mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
2b71b04220
openssl/ssl/s3_msg.c
Matt Caswell 2b71b04220 Create the write record layer method and object and use it 
Make sure we set the write record layer method and create the object
where appropriate. Move the newly restructured writing code into the
record layer object.

For now we are cheating and still accessing the underlying SSL_CONNECTION
object. This will be removed in subsequent commits.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
2022-09-23 14:43:24 +01:00

124 lines
3.6 KiB
C
Raw Blame History

/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "ssl_local.h"
int ssl3_do_change_cipher_spec(SSL_CONNECTION *s)
{
int i;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
if (s->server)
i = SSL3_CHANGE_CIPHER_SERVER_READ;
else
i = SSL3_CHANGE_CIPHER_CLIENT_READ;
if (s->s3.tmp.key_block == NULL) {
if (s->session == NULL || s->session->master_key_length == 0) {
/* might happen if dtls1_read_bytes() calls this */
ERR_raise(ERR_LIB_SSL, SSL_R_CCS_RECEIVED_EARLY);
return 0;
}
s->session->cipher = s->s3.tmp.new_cipher;
if (!ssl->method->ssl3_enc->setup_key_block(s)) {
/* SSLfatal() already called */
return 0;
}
}
if (!ssl->method->ssl3_enc->change_cipher_state(s, i)) {
/* SSLfatal() already called */
return 0;
}
return 1;
}
int ssl3_send_alert(SSL_CONNECTION *s, int level, int desc)
{
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
/* Map tls/ssl alert value to correct one */
if (SSL_CONNECTION_TREAT_AS_TLS13(s))
desc = tls13_alert_code(desc);
else
desc = ssl->method->ssl3_enc->alert_value(desc);
if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
* protocol_version alerts */
if (desc < 0)
return -1;
if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY)
return -1;
/* If a fatal one, remove from cache */
if ((level == SSL3_AL_FATAL) && (s->session != NULL))
SSL_CTX_remove_session(s->session_ctx, s->session);
s->s3.alert_dispatch = 1;
s->s3.send_alert[0] = level;
s->s3.send_alert[1] = desc;
if (!RECORD_LAYER_write_pending(&s->rlayer)) {
/* data still being written out? */
return ssl->method->ssl_dispatch_alert(ssl);
}
/*
* else data is still being written out, we will get written some time in
* the future
*/
return -1;
}
int ssl3_dispatch_alert(SSL *s)
{
int i, j;
void (*cb) (const SSL *ssl, int type, int val) = NULL;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
OSSL_RECORD_TEMPLATE templ;
if (sc == NULL)
return -1;
sc->s3.alert_dispatch = 0;
templ.type = SSL3_RT_ALERT;
templ.buf = &sc->s3.send_alert[0];
templ.buflen = 2;
/* TODO(RECLAYER): What happens if there is already a write pending? */
if (RECORD_LAYER_write_pending(&sc->rlayer))
return -1;
i = sc->rlayer.wrlmethod->write_records(sc->rlayer.wrl, &templ, 1);
if (i <= 0) {
sc->s3.alert_dispatch = 1;
} else {
/*
* Alert sent to BIO - now flush. If the message does not get sent due
* to non-blocking IO, we will not worry too much.
*/
(void)BIO_flush(sc->wbio);
if (sc->msg_callback)
sc->msg_callback(1, sc->version, SSL3_RT_ALERT, sc->s3.send_alert,
2, s, sc->msg_callback_arg);
if (sc->info_callback != NULL)
cb = sc->info_callback;
else if (s->ctx->info_callback != NULL)
cb = s->ctx->info_callback;
if (cb != NULL) {
j = (sc->s3.send_alert[0] << 8) | sc->s3.send_alert[1];
cb(s, SSL_CB_WRITE_ALERT, j);
}
}
return i;
}
Reference in New Issue View Git Blame Copy Permalink