From: Matt Caswell Date: Mon, 22 Aug 2022 14:49:53 +0000 (+0100) Subject: Move checking for alerts to dispatch out of the record layer X-Git-Tag: openssl-3.2.0-alpha1~2038 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3eaead7166ef5aff027e571a9be0def6581ef20c;p=thirdparty%2Fopenssl.git Move checking for alerts to dispatch out of the record layer This isn't a record layer responsibility so should be removed from write_records. Reviewed-by: Hugo Landau Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/19198) --- diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 6a5b7c66967..e679d9fe6b9 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1310,7 +1310,7 @@ int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, WPACKET *thispkt; SSL3_RECORD *thiswr; unsigned char *recordstart; - int i, mac_size, clear = 0; + int mac_size, clear = 0; int eivlen = 0; size_t align = 0; SSL3_BUFFER *wb; @@ -1329,16 +1329,6 @@ int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates, goto err; } - /* If we have an alert to send, lets send it */ - if (s->s3.alert_dispatch) { - i = ssl->method->ssl_dispatch_alert(ssl); - if (i <= 0) { - /* SSLfatal() already called if appropriate */ - return i; - } - /* if it went, fall through and send more stuff */ - } - sess = s->session; if ((sess == NULL) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index e6439ccda95..1b342b63667 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -424,6 +424,16 @@ int ssl3_write_bytes(SSL *ssl, int type, const void *buf_, size_t len, return 1; } + /* If we have an alert to send, lets send it */ + if (s->s3.alert_dispatch) { + i = ssl->method->ssl_dispatch_alert(ssl); + if (i <= 0) { + /* SSLfatal() already called if appropriate */ + return i; + } + /* if it went, fall through and send more stuff */ + } + n = (len - tot); max_send_fragment = ssl_get_max_send_fragment(s);