Coverage Report

Created: 2025-06-13 06:58

/src/openssl31/ssl/s3_msg.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include "ssl_local.h"
11
12
int ssl3_do_change_cipher_spec(SSL *s)
13
7.67k
{
14
7.67k
    int i;
15
16
7.67k
    if (s->server)
17
4.99k
        i = SSL3_CHANGE_CIPHER_SERVER_READ;
18
2.68k
    else
19
2.68k
        i = SSL3_CHANGE_CIPHER_CLIENT_READ;
20
21
7.67k
    if (s->s3.tmp.key_block == NULL) {
22
4.92k
        if (s->session == NULL || s->session->master_key_length == 0) {
23
            /* might happen if dtls1_read_bytes() calls this */
24
0
            ERR_raise(ERR_LIB_SSL, SSL_R_CCS_RECEIVED_EARLY);
25
0
            return 0;
26
0
        }
27
28
4.92k
        s->session->cipher = s->s3.tmp.new_cipher;
29
4.92k
        if (!s->method->ssl3_enc->setup_key_block(s)) {
30
            /* SSLfatal() already called */
31
0
            return 0;
32
0
        }
33
4.92k
    }
34
35
7.67k
    if (!s->method->ssl3_enc->change_cipher_state(s, i)) {
36
        /* SSLfatal() already called */
37
0
        return 0;
38
0
    }
39
40
7.67k
    return 1;
41
7.67k
}
42
43
int ssl3_send_alert(SSL *s, int level, int desc)
44
108k
{
45
    /* Map tls/ssl alert value to correct one */
46
108k
    if (SSL_TREAT_AS_TLS13(s))
47
7.51k
        desc = tls13_alert_code(desc);
48
100k
    else
49
100k
        desc = s->method->ssl3_enc->alert_value(desc);
50
108k
    if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
51
11
        desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
52
                                          * protocol_version alerts */
53
108k
    if (desc < 0)
54
0
        return -1;
55
108k
    if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY)
56
0
        return -1;
57
    /* If a fatal one, remove from cache */
58
108k
    if ((level == SSL3_AL_FATAL) && (s->session != NULL))
59
40.7k
        SSL_CTX_remove_session(s->session_ctx, s->session);
60
61
108k
    s->s3.alert_dispatch = 1;
62
108k
    s->s3.send_alert[0] = level;
63
108k
    s->s3.send_alert[1] = desc;
64
108k
    if (!RECORD_LAYER_write_pending(&s->rlayer)) {
65
        /* data still being written out? */
66
108k
        return s->method->ssl_dispatch_alert(s);
67
108k
    }
68
    /*
69
     * else data is still being written out, we will get written some time in
70
     * the future
71
     */
72
0
    return -1;
73
108k
}
74
75
int ssl3_dispatch_alert(SSL *s)
76
17.7k
{
77
17.7k
    int i, j;
78
17.7k
    size_t alertlen;
79
17.7k
    void (*cb) (const SSL *ssl, int type, int val) = NULL;
80
17.7k
    size_t written;
81
82
17.7k
    s->s3.alert_dispatch = 0;
83
17.7k
    alertlen = 2;
84
17.7k
    i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3.send_alert[0], &alertlen, 1, 0,
85
17.7k
                      &written);
86
17.7k
    if (i <= 0) {
87
0
        s->s3.alert_dispatch = 1;
88
17.7k
    } else {
89
        /*
90
         * Alert sent to BIO - now flush. If the message does not get sent due
91
         * to non-blocking IO, we will not worry too much.
92
         */
93
17.7k
        (void)BIO_flush(s->wbio);
94
95
17.7k
        if (s->msg_callback)
96
0
            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert,
97
0
                            2, s, s->msg_callback_arg);
98
99
17.7k
        if (s->info_callback != NULL)
100
0
            cb = s->info_callback;
101
17.7k
        else if (s->ctx->info_callback != NULL)
102
0
            cb = s->ctx->info_callback;
103
104
17.7k
        if (cb != NULL) {
105
0
            j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1];
106
0
            cb(s, SSL_CB_WRITE_ALERT, j);
107
0
        }
108
17.7k
    }
109
17.7k
    return i;
110
17.7k
}