions after some time. */
743 ret
= _gnutls_recv_hello_request (session
, bufel
->msg
.data
, bufel
->msg
.size
);
744 goto unexpected_packet
;
750 ("REC[%p]: Received Unknown packet %d expecting %d\n",
751 session
, recv
->type
, type
);
754 ret
= GNUTLS_E_UNEXPECTED_PACKET
;
755 goto unexpected_packet
;
762 if (IS_DTLS(session
) && ret
!= GNUTLS_E_REHANDSHAKE
)
764 _mbuffer_xfree(&bufel
);
765 RETURN_DTLS_EAGAIN_OR_TIMEOUT(session
, ret
);
769 _mbuffer_xfree(&bufel
);
774 int _gnutls_get_max_decrypted_data(gnutls_session_t session
)
778 if (gnutls_compression_get (session
) != GNUTLS_COMP_NULL
||
779 session
->internals
.priorities
.allow_large_records
!= 0)
780 ret
= MAX_RECORD_RECV_SIZE(session
) + EXTRA_COMP_SIZE
;
782 ret
= MAX_RECORD_RECV_SIZE(session
);
787 /* Checks the record headers and returns the length, version and
791 record_read_headers (gnutls_session_t session
,
792 uint8_t headers
[MAX_RECORD_HEADER_SIZE
],
794 gnutls_handshake_description_t htype
,
795 struct tls_record_st
* record
)
798 /* Read the first two bytes to determine if this is a
802 if (htype
== GNUTLS_HANDSHAKE_CLIENT_HELLO
&& type
== GNUTLS_HANDSHAKE
803 && headers
[0] > 127 && !(IS_DTLS(session
)))
806 /* if msb set and expecting handshake message
807 * it should be SSL 2 hello
809 record
->version
[0] = 3; /* assume SSL 3.0 */
810 record
->version
[1] = 0;
812 record
->length
= (((headers
[0] & 0x7f) << 8)) | headers
[1];
814 /* SSL 2.0 headers */
815 record
->header_size
= record
->packet_size
= 2;
816 record
->type
= GNUTLS_HANDSHAKE
; /* we accept only v2 client hello
819 /* in order to assist the handshake protocol.
820 * V2 compatibility is a mess.
825 _gnutls_record_log ("REC[%p]: SSL 2.0 %s packet received. Length: %d\n",
827 _gnutls_packet2str (record
->type
),
833 /* dtls version 1.0 and TLS version 1.x */
836 record
->type
= headers
[0];
837 record
->version
[0] = headers
[1];
838 record
->version
[1] = headers
[2];
842 memcpy(record
->sequence
.i
, &headers
[3], 8);
843 record
->length
= _gnutls_read_uint16 (&headers
[11]);
844 record
->epoch
= _gnutls_read_uint16(record
->sequence
.i
);
848 record
->length
= _gnutls_read_uint16 (&headers
[3]);
852 _gnutls_record_log ("REC[%p]: SSL %d.%d %s packet received. Epoch %d, length: %d\n",
853 session
, (int)record
->version
[0], (int)record
->version
[1],
854 _gnutls_packet2str (record
->type
),
855 (int)record
->epoch
, record
->length
);
859 record
->packet_size
+= record
->length
;
863 static int recv_headers( gnutls_session_t session
, content_type_t type
,
864 gnutls_handshake_description_t htype
, struct tls_record_st
* record
)
867 gnutls_datum_t raw
; /* raw headers */
870 record
->header_size
= record
->packet_size
= RECORD_HEADER_SIZE(session
);
873 _gnutls_io_read_buffered (session
, record
->header_size
, -1)) != record
->header_size
)
875 if (ret
< 0 && gnutls_error_is_fatal (ret
) == 0)
879 ret
= GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
881 ret
= GNUTLS_E_PREMATURE_TERMINATION
;
883 return gnutls_assert_val(ret
);
886 ret
= _mbuffer_linearize (&session
->internals
.record_recv_buffer
);
888 return gnutls_assert_val(ret
);
890 _mbuffer_head_get_first (&session
->internals
.record_recv_buffer
, &raw
);
891 if (raw
.size
< RECORD_HEADER_SIZE(session
))
892 return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH
);
894 record_read_headers (session
, raw
.data
, type
, htype
, record
);
896 /* Check if the DTLS epoch is valid */
897 if (IS_DTLS(session
))
899 if (_gnutls_epoch_is_valid(session
, record
->epoch
) == 0)
901 _gnutls_audit_log(session
, "Discarded message[%u] with invalid epoch %u.\n",
902 (unsigned int)_gnutls_uint64touint32 (&record
->sequence
),
903 (unsigned int)record
->sequence
.i
[0]*256+(unsigned int)record
->sequence
.i
[1]);
905 /* doesn't matter, just a fatal error */
906 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
910 /* Here we check if the Type of the received packet is
913 if ((ret
= check_recv_type (session
, record
->type
)) < 0)
914 return gnutls_assert_val(ret
);
916 /* Here we check if the advertized version is the one we
917 * negotiated in the handshake.
919 if ((ret
= record_check_version (session
, htype
, record
->version
)) < 0)
920 return gnutls_assert_val(ret
);
922 if (record
->length
> MAX_RECV_SIZE(session
))
925 (session
, "Received packet with illegal length: %u\n", (unsigned int)record
->length
);
926 return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH
);
930 ("REC[%p]: Expected Packet %s(%d)\n", session
,
931 _gnutls_packet2str (type
), type
);
932 _gnutls_record_log ("REC[%p]: Received Packet %s(%d) with length: %d\n",
934 _gnutls_packet2str (record
->type
), record
->type
, record
->length
);
940 #define MAX_EMPTY_PACKETS_SEQUENCE 4
942 /* This will receive record layer packets and add them to
943 * application_data_buffer and handshake_data_buffer.
946 _gnutls_recv_in_buffers (gnutls_session_t session
, content_type_t type
,
947 gnutls_handshake_description_t htype
)
949 uint64
*packet_sequence
;
951 mbuffer_st
* bufel
= NULL
, *decrypted
= NULL
;
953 int empty_packet
= 0;
954 record_parameters_st
*record_params
;
955 record_state_st
*record_state
;
956 struct tls_record_st record
;
960 if (empty_packet
> MAX_EMPTY_PACKETS_SEQUENCE
)
963 return GNUTLS_E_TOO_MANY_EMPTY_PACKETS
;
966 memset(&record
, 0, sizeof(record
));
968 if (session
->internals
.read_eof
!= 0)
970 /* if we have already read an EOF
974 else if (session_is_valid (session
) != 0
975 || session
->internals
.may_not_read
!= 0)
976 return gnutls_assert_val(GNUTLS_E_INVALID_SESSION
);
978 /* get the record state parameters */
979 ret
= _gnutls_epoch_get (session
, EPOCH_READ_CURRENT
, &record_params
);
981 return gnutls_assert_val (ret
);
983 /* Safeguard against processing data with an incomplete cipher state. */
984 if (!record_params
->initialized
)
985 return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR
);
987 record_state
= &record_params
->read
;
989 /* receive headers */
990 ret
= recv_headers(session
, type
, htype
, &record
);
993 ret
= gnutls_assert_val_fatal(ret
);
997 if (IS_DTLS(session
))
998 packet_sequence
= &record
.sequence
;
1000 packet_sequence
= &record_state
->sequence_number
;
1002 /* Read the packet data and insert it to record_recv_buffer.
1005 _gnutls_io_read_buffered (session
, record
.packet_size
,
1007 if (ret
!= record
.packet_size
)
1013 /* ok now we are sure that we have read all the data - so
1016 ret
= _mbuffer_linearize (&session
->internals
.record_recv_buffer
);
1018 return gnutls_assert_val(ret
);
1020 bufel
= _mbuffer_head_get_first (&session
->internals
.record_recv_buffer
, NULL
);
1022 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR
);
1024 /* We allocate the maximum possible to allow few compressed bytes to expand to a
1027 decrypted
= _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session
),
1028 MAX_RECORD_RECV_SIZE(session
));
1029 if (decrypted
== NULL
)
1030 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR
);
1032 ciphertext
= (uint8_t*)_mbuffer_get_udata_ptr(bufel
) + record
.header_size
;
1034 /* decrypt the data we got.
1037 _gnutls_decrypt (session
, ciphertext
, record
.length
,
1038 _mbuffer_get_udata_ptr(decrypted
), _mbuffer_get_udata_size(decrypted
),
1039 record
.type
, record_params
, packet_sequence
);
1040 if (ret
>= 0) _mbuffer_set_udata_size(decrypted
, ret
);
1042 _mbuffer_head_remove_bytes (&session
->internals
.record_recv_buffer
,
1043 record
.header_size
+ record
.length
);
1047 _gnutls_audit_log(session
, "Discarded message[%u] due to invalid decryption\n",
1048 (unsigned int)_gnutls_uint64touint32 (packet_sequence
));
1049 goto sanity_check_error
;
1052 /* check for duplicates. We check after the message
1053 * is processed and authenticated to avoid someone
1054 * messing with our windows.
1056 if (IS_DTLS(session
))
1058 ret
= _dtls_record_check(record_params
, packet_sequence
);
1061 _gnutls_audit_log(session
, "Discarded duplicate message[%u]: %s\n",
1062 (unsigned int) _gnutls_uint64touint32 (packet_sequence
), _gnutls_packet2str (record
.type
));
1063 goto sanity_check_error
;
1066 ("REC[%p]: Decrypted Packet[%u.%u] %s(%d) with length: %d\n", session
,
1067 (unsigned int)record
.sequence
.i
[0]*256 +(unsigned int)record
.sequence
.i
[1],
1068 (unsigned int) _gnutls_uint64touint32 (packet_sequence
),
1069 _gnutls_packet2str (record
.type
), record
.type
, (int)_mbuffer_get_udata_size(decrypted
));
1074 ("REC[%p]: Decrypted Packet[%u] %s(%d) with length: %d\n", session
,
1075 (unsigned int) _gnutls_uint64touint32 (packet_sequence
),
1076 _gnutls_packet2str (record
.type
), record
.type
, (int)_mbuffer_get_udata_size(decrypted
));
1079 /* increase sequence number
1081 if (!IS_DTLS(session
) && sequence_increment (session
, &record_state
->sequence_number
) != 0)
1083 session_invalidate (session
);
1085 ret
= GNUTLS_E_RECORD_LIMIT_REACHED
;
1086 goto sanity_check_error
;
1089 /* (originally for) TLS 1.0 CBC protection.
1090 * Actually this code is called if we just received
1091 * an empty packet. An empty TLS packet is usually
1092 * sent to protect some vulnerabilities in the CBC mode.
1093 * In that case we go to the beginning and start reading
1096 if (_mbuffer_get_udata_size(decrypted
) == 0)
1098 _mbuffer_xfree(&decrypted
);
1104 decrypted
->htype
= GNUTLS_HANDSHAKE_CLIENT_HELLO_V2
;
1107 uint8_t * p
= _mbuffer_get_udata_ptr(decrypted
);
1108 decrypted
->htype
= p
[0];
1112 record_add_to_buffers (session
, &record
, type
, htype
,
1113 packet_sequence
, decrypted
);
1115 /* bufel is now either deinitialized or buffered somewhere else */
1118 return gnutls_assert_val(ret
);
1123 session
->internals
.dtls
.packets_dropped
++;
1125 /* discard the whole received fragment. */
1126 bufel
= _mbuffer_head_pop_first(&session
->internals
.record_recv_buffer
);
1127 _mbuffer_xfree(&bufel
);
1128 return gnutls_assert_val(GNUTLS_E_AGAIN
);
1131 if (IS_DTLS(session
))
1133 session
->internals
.dtls
.packets_dropped
++;
1134 ret
= gnutls_assert_val(GNUTLS_E_AGAIN
);
1138 session_unresumable (session
);
1139 session_invalidate (session
);
1142 _mbuffer_xfree(&decrypted
);
1146 if (ret
< 0 && gnutls_error_is_fatal (ret
) == 0)
1149 if (IS_DTLS(session
))
1154 session_invalidate (session
);
1155 if (type
== GNUTLS_ALERT
) /* we were expecting close notify */
1160 session_unresumable (session
);
1163 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
1168 /* This function behaves exactly like read(). The only difference is
1169 * that it accepts the gnutls_session_t and the content_type_t of data to
1170 * receive (if called by the user the Content is Userdata only)
1171 * It is intended to receive data, under the current session.
1173 * The gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos.
1176 _gnutls_recv_int (gnutls_session_t session
, content_type_t type
,
1177 gnutls_handshake_description_t htype
,
1178 uint8_t * data
, size_t data_size
, void* seq
)
1182 if (type
!= GNUTLS_ALERT
&& (data_size
== 0 || data
== NULL
))
1184 return GNUTLS_E_INVALID_REQUEST
;
1187 if (session
->internals
.read_eof
!= 0)
1189 /* if we have already read an EOF
1193 else if (session_is_valid (session
) != 0
1194 || session
->internals
.may_not_read
!= 0)
1197 return GNUTLS_E_INVALID_SESSION
;
1200 _dtls_async_timer_check(session
);
1202 /* If we have enough data in the cache do not bother receiving
1203 * a new packet. (in order to flush the cache)
1205 ret
= check_buffers (session
, type
, data
, data_size
, seq
);
1209 ret
= _gnutls_recv_in_buffers(session
, type
, htype
);
1210 if (ret
< 0 && ret
!= GNUTLS_E_SESSION_EOF
)
1211 return gnutls_assert_val(ret
);
1213 return check_buffers (session
, type
, data
, data_size
, seq
);
1218 * gnutls_record_send:
1219 * @session: is a #gnutls_session_t structure.
1220 * @data: contains the data to send
1221 * @data_size: is the length of the data
1223 * This function has the similar semantics with send(). The only
1224 * difference is that it accepts a GnuTLS session, and uses different
1226 * Note that if the send buffer is full, send() will block this
1227 * function. See the send() documentation for full information. You
1228 * can replace the default push function by using
1229 * gnutls_transport_set_ptr2() with a call to send() with a
1230 * MSG_DONTWAIT flag if blocking is a problem.
1231 * If the EINTR is returned by the internal push function (the
1232 * default is send()) then %GNUTLS_E_INTERRUPTED will be returned. If
1233 * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
1234 * call this function again, with the same parameters; alternatively
1235 * you could provide a %NULL pointer for data, and 0 for
1236 * size. cf. gnutls_record_get_direction(). The errno value EMSGSIZE
1237 * maps to %GNUTLS_E_LARGE_PACKET.
1239 * Returns: The number of bytes sent, or a negative error code. The
1240 * number of bytes sent might be less than @data_size. The maximum
1241 * number of bytes this function can send in a single call depends
1242 * on the negotiated maximum record size.
1245 gnutls_record_send (gnutls_session_t session
, const void *data
,
1248 return _gnutls_send_int (session
, GNUTLS_APPLICATION_DATA
, -1,
1249 EPOCH_WRITE_CURRENT
, data
, data_size
,
1254 * gnutls_record_recv:
1255 * @session: is a #gnutls_session_t structure.
1256 * @data: the buffer that the data will be read into
1257 * @data_size: the number of requested bytes
1259 * This function has the similar semantics with recv(). The only
1260 * difference is that it accepts a GnuTLS session, and uses different
1262 * In the special case that a server requests a renegotiation, the
1263 * client may receive an error code of %GNUTLS_E_REHANDSHAKE. This
1264 * message may be simply ignored, replied with an alert
1265 * %GNUTLS_A_NO_RENEGOTIATION, or replied with a new handshake,
1266 * depending on the client's will.
1267 * If %EINTR is returned by the internal push function (the default
1268 * is recv()) then %GNUTLS_E_INTERRUPTED will be returned. If
1269 * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
1270 * call this function again to get the data. See also
1271 * gnutls_record_get_direction().
1272 * A server may also receive %GNUTLS_E_REHANDSHAKE when a client has
1273 * initiated a handshake. In that case the server can only initiate a
1274 * handshake or terminate the connection.
1276 * Returns: The number of bytes received and zero on EOF (for stream
1277 * connections). A negative error code is returned in case of an error.
1278 * The number of bytes received might be less than the requested @data_size.
1281 gnutls_record_recv (gnutls_session_t session
, void *data
, size_t data_size
)
1283 return _gnutls_recv_int (session
, GNUTLS_APPLICATION_DATA
, -1, data
,
1288 * gnutls_record_recv_seq:
1289 * @session: is a #gnutls_session_t structure.
1290 * @data: the buffer that the data will be read into
1291 * @data_size: the number of requested bytes
1292 * @seq: is the packet's 64-bit sequence number. Should have space for 8 bytes.
1294 * This function is the same as gnutls_record_recv(), except that
1295 * it returns in addition to data, the sequence number of the data.
1296 * This is useful in DTLS where record packets might be received
1297 * out-of-order. The returned 8-byte sequence number is an
1298 * integer in big-endian format and should be
1299 * treated as a unique message identification.
1301 * Returns: The number of bytes received and zero on EOF. A negative
1302 * error code is returned in case of an error. The number of bytes
1303 * received might be less than @data_size.
1308 gnutls_record_recv_seq (gnutls_session_t session
, void *data
, size_t data_size
,
1311 return _gnutls_recv_int (session
, GNUTLS_APPLICATION_DATA
, -1, data
,