diff options
Diffstat (limited to 'src/tls')
| -rw-r--r-- | src/tls/tls_alerts.h | 3 | ||||
| -rw-r--r-- | src/tls/tls_channel.cpp | 26 | ||||
| -rw-r--r-- | src/tls/tls_channel.h | 17 | ||||
| -rw-r--r-- | src/tls/tls_magic.h | 4 |
4 files changed, 30 insertions, 20 deletions
diff --git a/src/tls/tls_alerts.h b/src/tls/tls_alerts.h index c74361930..0634d6763 100644 --- a/src/tls/tls_alerts.h +++ b/src/tls/tls_alerts.h @@ -35,7 +35,8 @@ class Alert Alert(const MemoryRegion<byte>& buf) { if(buf.size() != 2) - throw Decoding_Error("Alert: Bad size for alert message"); + throw Decoding_Error("Alert: Bad size " + to_string(buf.size()) + + " for alert message"); if(buf[0] == 1) fatal = false; else if(buf[0] == 2) fatal = true; diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index a19836395..46c6d36cd 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -27,7 +27,6 @@ TLS_Channel::TLS_Channel(std::tr1::function<void (const byte[], size_t)> socket_ TLS_Channel::~TLS_Channel() { - close(); delete state; state = 0; } @@ -84,15 +83,23 @@ size_t TLS_Channel::received_data(const byte buf[], size_t buf_size) proc_fn(0, 0, alert_msg.type()); - if(!connection_closed) + if(alert_msg.type() == CLOSE_NOTIFY) { - if(alert_msg.is_fatal() || alert_msg.type() == CLOSE_NOTIFY) - { - if(alert_msg.type() == CLOSE_NOTIFY) - alert(FATAL, CLOSE_NOTIFY); - else - alert(FATAL, NULL_ALERT); - } + if(connection_closed) + reader.reset(); + else + alert(WARNING, CLOSE_NOTIFY); // reply in kind + } + else if(alert_msg.is_fatal()) + { + // delete state immediately + connection_closed = true; + + delete state; + state = 0; + + writer.reset(); + reader.reset(); } } else @@ -202,7 +209,6 @@ void TLS_Channel::alert(Alert_Level alert_level, Alert_Type alert_code) delete state; state = 0; - reader.reset(); writer.reset(); } } diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index af56e8fed..0306d1a74 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -40,14 +40,6 @@ class BOTAN_DLL TLS_Channel void close() { alert(WARNING, CLOSE_NOTIFY); } /** - * Send a TLS alert message. If the alert is fatal, the - * internal state (keys, etc) will be reset - * @param level is warning or fatal - * @param type is the type of alert - */ - void alert(Alert_Level level, Alert_Type type); - - /** * @return true iff the connection is active for sending application data */ bool is_active() const { return handshake_completed && !is_closed(); } @@ -73,6 +65,15 @@ class BOTAN_DLL TLS_Channel virtual ~TLS_Channel(); protected: + + /** + * Send a TLS alert message. If the alert is fatal, the + * internal state (keys, etc) will be reset + * @param level is warning or fatal + * @param type is the type of alert + */ + void alert(Alert_Level level, Alert_Type type); + virtual void read_handshake(byte rec_type, const MemoryRegion<byte>& rec_buf); diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h index df49dfe05..5a35d4c46 100644 --- a/src/tls/tls_magic.h +++ b/src/tls/tls_magic.h @@ -17,7 +17,9 @@ enum Size_Limits { TLS_HEADER_SIZE = 5, MAX_PLAINTEXT_SIZE = 16*1024, MAX_COMPRESSED_SIZE = MAX_PLAINTEXT_SIZE + 1024, - MAX_CIPHERTEXT_SIZE = MAX_COMPRESSED_SIZE + 1024 + MAX_CIPHERTEXT_SIZE = MAX_COMPRESSED_SIZE + 1024, + + MAX_TLS_RECORD_SIZE = MAX_CIPHERTEXT_SIZE + TLS_HEADER_SIZE, }; enum Version_Code { |