diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 610448ee7..90de64932 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -695,6 +695,19 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len ); */ int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len ); +/** + * \brief Send an alert message + * + * \param ssl SSL context + * \param level The alert level of the message + * (SSL_ALERT_LEVEL_WARNING or SSL_ALERT_LEVEL_FATAL) + * \param message The alert message (SSL_ALERT_MSG_*) + * + * \return 1 if successful, or a specific SSL error code. + */ +int ssl_send_alert_message( ssl_context *ssl, + unsigned char level, + unsigned char message ); /** * \brief Notify the peer that the connection is being closed * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e697f4ece..98a2187a9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1359,6 +1359,22 @@ int ssl_read_record( ssl_context *ssl ) } } + if( ssl->in_msgtype != SSL_MSG_HANDSHAKE && + ssl->in_msgtype != SSL_MSG_ALERT && + ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC && + ssl->in_msgtype != SSL_MSG_APPLICATION_DATA ) + { + SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); + + if( ( ret = ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL, + SSL_ALERT_MSG_UNEXPECTED_MESSAGE ) ) != 0 ) + { + return( ret ); + } + + return( POLARSSL_ERR_SSL_INVALID_RECORD ); + } + if( ssl->in_msgtype == SSL_MSG_HANDSHAKE ) { ssl->in_hslen = 4; @@ -1421,6 +1437,30 @@ int ssl_read_record( ssl_context *ssl ) return( 0 ); } +int ssl_send_alert_message( ssl_context *ssl, + unsigned char level, + unsigned char message ) +{ + int ret; + + SSL_DEBUG_MSG( 2, ( "=> send alert message" ) ); + + ssl->out_msgtype = SSL_MSG_ALERT; + ssl->out_msglen = 2; + ssl->out_msg[0] = level; + ssl->out_msg[1] = message; + + if( ( ret = ssl_write_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } + + SSL_DEBUG_MSG( 2, ( "<= send alert message" ) ); + + return( 0 ); +} + /* * Handshake functions */