Lines Matching refs:ssl
59 * This package is an SSL implementation written
61 * The implementation was written so as to conform with Netscapes SSL.
66 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
112 #include <openssl/ssl.h>
127 static int do_dtls1_write(SSL *ssl, int type, const uint8_t *buf,
131 * |ssl->s3->rrec| and returns one. Otherwise it returns <= 0 on error or if
133 static int dtls1_get_record(SSL *ssl) {
136 if (ssl_read_buffer_len(ssl) == 0) {
137 int ret = ssl_read_buffer_extend_to(ssl, 0 /* unused */);
142 assert(ssl_read_buffer_len(ssl) > 0);
145 if (ssl_read_buffer_len(ssl) < ssl_record_prefix_len(ssl)) {
146 ssl_read_buffer_clear(ssl);
150 uint8_t *out = ssl_read_buffer(ssl) + ssl_record_prefix_len(ssl);
151 size_t max_out = ssl_read_buffer_len(ssl) - ssl_record_prefix_len(ssl);
154 switch (dtls_open_record(ssl, &type, out, &len, &consumed, &alert, max_out,
155 ssl_read_buffer(ssl), ssl_read_buffer_len(ssl))) {
157 ssl_read_buffer_consume(ssl, consumed);
160 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
164 SSL3_RECORD *rr = &ssl->s3->rrec;
171 ssl_read_buffer_consume(ssl, consumed);
175 ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
184 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
188 int dtls1_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek) {
189 return dtls1_read_bytes(ssl, SSL3_RT_APPLICATION_DATA, buf, len, peek);
192 int dtls1_read_change_cipher_spec(SSL *ssl) {
194 int ret = dtls1_read_bytes(ssl, SSL3_RT_CHANGE_CIPHER_SPEC, &byte,
201 if (ssl->s3->rrec.length != 0 || byte != SSL3_MT_CCS) {
202 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_CHANGE_CIPHER_SPEC);
203 ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
207 if (ssl->msg_callback != NULL) {
208 ssl->msg_callback(0, ssl->version, SSL3_RT_CHANGE_CIPHER_SPEC, &byte, 1,
209 ssl, ssl->msg_callback_arg);
215 void dtls1_read_close_notify(SSL *ssl) {
220 ssl->shutdown |= SSL_RECEIVED_SHUTDOWN;
235 int dtls1_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int peek) {
239 void (*cb)(const SSL *ssl, int type, int value) = NULL;
244 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
248 if (!ssl->in_handshake && SSL_in_init(ssl)) {
250 i = ssl->handshake_func(ssl);
255 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_HANDSHAKE_FAILURE);
261 ssl->rwstate = SSL_NOTHING;
263 /* ssl->s3->rrec.type - is the type of record
264 * ssl->s3->rrec.data - data
265 * ssl->s3->rrec.off - offset into 'data' for next read
266 * ssl->s3->rrec.length - number of bytes. */
267 rr = &ssl->s3->rrec;
270 if (DTLSv1_handle_timeout(ssl) > 0) {
276 ret = dtls1_get_record(ssl);
278 ret = dtls1_read_failed(ssl, ret);
292 if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN) {
294 ssl->rwstate = SSL_NOTHING;
302 if (SSL_in_init(ssl) && (type == SSL3_RT_APPLICATION_DATA) &&
303 (ssl->aead_read_ctx == NULL)) {
307 OPENSSL_PUT_ERROR(SSL, SSL_R_APP_DATA_IN_HANDSHAKE);
332 ssl_read_buffer_discard(ssl);
347 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ALERT);
351 if (ssl->msg_callback) {
352 ssl->msg_callback(0, ssl->version, SSL3_RT_ALERT, rr->data, 2, ssl,
353 ssl->msg_callback_arg);
360 if (ssl->info_callback != NULL) {
361 cb = ssl->info_callback;
362 } else if (ssl->ctx->info_callback != NULL) {
363 cb = ssl->ctx->info_callback;
368 cb(ssl, SSL_CB_READ_ALERT, alert);
372 ssl->s3->warn_alert = alert_descr;
374 ssl->shutdown |= SSL_RECEIVED_SHUTDOWN;
380 ssl->rwstate = SSL_NOTHING;
381 ssl->s3->fatal_alert = alert_descr;
382 OPENSSL_PUT_ERROR(SSL, SSL_AD_REASON_OFFSET + alert_descr);
384 ERR_add_error_data(2, "SSL alert number ", tmp);
385 ssl->shutdown |= SSL_RECEIVED_SHUTDOWN;
386 SSL_CTX_remove_session(ssl->ctx, ssl->session);
390 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_ALERT_TYPE);
406 if ((rr->type == SSL3_RT_APPLICATION_DATA && ssl->aead_read_ctx != NULL) ||
407 (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC && ssl->aead_read_ctx == NULL)) {
426 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);
437 if (dtls1_check_timeout_num(ssl) < 0) {
441 dtls1_retransmit_buffered_messages(ssl);
453 OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
456 ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
460 int dtls1_write_app_data(SSL *ssl
463 if (SSL_in_init(ssl) && !ssl->in_handshake) {
464 i = ssl->handshake_func(ssl);
469 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_HANDSHAKE_FAILURE);
475 OPENSSL_PUT_ERROR(SSL, SSL_R_DTLS_MESSAGE_TOO_BIG);
479 i = dtls1_write_bytes(ssl, SSL3_RT_APPLICATION_DATA, buf_, len,
486 int dtls1_write_bytes(SSL *ssl, int type, const void *buf, int len,
491 ssl->rwstate = SSL_NOTHING;
492 i = do_dtls1_write(ssl, type, buf, len, use_epoch);
496 static int do_dtls1_write(SSL *ssl, int type, const uint8_t *buf,
501 assert(!ssl_write_buffer_is_pending(ssl));
504 if (ssl->s3->alert_dispatch) {
505 int ret = ssl->method->ssl_dispatch_alert(ssl);
513 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
521 size_t max_out = len + ssl_max_seal_overhead(ssl);
524 if (!ssl_write_buffer_init(ssl, &out, max_out) ||
525 !dtls_seal_record(ssl, out, &ciphertext_len, max_out, type, buf, len,
527 ssl_write_buffer_clear(ssl);
530 ssl_write_buffer_set_len(ssl, ciphertext_len);
532 int ret = ssl_write_buffer_flush(ssl);
539 int dtls1_dispatch_alert(SSL *ssl) {
541 void (*cb)(const SSL *ssl, int type, int value) = NULL;
545 ssl->s3->alert_dispatch = 0;
548 *ptr++ = ssl->s3->send_alert[0];
549 *ptr++ = ssl->s3->send_alert[1];
551 i = do_dtls1_write(ssl, SSL3_RT_ALERT, &buf[0], sizeof(buf),
554 ssl->s3->alert_dispatch = 1;
556 if (ssl->s3->send_alert[0] == SSL3_AL_FATAL) {
557 (void)BIO_flush(ssl->wbio);
560 if (ssl->msg_callback) {
561 ssl->msg_callback(1, ssl->version, SSL3_RT_ALERT, ssl->s3->send_alert, 2,
562 ssl, ssl->msg_callback_arg);
565 if (ssl->info_callback != NULL) {
566 cb = ssl->info_callback;
567 } else if (ssl->ctx->info_callback != NULL) {
568 cb = ssl->ctx->info_callback;
572 j = (ssl->s3->send_alert[0] << 8) | ssl->s3->send_alert[1];
573 cb(ssl, SSL_CB_WRITE_ALERT, j);
