1 /* 2 * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <errno.h> 12 #include "../ssl_local.h" 13 #include <openssl/evp.h> 14 #include <openssl/buffer.h> 15 #include "record_local.h" 16 #include "internal/packet.h" 17 #include "internal/cryptlib.h" 18 #include "internal/ssl_unwrap.h" 19 20 int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) 21 { 22 DTLS_RECORD_LAYER *d; 23 24 if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) 25 return 0; 26 27 rl->d = d; 28 29 d->buffered_app_data = pqueue_new(); 30 31 if (d->buffered_app_data == NULL) { 32 OPENSSL_free(d); 33 rl->d = NULL; 34 return 0; 35 } 36 37 return 1; 38 } 39 40 void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl) 41 { 42 if (rl->d == NULL) 43 return; 44 45 DTLS_RECORD_LAYER_clear(rl); 46 pqueue_free(rl->d->buffered_app_data); 47 OPENSSL_free(rl->d); 48 rl->d = NULL; 49 } 50 51 void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl) 52 { 53 DTLS_RECORD_LAYER *d; 54 pitem *item = NULL; 55 TLS_RECORD *rec; 56 pqueue *buffered_app_data; 57 58 d = rl->d; 59 60 while ((item = pqueue_pop(d->buffered_app_data)) != NULL) { 61 rec = (TLS_RECORD *)item->data; 62 63 if (rl->s->options & SSL_OP_CLEANSE_PLAINTEXT) 64 OPENSSL_cleanse(rec->allocdata, rec->length); 65 OPENSSL_free(rec->allocdata); 66 OPENSSL_free(item->data); 67 pitem_free(item); 68 } 69 70 buffered_app_data = d->buffered_app_data; 71 memset(d, 0, sizeof(*d)); 72 d->buffered_app_data = buffered_app_data; 73 } 74 75 static int dtls_buffer_record(SSL_CONNECTION *s, TLS_RECORD *rec) 76 { 77 TLS_RECORD *rdata; 78 pitem *item; 79 struct pqueue_st *queue = s->rlayer.d->buffered_app_data; 80 81 /* Limit the size of the queue to prevent DOS attacks */ 82 if (pqueue_size(queue) >= 100) 83 return 0; 84 85 /* We don't buffer partially read records */ 86 if (!ossl_assert(rec->off == 0)) 87 return -1; 88 89 rdata = OPENSSL_malloc(sizeof(*rdata)); 90 item = pitem_new(rec->seq_num, rdata); 91 if (rdata == NULL || item == NULL) { 92 OPENSSL_free(rdata); 93 pitem_free(item); 94 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 95 return -1; 96 } 97 98 *rdata = *rec; 99 /* 100 * We will release the record from the record layer soon, so we take a copy 101 * now. Copying data isn't good - but this should be infrequent so we 102 * accept it here. 103 */ 104 rdata->data = rdata->allocdata = OPENSSL_memdup(rec->data, rec->length); 105 if (rdata->data == NULL) { 106 OPENSSL_free(rdata); 107 pitem_free(item); 108 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); 109 return -1; 110 } 111 /* 112 * We use a NULL rechandle to indicate that the data field has been 113 * allocated by us. 114 */ 115 rdata->rechandle = NULL; 116 117 item->data = rdata; 118 119 #ifndef OPENSSL_NO_SCTP 120 /* Store bio_dgram_sctp_rcvinfo struct */ 121 if (BIO_dgram_is_sctp(s->rbio) && (ossl_statem_get_state(s) == TLS_ST_SR_FINISHED || ossl_statem_get_state(s) == TLS_ST_CR_FINISHED)) { 122 BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, 123 sizeof(rdata->recordinfo), &rdata->recordinfo); 124 } 125 #endif 126 127 if (pqueue_insert(queue, item) == NULL) { 128 /* Must be a duplicate so ignore it */ 129 OPENSSL_free(rdata->allocdata); 130 OPENSSL_free(rdata); 131 pitem_free(item); 132 } 133 134 return 1; 135 } 136 137 /* Unbuffer a previously buffered TLS_RECORD structure if any */ 138 static void dtls_unbuffer_record(SSL_CONNECTION *s) 139 { 140 TLS_RECORD *rdata; 141 pitem *item; 142 143 /* If we already have records to handle then do nothing */ 144 if (s->rlayer.curr_rec < s->rlayer.num_recs) 145 return; 146 147 item = pqueue_pop(s->rlayer.d->buffered_app_data); 148 if (item != NULL) { 149 rdata = (TLS_RECORD *)item->data; 150 151 s->rlayer.tlsrecs[0] = *rdata; 152 s->rlayer.num_recs = 1; 153 s->rlayer.curr_rec = 0; 154 155 #ifndef OPENSSL_NO_SCTP 156 /* Restore bio_dgram_sctp_rcvinfo struct */ 157 if (BIO_dgram_is_sctp(s->rbio)) { 158 BIO_ctrl(s->rbio, BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, 159 sizeof(rdata->recordinfo), &rdata->recordinfo); 160 } 161 #endif 162 163 OPENSSL_free(item->data); 164 pitem_free(item); 165 } 166 } 167 168 /*- 169 * Return up to 'len' payload bytes received in 'type' records. 170 * 'type' is one of the following: 171 * 172 * - SSL3_RT_HANDSHAKE 173 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) 174 * - 0 (during a shutdown, no data has to be returned) 175 * 176 * If we don't have stored data to work from, read an SSL/TLS record first 177 * (possibly multiple records if we still don't have anything to return). 178 * 179 * This function must handle any surprises the peer may have for us, such as 180 * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec 181 * messages are treated as if they were handshake messages *if* the |recd_type| 182 * argument is non NULL. 183 * Also if record payloads contain fragments too small to process, we store 184 * them until there is enough for the respective protocol (the record protocol 185 * may use arbitrary fragmentation and even interleaving): 186 * Change cipher spec protocol 187 * just 1 byte needed, no need for keeping anything stored 188 * Alert protocol 189 * 2 bytes needed (AlertLevel, AlertDescription) 190 * Handshake protocol 191 * 4 bytes needed (HandshakeType, uint24 length) -- we just have 192 * to detect unexpected Client Hello and Hello Request messages 193 * here, anything else is handled by higher layers 194 * Application data protocol 195 * none of our business 196 */ 197 int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type, 198 unsigned char *buf, size_t len, 199 int peek, size_t *readbytes) 200 { 201 int i, j, ret; 202 size_t n; 203 TLS_RECORD *rr; 204 void (*cb)(const SSL *ssl, int type2, int val) = NULL; 205 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); 206 207 if (sc == NULL) 208 return -1; 209 210 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { 211 SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 212 return -1; 213 } 214 215 if (!ossl_statem_get_in_handshake(sc) && SSL_in_init(s)) { 216 /* type == SSL3_RT_APPLICATION_DATA */ 217 i = sc->handshake_func(s); 218 /* SSLfatal() already called if appropriate */ 219 if (i < 0) 220 return i; 221 if (i == 0) 222 return -1; 223 } 224 225 start: 226 sc->rwstate = SSL_NOTHING; 227 228 /* 229 * We are not handshaking and have no data yet, so process data buffered 230 * during the last handshake in advance, if any. 231 */ 232 if (SSL_is_init_finished(s)) 233 dtls_unbuffer_record(sc); 234 235 /* Check for timeout */ 236 if (dtls1_handle_timeout(sc) > 0) { 237 goto start; 238 } else if (ossl_statem_in_error(sc)) { 239 /* dtls1_handle_timeout() has failed with a fatal error */ 240 return -1; 241 } 242 243 /* get new packet if necessary */ 244 if (sc->rlayer.curr_rec >= sc->rlayer.num_recs) { 245 sc->rlayer.curr_rec = sc->rlayer.num_recs = 0; 246 do { 247 rr = &sc->rlayer.tlsrecs[sc->rlayer.num_recs]; 248 249 ret = HANDLE_RLAYER_READ_RETURN(sc, 250 sc->rlayer.rrlmethod->read_record(sc->rlayer.rrl, 251 &rr->rechandle, 252 &rr->version, &rr->type, 253 &rr->data, &rr->length, 254 &rr->epoch, rr->seq_num)); 255 if (ret <= 0) { 256 ret = dtls1_read_failed(sc, ret); 257 /* 258 * Anything other than a timeout is an error. SSLfatal() already 259 * called if appropriate. 260 */ 261 if (ret <= 0) 262 return ret; 263 else 264 goto start; 265 } 266 rr->off = 0; 267 sc->rlayer.num_recs++; 268 } while (sc->rlayer.rrlmethod->processed_read_pending(sc->rlayer.rrl) 269 && sc->rlayer.num_recs < SSL_MAX_PIPELINES); 270 } 271 rr = &sc->rlayer.tlsrecs[sc->rlayer.curr_rec]; 272 273 /* 274 * Reset the count of consecutive warning alerts if we've got a non-empty 275 * record that isn't an alert. 276 */ 277 if (rr->type != SSL3_RT_ALERT && rr->length != 0) 278 sc->rlayer.alert_count = 0; 279 280 /* we now have a packet which can be read and processed */ 281 282 if (sc->s3.change_cipher_spec /* set when we receive ChangeCipherSpec, 283 * reset by ssl3_get_finished */ 284 && (rr->type != SSL3_RT_HANDSHAKE)) { 285 /* 286 * We now have application data between CCS and Finished. Most likely 287 * the packets were reordered on their way, so buffer the application 288 * data for later processing rather than dropping the connection. 289 */ 290 if (dtls_buffer_record(sc, rr) < 0) { 291 /* SSLfatal() already called */ 292 return -1; 293 } 294 if (!ssl_release_record(sc, rr, 0)) 295 return -1; 296 goto start; 297 } 298 299 /* 300 * If the other end has shut down, throw anything we read away (even in 301 * 'peek' mode) 302 */ 303 if (sc->shutdown & SSL_RECEIVED_SHUTDOWN) { 304 if (!ssl_release_record(sc, rr, 0)) 305 return -1; 306 sc->rwstate = SSL_NOTHING; 307 return 0; 308 } 309 310 if (type == rr->type 311 || (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC 312 && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) { 313 /* 314 * SSL3_RT_APPLICATION_DATA or 315 * SSL3_RT_HANDSHAKE or 316 * SSL3_RT_CHANGE_CIPHER_SPEC 317 */ 318 /* 319 * make sure that we are not getting application data when we are 320 * doing a handshake for the first time 321 */ 322 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) 323 && (SSL_IS_FIRST_HANDSHAKE(sc))) { 324 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, 325 SSL_R_APP_DATA_IN_HANDSHAKE); 326 return -1; 327 } 328 329 if (recvd_type != NULL) 330 *recvd_type = rr->type; 331 332 if (len == 0) { 333 /* 334 * Release a zero length record. This ensures multiple calls to 335 * SSL_read() with a zero length buffer will eventually cause 336 * SSL_pending() to report data as being available. 337 */ 338 if (rr->length == 0 && !ssl_release_record(sc, rr, 0)) 339 return -1; 340 return 0; 341 } 342 343 if (len > rr->length) 344 n = rr->length; 345 else 346 n = len; 347 348 memcpy(buf, &(rr->data[rr->off]), n); 349 if (peek) { 350 if (rr->length == 0 && !ssl_release_record(sc, rr, 0)) 351 return -1; 352 } else { 353 if (!ssl_release_record(sc, rr, n)) 354 return -1; 355 } 356 #ifndef OPENSSL_NO_SCTP 357 /* 358 * We might had to delay a close_notify alert because of reordered 359 * app data. If there was an alert and there is no message to read 360 * anymore, finally set shutdown. 361 */ 362 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && sc->d1->shutdown_received 363 && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) <= 0) { 364 sc->shutdown |= SSL_RECEIVED_SHUTDOWN; 365 return 0; 366 } 367 #endif 368 *readbytes = n; 369 return 1; 370 } 371 372 /* 373 * If we get here, then type != rr->type; if we have a handshake message, 374 * then it was unexpected (Hello Request or Client Hello). 375 */ 376 377 if (rr->type == SSL3_RT_ALERT) { 378 unsigned int alert_level, alert_descr; 379 const unsigned char *alert_bytes = rr->data + rr->off; 380 PACKET alert; 381 382 if (!PACKET_buf_init(&alert, alert_bytes, rr->length) 383 || !PACKET_get_1(&alert, &alert_level) 384 || !PACKET_get_1(&alert, &alert_descr) 385 || PACKET_remaining(&alert) != 0) { 386 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_INVALID_ALERT); 387 return -1; 388 } 389 390 if (sc->msg_callback) 391 sc->msg_callback(0, sc->version, SSL3_RT_ALERT, alert_bytes, 2, s, 392 sc->msg_callback_arg); 393 394 if (sc->info_callback != NULL) 395 cb = sc->info_callback; 396 else if (s->ctx->info_callback != NULL) 397 cb = s->ctx->info_callback; 398 399 if (cb != NULL) { 400 j = (alert_level << 8) | alert_descr; 401 cb(s, SSL_CB_READ_ALERT, j); 402 } 403 404 if (alert_level == SSL3_AL_WARNING) { 405 sc->s3.warn_alert = alert_descr; 406 if (!ssl_release_record(sc, rr, 0)) 407 return -1; 408 409 sc->rlayer.alert_count++; 410 if (sc->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { 411 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, 412 SSL_R_TOO_MANY_WARN_ALERTS); 413 return -1; 414 } 415 416 if (alert_descr == SSL_AD_CLOSE_NOTIFY) { 417 #ifndef OPENSSL_NO_SCTP 418 /* 419 * With SCTP and streams the socket may deliver app data 420 * after a close_notify alert. We have to check this first so 421 * that nothing gets discarded. 422 */ 423 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)) > 0) { 424 sc->d1->shutdown_received = 1; 425 sc->rwstate = SSL_READING; 426 BIO_clear_retry_flags(SSL_get_rbio(s)); 427 BIO_set_retry_read(SSL_get_rbio(s)); 428 return -1; 429 } 430 #endif 431 sc->shutdown |= SSL_RECEIVED_SHUTDOWN; 432 return 0; 433 } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { 434 /* 435 * This is a warning but we receive it if we requested 436 * renegotiation and the peer denied it. Terminate with a fatal 437 * alert because if the application tried to renegotiate it 438 * presumably had a good reason and expects it to succeed. In 439 * the future we might have a renegotiation where we don't care 440 * if the peer refused it where we carry on. 441 */ 442 SSLfatal(sc, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_RENEGOTIATION); 443 return -1; 444 } 445 } else if (alert_level == SSL3_AL_FATAL) { 446 sc->rwstate = SSL_NOTHING; 447 sc->s3.fatal_alert = alert_descr; 448 SSLfatal_data(sc, SSL_AD_NO_ALERT, 449 SSL_AD_REASON_OFFSET + alert_descr, 450 "SSL alert number %d", alert_descr); 451 sc->shutdown |= SSL_RECEIVED_SHUTDOWN; 452 if (!ssl_release_record(sc, rr, 0)) 453 return -1; 454 SSL_CTX_remove_session(sc->session_ctx, sc->session); 455 return 0; 456 } else { 457 SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_UNKNOWN_ALERT_TYPE); 458 return -1; 459 } 460 461 goto start; 462 } 463 464 if (sc->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a 465 * shutdown */ 466 sc->rwstate = SSL_NOTHING; 467 if (!ssl_release_record(sc, rr, 0)) 468 return -1; 469 return 0; 470 } 471 472 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { 473 /* 474 * We can't process a CCS now, because previous handshake messages 475 * are still missing, so just drop it. 476 */ 477 if (!ssl_release_record(sc, rr, 0)) 478 return -1; 479 goto start; 480 } 481 482 /* 483 * Unexpected handshake message (Client Hello, or protocol violation) 484 */ 485 if (rr->type == SSL3_RT_HANDSHAKE && !ossl_statem_get_in_handshake(sc)) { 486 struct hm_header_st msg_hdr; 487 488 /* 489 * This may just be a stale retransmit. Also sanity check that we have 490 * at least enough record bytes for a message header 491 */ 492 if (rr->epoch != sc->rlayer.d->r_epoch 493 || rr->length < DTLS1_HM_HEADER_LENGTH) { 494 if (!ssl_release_record(sc, rr, 0)) 495 return -1; 496 goto start; 497 } 498 499 dtls1_get_message_header(rr->data, &msg_hdr); 500 501 /* 502 * If we are server, we may have a repeated FINISHED of the client 503 * here, then retransmit our CCS and FINISHED. 504 */ 505 if (msg_hdr.type == SSL3_MT_FINISHED) { 506 if (dtls1_check_timeout_num(sc) < 0) { 507 /* SSLfatal) already called */ 508 return -1; 509 } 510 511 if (dtls1_retransmit_buffered_messages(sc) <= 0) { 512 /* Fail if we encountered a fatal error */ 513 if (ossl_statem_in_error(sc)) 514 return -1; 515 } 516 if (!ssl_release_record(sc, rr, 0)) 517 return -1; 518 if (!(sc->mode & SSL_MODE_AUTO_RETRY)) { 519 if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) { 520 /* no read-ahead left? */ 521 BIO *bio; 522 523 sc->rwstate = SSL_READING; 524 bio = SSL_get_rbio(s); 525 BIO_clear_retry_flags(bio); 526 BIO_set_retry_read(bio); 527 return -1; 528 } 529 } 530 goto start; 531 } 532 533 /* 534 * To get here we must be trying to read app data but found handshake 535 * data. But if we're trying to read app data, and we're not in init 536 * (which is tested for at the top of this function) then init must be 537 * finished 538 */ 539 if (!ossl_assert(SSL_is_init_finished(s))) { 540 SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 541 return -1; 542 } 543 544 /* We found handshake data, so we're going back into init */ 545 ossl_statem_set_in_init(sc, 1); 546 547 i = sc->handshake_func(s); 548 /* SSLfatal() called if appropriate */ 549 if (i < 0) 550 return i; 551 if (i == 0) 552 return -1; 553 554 if (!(sc->mode & SSL_MODE_AUTO_RETRY)) { 555 if (!sc->rlayer.rrlmethod->unprocessed_read_pending(sc->rlayer.rrl)) { 556 /* no read-ahead left? */ 557 BIO *bio; 558 /* 559 * In the case where we try to read application data, but we 560 * trigger an SSL handshake, we return -1 with the retry 561 * option set. Otherwise renegotiation may cause nasty 562 * problems in the blocking world 563 */ 564 sc->rwstate = SSL_READING; 565 bio = SSL_get_rbio(s); 566 BIO_clear_retry_flags(bio); 567 BIO_set_retry_read(bio); 568 return -1; 569 } 570 } 571 goto start; 572 } 573 574 switch (rr->type) { 575 default: 576 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); 577 return -1; 578 case SSL3_RT_CHANGE_CIPHER_SPEC: 579 case SSL3_RT_ALERT: 580 case SSL3_RT_HANDSHAKE: 581 /* 582 * we already handled all of these, with the possible exception of 583 * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but 584 * that should not happen when type != rr->type 585 */ 586 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, ERR_R_INTERNAL_ERROR); 587 return -1; 588 case SSL3_RT_APPLICATION_DATA: 589 /* 590 * At this point, we were expecting handshake data, but have 591 * application data. If the library was running inside ssl3_read() 592 * (i.e. in_read_app_data is set) and it makes sense to read 593 * application data at this point (session renegotiation not yet 594 * started), we will indulge it. 595 */ 596 if (sc->s3.in_read_app_data && (sc->s3.total_renegotiations != 0) && ossl_statem_app_data_allowed(sc)) { 597 sc->s3.in_read_app_data = 2; 598 return -1; 599 } else { 600 SSLfatal(sc, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_RECORD); 601 return -1; 602 } 603 } 604 /* not reached */ 605 } 606 607 /* 608 * Call this to write data in records of type 'type' It will return <= 0 if 609 * not all data has been sent or non-blocking IO. 610 */ 611 int dtls1_write_bytes(SSL_CONNECTION *s, uint8_t type, const void *buf, 612 size_t len, size_t *written) 613 { 614 int i; 615 616 if (!ossl_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH)) { 617 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 618 return -1; 619 } 620 s->rwstate = SSL_NOTHING; 621 i = do_dtls1_write(s, type, buf, len, written); 622 return i; 623 } 624 625 int do_dtls1_write(SSL_CONNECTION *sc, uint8_t type, const unsigned char *buf, 626 size_t len, size_t *written) 627 { 628 int i; 629 OSSL_RECORD_TEMPLATE tmpl; 630 SSL *s = SSL_CONNECTION_GET_SSL(sc); 631 int ret; 632 633 /* If we have an alert to send, lets send it */ 634 if (sc->s3.alert_dispatch > 0) { 635 i = s->method->ssl_dispatch_alert(s); 636 if (i <= 0) 637 return i; 638 /* if it went, fall through and send more stuff */ 639 } 640 641 if (len == 0) 642 return 0; 643 644 if (len > ssl_get_max_send_fragment(sc)) { 645 SSLfatal(sc, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); 646 return 0; 647 } 648 649 tmpl.type = type; 650 /* 651 * Special case: for hello verify request, client version 1.0 and we 652 * haven't decided which version to use yet send back using version 1.0 653 * header: otherwise some clients will ignore it. 654 */ 655 if (s->method->version == DTLS_ANY_VERSION 656 && sc->max_proto_version != DTLS1_BAD_VER) 657 tmpl.version = DTLS1_VERSION; 658 else 659 tmpl.version = sc->version; 660 tmpl.buf = buf; 661 tmpl.buflen = len; 662 663 ret = HANDLE_RLAYER_WRITE_RETURN(sc, 664 sc->rlayer.wrlmethod->write_records(sc->rlayer.wrl, &tmpl, 1)); 665 666 if (ret > 0) 667 *written = (int)len; 668 669 return ret; 670 } 671 672 void dtls1_increment_epoch(SSL_CONNECTION *s, int rw) 673 { 674 if (rw & SSL3_CC_READ) { 675 s->rlayer.d->r_epoch++; 676 677 /* 678 * We must not use any buffered messages received from the previous 679 * epoch 680 */ 681 dtls1_clear_received_buffer(s); 682 } else { 683 s->rlayer.d->w_epoch++; 684 } 685 } 686 687 uint16_t dtls1_get_epoch(SSL_CONNECTION *s, int rw) 688 { 689 uint16_t epoch; 690 691 if (rw & SSL3_CC_READ) 692 epoch = s->rlayer.d->r_epoch; 693 else 694 epoch = s->rlayer.d->w_epoch; 695 696 return epoch; 697 } 698