mirror of
https://github.com/openssl/openssl.git
synced 2024-12-11 11:04:03 +08:00
22d6e8547f
do_dtls1_write() was never called with a value for create_empty_fragment that was ever non-zero - so this is dead code and can be removed. The equivalent code in the TLS processing is used for TLS1.0/SSLv3 to protect against known IV weaknesses because those protocol versions do not have an explicit IV. However DTLS1.0 is based on TLSv1.1 and *does* have an explicit IV - so this is not useful there. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
80 lines
2.2 KiB
C
80 lines
2.2 KiB
C
/*
|
|
* Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include "ssl_local.h"
|
|
|
|
int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
|
|
size_t *written)
|
|
{
|
|
int i;
|
|
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
|
|
|
|
if (sc == NULL)
|
|
return -1;
|
|
|
|
if (SSL_in_init(s) && !ossl_statem_get_in_handshake(sc)) {
|
|
i = sc->handshake_func(s);
|
|
if (i < 0)
|
|
return i;
|
|
if (i == 0) {
|
|
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_HANDSHAKE_FAILURE);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
|
|
ERR_raise(ERR_LIB_SSL, SSL_R_DTLS_MESSAGE_TOO_BIG);
|
|
return -1;
|
|
}
|
|
|
|
return dtls1_write_bytes(sc, type, buf_, len, written);
|
|
}
|
|
|
|
int dtls1_dispatch_alert(SSL *ssl)
|
|
{
|
|
int i, j;
|
|
void (*cb) (const SSL *ssl, int type, int val) = NULL;
|
|
unsigned char buf[DTLS1_AL_HEADER_LENGTH];
|
|
unsigned char *ptr = &buf[0];
|
|
size_t written;
|
|
SSL_CONNECTION *s = SSL_CONNECTION_FROM_SSL_ONLY(ssl);
|
|
|
|
if (s == NULL)
|
|
return 0;
|
|
|
|
s->s3.alert_dispatch = 0;
|
|
|
|
memset(buf, 0, sizeof(buf));
|
|
*ptr++ = s->s3.send_alert[0];
|
|
*ptr++ = s->s3.send_alert[1];
|
|
|
|
i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), &written);
|
|
if (i <= 0) {
|
|
s->s3.alert_dispatch = 1;
|
|
/* fprintf(stderr, "not done with alert\n"); */
|
|
} else {
|
|
(void)BIO_flush(s->wbio);
|
|
|
|
if (s->msg_callback)
|
|
s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert,
|
|
2, ssl, s->msg_callback_arg);
|
|
|
|
if (s->info_callback != NULL)
|
|
cb = s->info_callback;
|
|
else if (ssl->ctx->info_callback != NULL)
|
|
cb = ssl->ctx->info_callback;
|
|
|
|
if (cb != NULL) {
|
|
j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1];
|
|
cb(ssl, SSL_CB_WRITE_ALERT, j);
|
|
}
|
|
}
|
|
return i;
|
|
}
|