- if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
- (type != SSL3_RT_HANDSHAKE) && type) ||
- (peek && (type != SSL3_RT_APPLICATION_DATA)))
- {
- SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
- /* check whether there's a handshake message (client hello?) waiting */
- if ( (ret = have_handshake_fragment(s, type, buf, len, peek)))
- return ret;
-
- /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-
- if (!s->in_handshake && SSL_in_init(s))
- {
- /* type == SSL3_RT_APPLICATION_DATA */
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-
-start:
- s->rwstate=SSL_NOTHING;
-
- /* s->s3->rrec.type - is the type of record
- * s->s3->rrec.data, - data
- * s->s3->rrec.off, - offset into 'data' for next read
- * s->s3->rrec.length, - number of bytes. */
- rr = &(s->s3->rrec);
-
- /* We are not handshaking and have no data yet,
- * so process data buffered during the last handshake
- * in advance, if any.
- */
- if (s->state == SSL_ST_OK && rr->length == 0)
- {
- pitem *item;
- item = pqueue_pop(s->d1->buffered_app_data.q);
- if (item)
- {
- dtls1_copy_record(s, item);
-
- OPENSSL_free(item->data);
- pitem_free(item);
- }
- }
-
- /* Check for timeout */
- if (dtls1_handle_timeout(s) > 0)
- goto start;
-
- /* get new packet if necessary */
- if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
- {
- ret=dtls1_get_record(s);
- if (ret <= 0)
- {
- ret = dtls1_read_failed(s, ret);
- /* anything other than a timeout is an error */
- if (ret <= 0)
- return(ret);
- else
- goto start;
- }
- }
-
- /* we now have a packet which can be read and processed */
-
- if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
- * reset by ssl3_get_finished */
- && (rr->type != SSL3_RT_HANDSHAKE))
- {
- /* We now have application data between CCS and Finished.
- * Most likely the packets were reordered on their way, so
- * buffer the application data for later processing rather
- * than dropping the connection.
- */
- dtls1_buffer_record(s, &(s->d1->buffered_app_data), 0);
- rr->length = 0;
- goto start;
- }
-
- /* If the other end has shut down, throw anything we read away
- * (even in 'peek' mode) */
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- rr->length=0;
- s->rwstate=SSL_NOTHING;
- return(0);
- }
-
-
- if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
- {
- /* make sure that we are not getting application data when we
- * are doing a handshake for the first time */
- if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
- (s->enc_read_ctx == NULL))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
- }
-
- if (len <= 0) return(len);
-
- if ((unsigned int)len > rr->length)
- n = rr->length;
- else
- n = (unsigned int)len;
-
- memcpy(buf,&(rr->data[rr->off]),n);
- if (!peek)
- {
- rr->length-=n;
- rr->off+=n;
- if (rr->length == 0)
- {
- s->rstate=SSL_ST_READ_HEADER;
- rr->off=0;
- }
- }
- return(n);
- }
-
-
- /* If we get here, then type != rr->type; if we have a handshake
- * message, then it was unexpected (Hello Request or Client Hello). */
-
- /* In case of record types for which we have 'fragment' storage,
- * fill that so that we can process the data at a fixed place.
- */
- {
- unsigned int k, dest_maxlen = 0;
- unsigned char *dest = NULL;
- unsigned int *dest_len = NULL;
-
- if (rr->type == SSL3_RT_HANDSHAKE)
- {
- dest_maxlen = sizeof s->d1->handshake_fragment;
- dest = s->d1->handshake_fragment;
- dest_len = &s->d1->handshake_fragment_len;
- }
- else if (rr->type == SSL3_RT_ALERT)
- {
- dest_maxlen = sizeof(s->d1->alert_fragment);
- dest = s->d1->alert_fragment;
- dest_len = &s->d1->alert_fragment_len;
- }
- /* else it's a CCS message, or application data or wrong */
- else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- /* Application data while renegotiating
- * is allowed. Try again reading.
- */
- if (rr->type == SSL3_RT_APPLICATION_DATA)
- {
- BIO *bio;
- s->s3->in_read_app_data=2;
- bio=SSL_get_rbio(s);
- s->rwstate=SSL_READING;
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
-
- /* Not certain if this is the right error handling */
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- }
-
- if (dest_maxlen > 0)
- {
- /* XDTLS: In a pathalogical case, the Client Hello
- * may be fragmented--don't always expect dest_maxlen bytes */
- if ( rr->length < dest_maxlen)
- {
+ if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
+ (type != SSL3_RT_HANDSHAKE) && type) ||
+ (peek && (type != SSL3_RT_APPLICATION_DATA))) {
+ SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+
+ /*
+ * check whether there's a handshake message (client hello?) waiting
+ */
+ if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
+ return ret;
+
+ /*
+ * Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
+ */
+
+#ifndef OPENSSL_NO_SCTP
+ /*
+ * Continue handshake if it had to be interrupted to read app data with
+ * SCTP.
+ */
+ if ((!s->in_handshake && SSL_in_init(s)) ||
+ (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+ (s->state == DTLS1_SCTP_ST_SR_READ_SOCK
+ || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)
+ && s->s3->in_read_app_data != 2))
+#else
+ if (!s->in_handshake && SSL_in_init(s))
+#endif
+ {
+ /* type == SSL3_RT_APPLICATION_DATA */
+ i = s->handshake_func(s);
+ if (i < 0)
+ return (i);
+ if (i == 0) {
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+ }
+
+ start:
+ s->rwstate = SSL_NOTHING;
+
+ /*-
+ * s->s3->rrec.type - is the type of record
+ * s->s3->rrec.data, - data
+ * s->s3->rrec.off, - offset into 'data' for next read
+ * s->s3->rrec.length, - number of bytes.
+ */
+ rr = &(s->s3->rrec);
+
+ /*
+ * We are not handshaking and have no data yet, so process data buffered
+ * during the last handshake in advance, if any.
+ */
+ if (s->state == SSL_ST_OK && rr->length == 0) {
+ pitem *item;
+ item = pqueue_pop(s->d1->buffered_app_data.q);
+ if (item) {
+#ifndef OPENSSL_NO_SCTP
+ /* Restore bio_dgram_sctp_rcvinfo struct */
+ if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
+ DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,
+ sizeof(rdata->recordinfo), &rdata->recordinfo);
+ }
+#endif
+
+ dtls1_copy_record(s, item);
+
+ OPENSSL_free(item->data);
+ pitem_free(item);
+ }
+ }
+
+ /* Check for timeout */
+ if (dtls1_handle_timeout(s) > 0)
+ goto start;
+
+ /* get new packet if necessary */
+ if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
+ ret = dtls1_get_record(s);
+ if (ret <= 0) {
+ ret = dtls1_read_failed(s, ret);
+ /* anything other than a timeout is an error */
+ if (ret <= 0)
+ return (ret);
+ else
+ goto start;
+ }
+ }
+
+ if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
+ rr->length = 0;
+ goto start;
+ }
+
+ /* we now have a packet which can be read and processed */
+
+ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+ * reset by ssl3_get_finished */
+ && (rr->type != SSL3_RT_HANDSHAKE)) {
+ /*
+ * We now have application data between CCS and Finished. Most likely
+ * the packets were reordered on their way, so buffer the application
+ * data for later processing rather than dropping the connection.
+ */
+ if (dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num) <
+ 0) {
+ SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ rr->length = 0;
+ goto start;
+ }
+
+ /*
+ * If the other end has shut down, throw anything we read away (even in
+ * 'peek' mode)
+ */
+ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+ rr->length = 0;
+ s->rwstate = SSL_NOTHING;
+ return (0);
+ }
+
+ if (type == rr->type) { /* SSL3_RT_APPLICATION_DATA or
+ * SSL3_RT_HANDSHAKE */
+ /*
+ * make sure that we are not getting application data when we are
+ * doing a handshake for the first time
+ */
+ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+ (s->enc_read_ctx == NULL)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
+ goto f_err;
+ }
+
+ if (len <= 0)
+ return (len);
+
+ if ((unsigned int)len > rr->length)
+ n = rr->length;
+ else
+ n = (unsigned int)len;
+
+ memcpy(buf, &(rr->data[rr->off]), n);
+ if (!peek) {
+ rr->length -= n;
+ rr->off += n;
+ if (rr->length == 0) {
+ s->rstate = SSL_ST_READ_HEADER;
+ rr->off = 0;
+ }
+ }
+#ifndef OPENSSL_NO_SCTP
+ /*
+ * We were about to renegotiate but had to read belated application
+ * data first, so retry.
+ */
+ if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+ rr->type == SSL3_RT_APPLICATION_DATA &&
+ (s->state == DTLS1_SCTP_ST_SR_READ_SOCK
+ || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) {
+ s->rwstate = SSL_READING;
+ BIO_clear_retry_flags(SSL_get_rbio(s));
+ BIO_set_retry_read(SSL_get_rbio(s));
+ }
+
+ /*
+ * We might had to delay a close_notify alert because of reordered
+ * app data. If there was an alert and there is no message to read
+ * anymore, finally set shutdown.
+ */
+ if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+ s->d1->shutdown_received
+ && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+ return (0);
+ }
+#endif
+ return (n);
+ }
+
+ /*
+ * If we get here, then type != rr->type; if we have a handshake message,
+ * then it was unexpected (Hello Request or Client Hello).
+ */
+
+ /*
+ * In case of record types for which we have 'fragment' storage, fill
+ * that so that we can process the data at a fixed place.
+ */
+ {
+ unsigned int k, dest_maxlen = 0;
+ unsigned char *dest = NULL;
+ unsigned int *dest_len = NULL;
+
+ if (rr->type == SSL3_RT_HANDSHAKE) {
+ dest_maxlen = sizeof s->d1->handshake_fragment;
+ dest = s->d1->handshake_fragment;
+ dest_len = &s->d1->handshake_fragment_len;
+ } else if (rr->type == SSL3_RT_ALERT) {
+ dest_maxlen = sizeof(s->d1->alert_fragment);
+ dest = s->d1->alert_fragment;
+ dest_len = &s->d1->alert_fragment_len;
+ }
+#ifndef OPENSSL_NO_HEARTBEATS
+ else if (rr->type == TLS1_RT_HEARTBEAT) {
+ dtls1_process_heartbeat(s);
+
+ /* Exit and notify application to read again */
+ rr->length = 0;
+ s->rwstate = SSL_READING;
+ BIO_clear_retry_flags(SSL_get_rbio(s));
+ BIO_set_retry_read(SSL_get_rbio(s));
+ return (-1);
+ }
+#endif
+ /* else it's a CCS message, or application data or wrong */
+ else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
+ /*
+ * Application data while renegotiating is allowed. Try again
+ * reading.
+ */
+ if (rr->type == SSL3_RT_APPLICATION_DATA) {
+ BIO *bio;
+ s->s3->in_read_app_data = 2;
+ bio = SSL_get_rbio(s);
+ s->rwstate = SSL_READING;
+ BIO_clear_retry_flags(bio);
+ BIO_set_retry_read(bio);
+ return (-1);
+ }
+
+ /* Not certain if this is the right error handling */
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+ goto f_err;
+ }
+
+ if (dest_maxlen > 0) {
+ /*
+ * XDTLS: In a pathalogical case, the Client Hello may be
+ * fragmented--don't always expect dest_maxlen bytes
+ */
+ if (rr->length < dest_maxlen) {