Lines Matching refs:ssl
4 * This package is an SSL implementation written
6 * The implementation was written so as to conform with Netscapes SSL.
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
109 #include <openssl/ssl.h>
127 static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len);
129 int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in,
131 assert(ssl_can_write(ssl));
132 assert(!ssl->s3->aead_write_ctx->is_null_cipher());
136 if (ssl->s3->write_shutdown != ssl_shutdown_none) {
137 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
143 assert(ssl->s3->wnum <= INT_MAX);
144 tot = ssl->s3->wnum;
145 ssl->s3->wnum = 0;
155 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_LENGTH);
160 !ssl->server && SSL_in_early_data(ssl) && ssl->s3->hs->can_early_write;
165 unsigned max = ssl->max_send_fragment;
166 if (is_early_data_write && max > ssl->session->ticket_max_early_data -
167 ssl->s3->hs->early_data_written) {
168 max = ssl->session->ticket_max_early_data - ssl->s3->hs->early_data_written;
170 ssl->s3->wnum = tot;
171 ssl->s3->hs->can_early_write = false;
183 int ret = do_ssl3_write(ssl, SSL3_RT_APPLICATION_DATA, &in[tot], nw);
185 ssl->s3->wnum = tot;
190 ssl->s3->hs->early_data_written += ret;
193 if (ret == (int)n || (ssl->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)) {
202 static int ssl3_write_pending(SSL *ssl, int type, const uint8_t *in,
204 if (ssl->s3->wpend_tot > (int)len ||
205 (!(ssl->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) &&
206 ssl->s3->wpend_buf != in) ||
207 ssl->s3->wpend_type != type) {
208 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_WRITE_RETRY);
212 int ret = ssl_write_buffer_flush(ssl);
216 ssl->s3->wpend_pending = false;
217 return ssl->s3->wpend_ret;
220 // do_ssl3_write writes an SSL record of the given type.
221 static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len) {
223 if (ssl->s3->wpend_pending) {
224 return ssl3_write_pending(ssl, type, in, len);
227 SSLBuffer *buf = &ssl->s3->write_buffer;
229 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
238 if (ssl->s3->pending_flight != nullptr) {
240 ssl->s3->pending_flight->length - ssl->s3->pending_flight_offset;
243 size_t max_out = len + SSL_max_seal_overhead(ssl);
245 OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
250 if (!buf->EnsureCap(flight_len + ssl_seal_align_prefix_len(ssl), max_out)) {
258 if (ssl->s3->pending_flight != nullptr) {
261 ssl->s3->pending_flight->data + ssl->s3->pending_flight_offset,
263 ssl->s3->pending_flight.reset();
264 ssl->s3->pending_flight_offset = 0;
269 if (!tls_seal_record(ssl, buf->remaining().data(), &ciphertext_len,
277 ssl->s3->key_update_pending = false;
281 ssl->s3->wpend_tot = len;
282 ssl->s3->wpend_buf = in;
283 ssl->s3->wpend_type = type;
284 ssl->s3->wpend_ret = len;
285 ssl->s3->wpend_pending = true;
288 return ssl3_write_pending(ssl, type, in, len);
291 ssl_open_record_t ssl3_open_app_data(SSL *ssl, Span<uint8_t> *out,
294 assert(ssl_can_read(ssl));
295 assert(!ssl->s3->aead_read_ctx->is_null_cipher());
299 auto ret = tls_open_record(ssl, &type, &body, out_consumed, out_alert, in);
304 const bool is_early_data_read = ssl->server && SSL_in_early_data(ssl);
310 if (ssl->server && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
311 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
316 if (!ssl->s3->hs_buf) {
317 ssl->s3->hs_buf.reset(BUF_MEM_new());
319 if (!ssl->s3->hs_buf ||
320 !BUF_MEM_append(ssl->s3->hs_buf.get(), body.data(), body.size())) {
328 OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
334 if (body.size() > kMaxEarlyDataAccepted - ssl->s3->hs->early_data_read) {
335 OPENSSL_PUT_ERROR(SSL, SSL_R_TOO_MUCH_READ_EARLY_DATA);
340 ssl->s3->hs->early_data_read += body.size();
351 ssl_open_record_t ssl3_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
356 auto ret = tls_open_record(ssl, &type, &body, out_consumed, out_alert, in);
362 OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
368 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_CHANGE_CIPHER_SPEC);
373 ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_CHANGE_CIPHER_SPEC, body);
377 int ssl_send_alert(SSL *ssl, int level, int desc) {
379 if (ssl->s3->write_shutdown != ssl_shutdown_none) {
380 OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
385 ssl->s3->write_shutdown = ssl_shutdown_close_notify;
389 ssl->s3->write_shutdown = ssl_shutdown_error;
392 ssl->s3->alert_dispatch = 1;
393 ssl->s3->send_alert[0] = level;
394 ssl->s3->send_alert[1] = desc;
395 if (ssl->s3->write_buffer.empty()) {
398 return ssl->method->dispatch_alert(ssl);
405 int ssl3_dispatch_alert(SSL *ssl) {
406 int ret = do_ssl3_write(ssl, SSL3_RT_ALERT, &ssl->s3->send_alert[0], 2);
410 ssl->s3->alert_dispatch = 0;
413 if (ssl->s3->send_alert[0] == SSL3_AL_FATAL) {
414 BIO_flush(ssl->wbio);
417 ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_ALERT, ssl->s3->send_alert);
419 int alert = (ssl->s3->send_alert[0] << 8) | ssl->s3->send_alert[1];
420 ssl_do_info_callback(ssl, SSL_CB_WRITE_ALERT, alert);
