/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
+#include "internal/cryptlib.h"
#include <openssl/rand.h>
#include "../ssl_locl.h"
#include "statem_locl.h"
}
/*
- * Put the state machine into an error state. This is a permanent error for
- * the current connection.
+ * Put the state machine into an error state and send an alert if appropriate.
+ * This is a permanent error for the current connection.
*/
-void ossl_statem_set_error(SSL *s)
+void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
+ int line)
{
+ s->statem.in_init = 1;
s->statem.state = MSG_FLOW_ERROR;
+ ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
+ if (s->statem.hand_state != TLS_ST_BEFORE
+ && s->statem.hand_state != TLS_ST_CW_CLNT_HELLO) {
+ /*
+ * We only send an alert if we've got as far as actually sending or
+ * receiving a message.
+ */
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ }
}
/*
if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
return 0;
- if (s->hello_retry_request) {
- if (s->statem.hand_state != TLS_ST_SW_HELLO_RETRY_REQUEST)
- return 0;
- } else {
- if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA)
- return 0;
- }
+ if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA)
+ return 0;
return 1;
}
static int state_machine(SSL *s, int server)
{
BUF_MEM *buf = NULL;
- unsigned long Time = (unsigned long)time(NULL);
void (*cb) (const SSL *ssl, int type, int val) = NULL;
OSSL_STATEM *st = &s->statem;
int ret = -1;
return -1;
}
- RAND_add(&Time, sizeof(Time), 0);
ERR_clear_error();
clear_sys_error();
return -1;
}
#ifndef OPENSSL_NO_SCTP
- if (SSL_IS_DTLS(s)) {
+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
/*
* Notify SCTP BIO socket to enter handshake mode and prevent stream
- * identifier other than 0. Will be ignored if no SCTP is used.
+ * identifier other than 0.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL);
if ((SSL_in_before(s))
|| s->renegotiate) {
- if (!tls_setup_handshake(s)) {
- ossl_statem_set_error(s);
+ if (!tls_setup_handshake(s))
goto end;
- }
if (SSL_IS_FIRST_HANDSHAKE(s))
st->read_state_first_init = 1;
}
} else {
/* Error */
- ossl_statem_set_error(s);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_STATE_MACHINE,
+ ERR_R_INTERNAL_ERROR);
goto end;
}
}
st->in_handshake--;
#ifndef OPENSSL_NO_SCTP
- if (SSL_IS_DTLS(s)) {
+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
/*
* Notify SCTP BIO socket to leave handshake mode and allow stream
- * identifier other than 0. Will be ignored if no SCTP is used.
+ * identifier other than 0.
*/
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
st->in_handshake, NULL);
return 0;
}
-
-#ifndef OPENSSL_NO_SCTP
-/*
- * Set flag used by SCTP to determine whether we are in the read sock state
- */
-void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock)
-{
- s->statem.in_sctp_read_sock = read_sock;
-}
-
-/*
- * Called by the record layer to determine whether we are in the read sock
- * state or not.
- *
- * Return values are:
- * 1: Yes (we are in the read sock state)
- * 0: No (we are not in the read sock state)
- */
-int ossl_statem_in_sctp_read_sock(SSL *s)
-{
- return s->statem.in_sctp_read_sock;
-}
-#endif