2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* Functions that are record layer specific, are included in this file.
26 /* allocate this many bytes more when encrypting or decrypting, to
27 * compensate for broken backends such as cryptodev.
29 #define CIPHER_SLACK_SIZE 32
31 #include "gnutls_int.h"
32 #include "gnutls_errors.h"
34 #include "gnutls_compress.h"
35 #include "gnutls_cipher.h"
36 #include "gnutls_buffers.h"
37 #include "gnutls_mbuffers.h"
38 #include "gnutls_handshake.h"
39 #include "gnutls_hash_int.h"
40 #include "gnutls_cipher_int.h"
41 #include "algorithms.h"
42 #include "gnutls_db.h"
43 #include "gnutls_auth.h"
44 #include "gnutls_num.h"
45 #include "gnutls_record.h"
46 #include "gnutls_datum.h"
47 #include "gnutls_constate.h"
48 #include "ext/max_record.h"
49 #include <ext/heartbeat.h>
50 #include <gnutls_state.h>
51 #include <gnutls_dtls.h>
52 #include <gnutls_dh.h>
55 struct tls_record_st
{
58 uint64 sequence
; /* DTLS */
60 uint16_t packet_size
; /* header_size + length */
62 uint16_t epoch
; /* valid in DTLS only */
63 int v2
:1; /* whether an SSLv2 client hello */
68 * gnutls_record_disable_padding:
69 * @session: is a #gnutls_session_t structure.
71 * Used to disabled padding in TLS 1.0 and above. Normally you do not
72 * need to use this function, but there are buggy clients that
73 * complain if a server pads the encrypted data. This of course will
74 * disable protection against statistical attacks on the data.
76 * Normally only servers that require maximum compatibility with everything
77 * out there, need to call this function.
80 gnutls_record_disable_padding (gnutls_session_t session
)
82 session
->internals
.priorities
.no_padding
= 1;
86 * gnutls_transport_set_ptr:
87 * @session: is a #gnutls_session_t structure.
90 * Used to set the first argument of the transport function (for push
91 * and pull callbacks). In berkeley style sockets this function will set the
92 * connection descriptor.
95 gnutls_transport_set_ptr (gnutls_session_t session
,
96 gnutls_transport_ptr_t ptr
)
98 session
->internals
.transport_recv_ptr
= ptr
;
99 session
->internals
.transport_send_ptr
= ptr
;
103 * gnutls_transport_set_ptr2:
104 * @session: is a #gnutls_session_t structure.
105 * @recv_ptr: is the value for the pull function
106 * @send_ptr: is the value for the push function
108 * Used to set the first argument of the transport function (for push
109 * and pull callbacks). In berkeley style sockets this function will set the
110 * connection descriptor. With this function you can use two different
111 * pointers for receiving and sending.
114 gnutls_transport_set_ptr2 (gnutls_session_t session
,
115 gnutls_transport_ptr_t recv_ptr
,
116 gnutls_transport_ptr_t send_ptr
)
118 session
->internals
.transport_send_ptr
= send_ptr
;
119 session
->internals
.transport_recv_ptr
= recv_ptr
;
123 * gnutls_transport_get_ptr:
124 * @session: is a #gnutls_session_t structure.
126 * Used to get the first argument of the transport function (like
127 * PUSH and PULL). This must have been set using
128 * gnutls_transport_set_ptr().
130 * Returns: The first argument of the transport function.
132 gnutls_transport_ptr_t
133 gnutls_transport_get_ptr (gnutls_session_t session
)
135 return session
->internals
.transport_recv_ptr
;
139 * gnutls_transport_get_ptr2:
140 * @session: is a #gnutls_session_t structure.
141 * @recv_ptr: will hold the value for the pull function
142 * @send_ptr: will hold the value for the push function
144 * Used to get the arguments of the transport functions (like PUSH
145 * and PULL). These should have been set using
146 * gnutls_transport_set_ptr2().
149 gnutls_transport_get_ptr2 (gnutls_session_t session
,
150 gnutls_transport_ptr_t
* recv_ptr
,
151 gnutls_transport_ptr_t
* send_ptr
)
154 *recv_ptr
= session
->internals
.transport_recv_ptr
;
155 *send_ptr
= session
->internals
.transport_send_ptr
;
160 * @session: is a #gnutls_session_t structure.
161 * @how: is an integer
163 * Terminates the current TLS/SSL connection. The connection should
164 * have been initiated using gnutls_handshake(). @how should be one
165 * of %GNUTLS_SHUT_RDWR, %GNUTLS_SHUT_WR.
167 * In case of %GNUTLS_SHUT_RDWR the TLS session gets
168 * terminated and further receives and sends will be disallowed. If
169 * the return value is zero you may continue using the underlying
170 * transport layer. %GNUTLS_SHUT_RDWR sends an alert containing a close
171 * request and waits for the peer to reply with the same message.
173 * In case of %GNUTLS_SHUT_WR the TLS session gets terminated
174 * and further sends will be disallowed. In order to reuse the
175 * connection you should wait for an EOF from the peer.
176 * %GNUTLS_SHUT_WR sends an alert containing a close request.
178 * Note that not all implementations will properly terminate a TLS
179 * connection. Some of them, usually for performance reasons, will
180 * terminate only the underlying transport layer, and thus not
181 * distinguishing between a malicious party prematurely terminating
182 * the connection and normal termination.
184 * This function may also return %GNUTLS_E_AGAIN or
185 * %GNUTLS_E_INTERRUPTED; cf. gnutls_record_get_direction().
187 * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see
188 * function documentation for entire semantics.
191 gnutls_bye (gnutls_session_t session
, gnutls_close_request_t how
)
199 ret
= _gnutls_io_write_flush (session
);
209 gnutls_alert_send (session
, GNUTLS_AL_WARNING
, GNUTLS_A_CLOSE_NOTIFY
);
219 if (how
== GNUTLS_SHUT_RDWR
)
223 ret
= _gnutls_recv_int (session
, GNUTLS_ALERT
, -1, NULL
, 0, NULL
);
225 while (ret
== GNUTLS_E_GOT_APPLICATION_DATA
);
228 session
->internals
.may_not_read
= 1;
241 return GNUTLS_E_INTERNAL_ERROR
;
246 session
->internals
.may_not_write
= 1;
251 session_invalidate (gnutls_session_t session
)
253 session
->internals
.invalid_connection
= 1;
258 session_unresumable (gnutls_session_t session
)
260 session
->internals
.resumable
= RESUME_FALSE
;
263 /* returns 0 if session is valid
266 session_is_valid (gnutls_session_t session
)
268 if (session
->internals
.invalid_connection
!= 0)
269 return GNUTLS_E_INVALID_SESSION
;
274 /* Copies the record version into the headers. The
275 * version must have 2 bytes at least.
278 copy_record_version (gnutls_session_t session
,
279 gnutls_handshake_description_t htype
, uint8_t version
[2])
281 gnutls_protocol_t lver
;
283 if (session
->internals
.initial_negotiation_completed
|| htype
!= GNUTLS_HANDSHAKE_CLIENT_HELLO
284 || session
->internals
.default_record_version
[0] == 0)
286 lver
= gnutls_protocol_get_version (session
);
288 version
[0] = _gnutls_version_get_major (lver
);
289 version
[1] = _gnutls_version_get_minor (lver
);
293 version
[0] = session
->internals
.default_record_version
[0];
294 version
[1] = session
->internals
.default_record_version
[1];
298 /* Increments the sequence value
301 sequence_increment (gnutls_session_t session
,
304 if (IS_DTLS(session
))
306 return _gnutls_uint48pp(value
);
310 return _gnutls_uint64pp(value
);
314 /* This function behaves exactly like write(). The only difference is
315 * that it accepts, the gnutls_session_t and the content_type_t of data to
316 * send (if called by the user the Content is specific)
317 * It is intended to transfer data, under the current session.
319 * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE.
320 * This makes the function much easier to read, and more error resistant
321 * (there were cases were the old function could mess everything up).
324 * This function may accept a NULL pointer for data, and 0 for size, if
325 * and only if the previous send was interrupted for some reason.
329 _gnutls_send_int (gnutls_session_t session
, content_type_t type
,
330 gnutls_handshake_description_t htype
,
331 unsigned int epoch_rel
, const void *_data
,
332 size_t data_size
, unsigned int mflags
)
338 uint8_t headers
[MAX_RECORD_HEADER_SIZE
];
340 const uint8_t *data
= _data
;
341 record_parameters_st
*record_params
;
342 record_state_st
*record_state
;
344 ret
= _gnutls_epoch_get (session
, epoch_rel
, &record_params
);
346 return gnutls_assert_val(ret
);
348 /* Safeguard against processing data with an incomplete cipher state. */
349 if (!record_params
->initialized
)
350 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST
);
352 record_state
= &record_params
->write
;
354 /* Do not allow null pointer if the send buffer is empty.
355 * If the previous send was interrupted then a null pointer is
356 * ok, and means to resume.
358 if (session
->internals
.record_send_buffer
.byte_length
== 0 &&
359 (data_size
== 0 && _data
== NULL
))
362 return GNUTLS_E_INVALID_REQUEST
;
365 if (type
!= GNUTLS_ALERT
) /* alert messages are sent anyway */
366 if (session_is_valid (session
) || session
->internals
.may_not_write
!= 0)
369 return GNUTLS_E_INVALID_SESSION
;
374 /* Use the default record version, if it is
377 copy_record_version (session
, htype
, &headers
[1]);
379 header_size
= RECORD_HEADER_SIZE(session
);
380 /* Adjust header length and add sequence for DTLS */
381 if (IS_DTLS(session
))
382 memcpy(&headers
[3], &record_state
->sequence_number
.i
, 8);
385 ("REC[%p]: Preparing Packet %s(%d) with length: %d\n", session
,
386 _gnutls_packet2str (type
), type
, (int) data_size
);
388 if (data_size
> MAX_RECORD_SEND_SIZE(session
))
390 if (IS_DTLS(session
))
393 return GNUTLS_E_LARGE_PACKET
;
395 send_data_size
= MAX_RECORD_SEND_SIZE(session
);
398 send_data_size
= data_size
;
400 /* Only encrypt if we don't have data to send
401 * from the previous run. - probably interrupted.
403 if (mflags
!= 0 && session
->internals
.record_send_buffer
.byte_length
> 0)
405 ret
= _gnutls_io_write_flush (session
);
411 retval
= session
->internals
.record_send_buffer_user_size
;
415 /* now proceed to packet encryption
417 cipher_size
= send_data_size
+ MAX_RECORD_OVERHEAD
+ CIPHER_SLACK_SIZE
;
418 bufel
= _mbuffer_alloc (cipher_size
, cipher_size
);
420 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR
);
423 _gnutls_encrypt (session
, headers
, header_size
, data
,
424 send_data_size
, _mbuffer_get_udata_ptr (bufel
),
425 cipher_size
, type
, record_params
);
430 ret
= GNUTLS_E_ENCRYPTION_FAILED
;
432 return ret
; /* error */
436 retval
= send_data_size
;
437 session
->internals
.record_send_buffer_user_size
= send_data_size
;
439 /* increase sequence number
441 if (sequence_increment (session
, &record_state
->sequence_number
) != 0)
443 session_invalidate (session
);
445 return gnutls_assert_val(GNUTLS_E_RECORD_LIMIT_REACHED
);
448 _mbuffer_set_udata_size (bufel
, cipher_size
);
449 ret
= _gnutls_io_write_buffered (session
, bufel
, mflags
);
452 if (ret
!= cipher_size
)
454 /* If we have sent any data then just return
455 * the error value. Do not invalidate the session.
457 if (ret
< 0 && gnutls_error_is_fatal (ret
) == 0)
458 return gnutls_assert_val(ret
);
461 ret
= gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR
);
463 session_unresumable (session
);
464 session
->internals
.may_not_write
= 1;
465 return gnutls_assert_val(ret
);
468 session
->internals
.record_send_buffer_user_size
= 0;
470 _gnutls_record_log ("REC[%p]: Sent Packet[%d] %s(%d) in epoch %d and length: %d\n",
473 _gnutls_uint64touint32
474 (&record_state
->sequence_number
),
475 _gnutls_packet2str (type
), type
,
476 (int) record_params
->epoch
,
483 check_recv_type (gnutls_session_t session
, content_type_t recv_type
)
487 case GNUTLS_CHANGE_CIPHER_SPEC
:
489 case GNUTLS_HANDSHAKE
:
490 case GNUTLS_HEARTBEAT
:
491 case GNUTLS_APPLICATION_DATA
:
495 _gnutls_audit_log(session
, "Received record packet of unknown type %u\n", (unsigned int)recv_type
);
496 return GNUTLS_E_UNEXPECTED_PACKET
;
502 /* Checks if there are pending data in the record buffers. If there are
503 * then it copies the data.
506 check_buffers (gnutls_session_t session
, content_type_t type
,
507 uint8_t * data
, int data_size
, void* seq
)
509 if ((type
== GNUTLS_APPLICATION_DATA
||
510 type
== GNUTLS_HANDSHAKE
||
511 type
== GNUTLS_HEARTBEAT
||
512 type
== GNUTLS_CHANGE_CIPHER_SPEC
)
513 && _gnutls_record_buffer_get_size (session
) > 0)
516 ret
= _gnutls_record_buffer_get (type
, session
, data
, data_size
, seq
);
519 if (IS_DTLS(session
))
521 if (ret
== GNUTLS_E_UNEXPECTED_PACKET
)
523 ret
= GNUTLS_E_AGAIN
;
538 /* Here we check if the advertized version is the one we
539 * negotiated in the handshake.
542 record_check_version (gnutls_session_t session
,
543 gnutls_handshake_description_t htype
, uint8_t version
[2])
545 if (htype
== GNUTLS_HANDSHAKE_CLIENT_HELLO
)
547 /* Reject hello packets with major version higher than 3.
549 if (!(IS_DTLS(session
)) && version
[0] > 3)
553 ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n", session
,
554 htype
, version
[0], version
[1]);
555 return GNUTLS_E_UNSUPPORTED_VERSION_PACKET
;
558 else if (htype
!= GNUTLS_HANDSHAKE_SERVER_HELLO
&&
559 gnutls_protocol_get_version (session
) !=
560 _gnutls_version_get (version
[0], version
[1]))
562 /* Reject record packets that have a different version than the
563 * one negotiated. Note that this version is not protected by any
564 * mac. I don't really think that this check serves any purpose.
567 _gnutls_record_log ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
568 session
, htype
, version
[0], version
[1]);
570 return GNUTLS_E_UNSUPPORTED_VERSION_PACKET
;
576 /* This function will check if the received record type is
577 * the one we actually expect and adds it to the proper
578 * buffer. The bufel will be deinitialized after calling
579 * this function, even if it fails.
582 record_add_to_buffers (gnutls_session_t session
,
583 struct tls_record_st
*recv
, content_type_t type
,
584 gnutls_handshake_description_t htype
,
591 if ((recv
->type
== type
)
592 && (type
== GNUTLS_APPLICATION_DATA
||
593 type
== GNUTLS_CHANGE_CIPHER_SPEC
||
594 type
== GNUTLS_HEARTBEAT
||
595 type
== GNUTLS_HANDSHAKE
))
597 _gnutls_record_buffer_put (session
, type
, seq
, bufel
);
599 /* if we received application data as expected then we
600 * deactivate the async timer */
601 _dtls_async_timer_delete(session
);
605 /* if the expected type is different than the received
610 if (bufel
->msg
.size
< 2)
612 ret
= gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH
);
613 goto unexpected_packet
;
617 ("REC[%p]: Alert[%d|%d] - %s - was received\n", session
,
618 bufel
->msg
.data
[0], bufel
->msg
.data
[1], gnutls_alert_get_name ((int) bufel
->msg
.data
[1]));
620 session
->internals
.last_alert
= bufel
->msg
.data
[1];
622 /* if close notify is received and
623 * the alert is not fatal
625 if (bufel
->msg
.data
[1] == GNUTLS_A_CLOSE_NOTIFY
&& bufel
->msg
.data
[0] != GNUTLS_AL_FATAL
)
627 /* If we have been expecting for an alert do
629 session
->internals
.read_eof
= 1;
630 ret
= GNUTLS_E_SESSION_EOF
;
635 /* if the alert is FATAL or WARNING
636 * return the apropriate message
640 ret
= GNUTLS_E_WARNING_ALERT_RECEIVED
;
641 if (bufel
->msg
.data
[0] == GNUTLS_AL_FATAL
)
643 session_unresumable (session
);
644 session_invalidate (session
);
645 ret
= gnutls_assert_val(GNUTLS_E_FATAL_ALERT_RECEIVED
);
651 case GNUTLS_CHANGE_CIPHER_SPEC
:
652 if (!(IS_DTLS(session
)))
653 return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET
);
655 _gnutls_record_buffer_put (session
, recv
->type
, seq
, bufel
);
659 case GNUTLS_HEARTBEAT
:
660 ret
= _gnutls_heartbeat_handle (session
, bufel
);
663 case GNUTLS_APPLICATION_DATA
:
664 if (session
->internals
.initial_negotiation_completed
== 0)
666 ret
= gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET
);
667 goto unexpected_packet
;
671 /* the got_application data is only returned
672 * if expecting client hello (for rehandshake
673 * reasons). Otherwise it is an unexpected packet
675 if (type
== GNUTLS_ALERT
|| (htype
== GNUTLS_HANDSHAKE_CLIENT_HELLO
676 && type
== GNUTLS_HANDSHAKE
))
678 /* even if data is unexpected put it into the buffer */
680 _gnutls_record_buffer_put (session
, recv
->type
, seq
,
687 return gnutls_assert_val(GNUTLS_E_GOT_APPLICATION_DATA
);
691 ret
= gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET
);
692 goto unexpected_packet
;
697 case GNUTLS_HANDSHAKE
:
698 /* In DTLS we might receive a handshake replay from the peer to indicate
699 * the our last TLS handshake messages were not received.
701 if (IS_DTLS(session
))
703 if (type
== GNUTLS_CHANGE_CIPHER_SPEC
)
705 ret
= gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET
);
706 goto unexpected_packet
;
709 if (_dtls_is_async(session
) && _dtls_async_timer_active(session
))
711 if (session
->security_parameters
.entity
== GNUTLS_SERVER
&&
712 bufel
->htype
== GNUTLS_HANDSHAKE_CLIENT_HELLO
)
714 /* client requested rehandshake. Delete the timer */
715 _dtls_async_timer_delete(session
);
719 ret
= _dtls_retransmit(session
);
722 ret
= gnutls_assert_val(GNUTLS_E_AGAIN
);
723 goto unexpected_packet
;
730 /* This is legal if HELLO_REQUEST is received - and we are a client.
731 * If we are a server, a client may initiate a renegotiation at any time.
733 if (session
->security_parameters
.entity
== GNUTLS_SERVER
&&
734 bufel
->htype
== GNUTLS_HANDSHAKE_CLIENT_HELLO
)
738 _gnutls_record_buffer_put (session
, recv
->type
, seq
, bufel
);
744 return GNUTLS_E_REHANDSHAKE
;
747 /* If we are already in a handshake then a Hello
748 * Request is illegal. But here we don't really care
749 * since this message will never make it up here.
752 /* So we accept it, if it is a Hello. If not, this will
753 * fail and trigger flight retransmissions after some time. */
754 ret
= _gnutls_recv_hello_request (session
, bufel
->msg
.data
, bufel
->msg
.size
);
755 goto unexpected_packet
;
761 ("REC[%p]: Received unexpected packet %d (%s) expecting %d (%s)\n",
762 session
, recv
->type
, _gnutls_packet2str(recv
->type
), type
, _gnutls_packet2str(type
));
765 ret
= GNUTLS_E_UNEXPECTED_PACKET
;
766 goto unexpected_packet
;
773 if (IS_DTLS(session
) && ret
!= GNUTLS_E_REHANDSHAKE
)
775 _mbuffer_xfree(&bufel
);
776 RETURN_DTLS_EAGAIN_OR_TIMEOUT(session
, ret
);
780 _mbuffer_xfree(&bufel
);
785 int _gnutls_get_max_decrypted_data(gnutls_session_t session
)
789 if (gnutls_compression_get (session
) != GNUTLS_COMP_NULL
||
790 session
->internals
.priorities
.allow_large_records
!= 0)
791 ret
= MAX_RECORD_RECV_SIZE(session
) + EXTRA_COMP_SIZE
;
793 ret
= MAX_RECORD_RECV_SIZE(session
);
798 /* Checks the record headers and returns the length, version and
802 record_read_headers (gnutls_session_t session
,
803 uint8_t headers
[MAX_RECORD_HEADER_SIZE
],
805 gnutls_handshake_description_t htype
,
806 struct tls_record_st
* record
)
809 /* Read the first two bytes to determine if this is a
813 if (htype
== GNUTLS_HANDSHAKE_CLIENT_HELLO
&& type
== GNUTLS_HANDSHAKE
814 && headers
[0] > 127 && !(IS_DTLS(session
)))
817 /* if msb set and expecting handshake message
818 * it should be SSL 2 hello
820 record
->version
[0] = 3; /* assume SSL 3.0 */
821 record
->version
[1] = 0;
823 record
->length
= (((headers
[0] & 0x7f) << 8)) | headers
[1];
825 /* SSL 2.0 headers */
826 record
->header_size
= record
->packet_size
= 2;
827 record
->type
= GNUTLS_HANDSHAKE
; /* we accept only v2 client hello
830 /* in order to assist the handshake protocol.
831 * V2 compatibility is a mess.
836 _gnutls_record_log ("REC[%p]: SSL 2.0 %s packet received. Length: %d\n",
838 _gnutls_packet2str (record
->type
),
844 /* dtls version 1.0 and TLS version 1.x */
847 record
->type
= headers
[0];
848 record
->version
[0] = headers
[1];
849 record
->version
[1] = headers
[2];
853 memcpy(record
->sequence
.i
, &headers
[3], 8);
854 record
->length
= _gnutls_read_uint16 (&headers
[11]);
855 record
->epoch
= _gnutls_read_uint16(record
->sequence
.i
);
859 record
->length
= _gnutls_read_uint16 (&headers
[3]);
863 _gnutls_record_log ("REC[%p]: SSL %d.%d %s packet received. Epoch %d, length: %d\n",
864 session
, (int)record
->version
[0], (int)record
->version
[1],
865 _gnutls_packet2str (record
->type
),
866 (int)record
->epoch
, record
->length
);
870 record
->packet_size
+= record
->length
;
874 static int recv_headers( gnutls_session_t session
, content_type_t type
,
875 gnutls_handshake_description_t htype
,
876 struct tls_record_st
* record
,
880 gnutls_datum_t raw
; /* raw headers */
883 record
->header_size
= record
->packet_size
= RECORD_HEADER_SIZE(session
);
886 _gnutls_io_read_buffered (session
, record
->header_size
, -1, ms
)) != record
->header_size
)
888 if (ret
< 0 && gnutls_error_is_fatal (ret
) == 0)
892 ret
= GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
894 ret
= GNUTLS_E_PREMATURE_TERMINATION
;
896 return gnutls_assert_val(ret
);
899 ret
= _mbuffer_linearize (&session
->internals
.record_recv_buffer
);
901 return gnutls_assert_val(ret
);
903 _mbuffer_head_get_first (&session
->internals
.record_recv_buffer
, &raw
);
904 if (raw
.size
< RECORD_HEADER_SIZE(session
))
905 return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH
);
907 record_read_headers (session
, raw
.data
, type
, htype
, record
);
909 /* Check if the DTLS epoch is valid */
910 if (IS_DTLS(session
))
912 if (_gnutls_epoch_is_valid(session
, record
->epoch
) == 0)
914 _gnutls_audit_log(session
, "Discarded message[%u] with invalid epoch %u.\n",
915 (unsigned int)_gnutls_uint64touint32 (&record
->sequence
),
916 (unsigned int)record
->sequence
.i
[0]*256+(unsigned int)record
->sequence
.i
[1]);
918 /* doesn't matter, just a fatal error */
919 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
923 /* Here we check if the Type of the received packet is
926 if ((ret
= check_recv_type (session
, record
->type
)) < 0)
927 return gnutls_assert_val(ret
);
929 /* Here we check if the advertized version is the one we
930 * negotiated in the handshake.
932 if ((ret
= record_check_version (session
, htype
, record
->version
)) < 0)
933 return gnutls_assert_val(ret
);
935 if (record
->length
> MAX_RECV_SIZE(session
))
938 (session
, "Received packet with illegal length: %u\n", (unsigned int)record
->length
);
939 return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH
);
943 ("REC[%p]: Expected Packet %s(%d)\n", session
,
944 _gnutls_packet2str (type
), type
);
945 _gnutls_record_log ("REC[%p]: Received Packet %s(%d) with length: %d\n",
947 _gnutls_packet2str (record
->type
), record
->type
, record
->length
);
953 #define MAX_EMPTY_PACKETS_SEQUENCE 4
955 /* This will receive record layer packets and add them to
956 * application_data_buffer and handshake_data_buffer.
958 * If the htype is not -1 then handshake timeouts
962 _gnutls_recv_in_buffers (gnutls_session_t session
, content_type_t type
,
963 gnutls_handshake_description_t htype
)
965 uint64
*packet_sequence
;
967 mbuffer_st
* bufel
= NULL
, *decrypted
= NULL
;
969 int empty_packet
= 0;
970 record_parameters_st
*record_params
;
971 record_state_st
*record_state
;
972 struct tls_record_st record
;
973 time_t now
, tleft
= 0;
977 if (empty_packet
> MAX_EMPTY_PACKETS_SEQUENCE
)
980 return GNUTLS_E_TOO_MANY_EMPTY_PACKETS
;
983 memset(&record
, 0, sizeof(record
));
985 if (session
->internals
.read_eof
!= 0)
987 /* if we have already read an EOF
991 else if (session_is_valid (session
) != 0
992 || session
->internals
.may_not_read
!= 0)
993 return gnutls_assert_val(GNUTLS_E_INVALID_SESSION
);
995 /* get the record state parameters */
996 ret
= _gnutls_epoch_get (session
, EPOCH_READ_CURRENT
, &record_params
);
998 return gnutls_assert_val (ret
);
1000 /* Safeguard against processing data with an incomplete cipher state. */
1001 if (!record_params
->initialized
)
1002 return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR
);
1004 record_state
= &record_params
->read
;
1006 if (htype
!= (unsigned)-1 && session
->internals
.handshake_endtime
> 0)
1008 now
= gnutls_time(0);
1009 if (now
< session
->internals
.handshake_endtime
)
1010 tleft
= (session
->internals
.handshake_endtime
- now
) * 1000;
1012 return gnutls_assert_val(GNUTLS_E_TIMEDOUT
);
1015 /* receive headers */
1016 ret
= recv_headers(session
, type
, htype
, &record
, tleft
);
1019 ret
= gnutls_assert_val_fatal(ret
);
1023 if (IS_DTLS(session
))
1024 packet_sequence
= &record
.sequence
;
1026 packet_sequence
= &record_state
->sequence_number
;
1028 if (htype
!= (unsigned)-1 && session
->internals
.handshake_endtime
> 0)
1030 now
= gnutls_time(0);
1031 if (now
< session
->internals
.handshake_endtime
)
1032 tleft
= (session
->internals
.handshake_endtime
- now
) * 1000;
1034 return gnutls_assert_val(GNUTLS_E_TIMEDOUT
);
1037 /* Read the packet data and insert it to record_recv_buffer.
1040 _gnutls_io_read_buffered (session
, record
.packet_size
,
1041 record
.type
, tleft
);
1042 if (ret
!= record
.packet_size
)
1048 /* ok now we are sure that we have read all the data - so
1051 ret
= _mbuffer_linearize (&session
->internals
.record_recv_buffer
);
1053 return gnutls_assert_val(ret
);
1055 bufel
= _mbuffer_head_get_first (&session
->internals
.record_recv_buffer
, NULL
);
1057 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR
);
1059 /* We allocate the maximum possible to allow few compressed bytes to expand to a
1062 decrypted
= _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session
),
1063 MAX_RECORD_RECV_SIZE(session
));
1064 if (decrypted
== NULL
)
1065 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR
);
1067 ciphertext
= (uint8_t*)_mbuffer_get_udata_ptr(bufel
) + record
.header_size
;
1069 /* decrypt the data we got.
1072 _gnutls_decrypt (session
, ciphertext
, record
.length
,
1073 _mbuffer_get_udata_ptr(decrypted
), _mbuffer_get_udata_size(decrypted
),
1074 record
.type
, record_params
, packet_sequence
);
1075 if (ret
>= 0) _mbuffer_set_udata_size(decrypted
, ret
);
1077 _mbuffer_head_remove_bytes (&session
->internals
.record_recv_buffer
,
1078 record
.header_size
+ record
.length
);
1082 _gnutls_audit_log(session
, "Discarded message[%u] due to invalid decryption\n",
1083 (unsigned int)_gnutls_uint64touint32 (packet_sequence
));
1084 goto sanity_check_error
;
1087 /* check for duplicates. We check after the message
1088 * is processed and authenticated to avoid someone
1089 * messing with our windows.
1091 if (IS_DTLS(session
))
1093 ret
= _dtls_record_check(record_params
, packet_sequence
);
1096 _gnutls_audit_log(session
, "Discarded duplicate message[%u]: %s\n",
1097 (unsigned int) _gnutls_uint64touint32 (packet_sequence
), _gnutls_packet2str (record
.type
));
1098 goto sanity_check_error
;
1101 ("REC[%p]: Decrypted Packet[%u.%u] %s(%d) with length: %d\n", session
,
1102 (unsigned int)record
.sequence
.i
[0]*256 +(unsigned int)record
.sequence
.i
[1],
1103 (unsigned int) _gnutls_uint64touint32 (packet_sequence
),
1104 _gnutls_packet2str (record
.type
), record
.type
, (int)_mbuffer_get_udata_size(decrypted
));
1109 ("REC[%p]: Decrypted Packet[%u] %s(%d) with length: %d\n", session
,
1110 (unsigned int) _gnutls_uint64touint32 (packet_sequence
),
1111 _gnutls_packet2str (record
.type
), record
.type
, (int)_mbuffer_get_udata_size(decrypted
));
1114 /* increase sequence number
1116 if (!IS_DTLS(session
) && sequence_increment (session
, &record_state
->sequence_number
) != 0)
1118 session_invalidate (session
);
1120 ret
= GNUTLS_E_RECORD_LIMIT_REACHED
;
1121 goto sanity_check_error
;
1124 /* (originally for) TLS 1.0 CBC protection.
1125 * Actually this code is called if we just received
1126 * an empty packet. An empty TLS packet is usually
1127 * sent to protect some vulnerabilities in the CBC mode.
1128 * In that case we go to the beginning and start reading
1131 if (_mbuffer_get_udata_size(decrypted
) == 0)
1133 _mbuffer_xfree(&decrypted
);
1139 decrypted
->htype
= GNUTLS_HANDSHAKE_CLIENT_HELLO_V2
;
1142 uint8_t * p
= _mbuffer_get_udata_ptr(decrypted
);
1143 decrypted
->htype
= p
[0];
1147 record_add_to_buffers (session
, &record
, type
, htype
,
1148 packet_sequence
, decrypted
);
1150 /* bufel is now either deinitialized or buffered somewhere else */
1153 return gnutls_assert_val(ret
);
1158 session
->internals
.dtls
.packets_dropped
++;
1160 /* discard the whole received fragment. */
1161 bufel
= _mbuffer_head_pop_first(&session
->internals
.record_recv_buffer
);
1162 _mbuffer_xfree(&bufel
);
1163 return gnutls_assert_val(GNUTLS_E_AGAIN
);
1166 if (IS_DTLS(session
))
1168 session
->internals
.dtls
.packets_dropped
++;
1169 ret
= gnutls_assert_val(GNUTLS_E_AGAIN
);
1173 session_unresumable (session
);
1174 session_invalidate (session
);
1177 _mbuffer_xfree(&decrypted
);
1181 if (ret
< 0 && gnutls_error_is_fatal (ret
) == 0)
1184 if (IS_DTLS(session
))
1189 session_invalidate (session
);
1190 if (type
== GNUTLS_ALERT
) /* we were expecting close notify */
1195 session_unresumable (session
);
1198 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
1203 /* This function behaves exactly like read(). The only difference is
1204 * that it accepts the gnutls_session_t and the content_type_t of data to
1205 * receive (if called by the user the Content is Userdata only)
1206 * It is intended to receive data, under the current session.
1208 * The gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos.
1211 _gnutls_recv_int (gnutls_session_t session
, content_type_t type
,
1212 gnutls_handshake_description_t htype
,
1213 uint8_t * data
, size_t data_size
, void* seq
)
1217 if (type
!= GNUTLS_ALERT
&& (data_size
== 0 || data
== NULL
))
1219 return GNUTLS_E_INVALID_REQUEST
;
1222 if (session
->internals
.read_eof
!= 0)
1224 /* if we have already read an EOF
1228 else if (session_is_valid (session
) != 0
1229 || session
->internals
.may_not_read
!= 0)
1232 return GNUTLS_E_INVALID_SESSION
;
1235 _dtls_async_timer_check(session
);
1237 /* If we have enough data in the cache do not bother receiving
1238 * a new packet. (in order to flush the cache)
1240 ret
= check_buffers (session
, type
, data
, data_size
, seq
);
1244 ret
= _gnutls_recv_in_buffers(session
, type
, htype
);
1245 if (ret
< 0 && ret
!= GNUTLS_E_SESSION_EOF
)
1246 return gnutls_assert_val(ret
);
1248 return check_buffers (session
, type
, data
, data_size
, seq
);
1252 * gnutls_record_send:
1253 * @session: is a #gnutls_session_t structure.
1254 * @data: contains the data to send
1255 * @data_size: is the length of the data
1257 * This function has the similar semantics with send(). The only
1258 * difference is that it accepts a GnuTLS session, and uses different
1260 * Note that if the send buffer is full, send() will block this
1261 * function. See the send() documentation for full information. You
1262 * can replace the default push function by using
1263 * gnutls_transport_set_ptr2() with a call to send() with a
1264 * MSG_DONTWAIT flag if blocking is a problem.
1265 * If the EINTR is returned by the internal push function (the
1266 * default is send()) then %GNUTLS_E_INTERRUPTED will be returned. If
1267 * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
1268 * call this function again, with the same parameters; alternatively
1269 * you could provide a %NULL pointer for data, and 0 for
1270 * size. cf. gnutls_record_get_direction(). The errno value EMSGSIZE
1271 * maps to %GNUTLS_E_LARGE_PACKET.
1273 * Returns: The number of bytes sent, or a negative error code. The
1274 * number of bytes sent might be less than @data_size. The maximum
1275 * number of bytes this function can send in a single call depends
1276 * on the negotiated maximum record size.
1279 gnutls_record_send (gnutls_session_t session
, const void *data
,
1282 return _gnutls_send_int (session
, GNUTLS_APPLICATION_DATA
, -1,
1283 EPOCH_WRITE_CURRENT
, data
, data_size
,
1288 * gnutls_record_recv:
1289 * @session: is a #gnutls_session_t structure.
1290 * @data: the buffer that the data will be read into
1291 * @data_size: the number of requested bytes
1293 * This function has the similar semantics with recv(). The only
1294 * difference is that it accepts a GnuTLS session, and uses different
1296 * In the special case that a server requests a renegotiation, the
1297 * client may receive an error code of %GNUTLS_E_REHANDSHAKE. This
1298 * message may be simply ignored, replied with an alert
1299 * %GNUTLS_A_NO_RENEGOTIATION, or replied with a new handshake,
1300 * depending on the client's will.
1301 * If %EINTR is returned by the internal push function (the default
1302 * is recv()) then %GNUTLS_E_INTERRUPTED will be returned. If
1303 * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
1304 * call this function again to get the data. See also
1305 * gnutls_record_get_direction().
1306 * A server may also receive %GNUTLS_E_REHANDSHAKE when a client has
1307 * initiated a handshake. In that case the server can only initiate a
1308 * handshake or terminate the connection.
1310 * Returns: The number of bytes received and zero on EOF (for stream
1311 * connections). A negative error code is returned in case of an error.
1312 * The number of bytes received might be less than the requested @data_size.
1315 gnutls_record_recv (gnutls_session_t session
, void *data
, size_t data_size
) {
1316 return _gnutls_recv_int (session
, GNUTLS_APPLICATION_DATA
, -1, data
, data_size
, NULL
);
1320 * gnutls_record_recv_seq:
1321 * @session: is a #gnutls_session_t structure.
1322 * @data: the buffer that the data will be read into
1323 * @data_size: the number of requested bytes
1324 * @seq: is the packet's 64-bit sequence number. Should have space for 8 bytes.
1326 * This function is the same as gnutls_record_recv(), except that
1327 * it returns in addition to data, the sequence number of the data.
1328 * This is useful in DTLS where record packets might be received
1329 * out-of-order. The returned 8-byte sequence number is an
1330 * integer in big-endian format and should be
1331 * treated as a unique message identification.
1333 * Returns: The number of bytes received and zero on EOF. A negative
1334 * error code is returned in case of an error. The number of bytes
1335 * received might be less than @data_size.
1340 gnutls_record_recv_seq (gnutls_session_t session
, void *data
, size_t data_size
,
1343 return _gnutls_recv_int (session
, GNUTLS_APPLICATION_DATA
, -1, data
,