]>
Commit | Line | Data |
---|---|---|
846e33c7 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
c103c7e2 | 3 | * |
846e33c7 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
c103c7e2 MC |
8 | */ |
9 | ||
c103c7e2 MC |
10 | #include "ssl_locl.h" |
11 | ||
12 | int ssl3_do_change_cipher_spec(SSL *s) | |
13 | { | |
14 | int i; | |
12472b45 | 15 | size_t finish_md_len; |
c103c7e2 | 16 | const char *sender; |
8b0e934a | 17 | size_t slen; |
c103c7e2 | 18 | |
49ae7423 | 19 | if (s->server) |
c103c7e2 MC |
20 | i = SSL3_CHANGE_CIPHER_SERVER_READ; |
21 | else | |
22 | i = SSL3_CHANGE_CIPHER_CLIENT_READ; | |
23 | ||
24 | if (s->s3->tmp.key_block == NULL) { | |
25 | if (s->session == NULL || s->session->master_key_length == 0) { | |
26 | /* might happen if dtls1_read_bytes() calls this */ | |
a230b26e | 27 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); |
26a7d938 | 28 | return 0; |
c103c7e2 MC |
29 | } |
30 | ||
31 | s->session->cipher = s->s3->tmp.new_cipher; | |
32 | if (!s->method->ssl3_enc->setup_key_block(s)) | |
26a7d938 | 33 | return 0; |
c103c7e2 MC |
34 | } |
35 | ||
36 | if (!s->method->ssl3_enc->change_cipher_state(s, i)) | |
26a7d938 | 37 | return 0; |
c103c7e2 MC |
38 | |
39 | /* | |
40 | * we have to record the message digest at this point so we can get it | |
41 | * before we read the finished message | |
42 | */ | |
49ae7423 | 43 | if (!s->server) { |
c103c7e2 MC |
44 | sender = s->method->ssl3_enc->server_finished_label; |
45 | slen = s->method->ssl3_enc->server_finished_label_len; | |
46 | } else { | |
47 | sender = s->method->ssl3_enc->client_finished_label; | |
48 | slen = s->method->ssl3_enc->client_finished_label_len; | |
49 | } | |
50 | ||
12472b45 MC |
51 | finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender, slen, |
52 | s->s3->tmp.peer_finish_md); | |
53 | if (finish_md_len == 0) { | |
c103c7e2 MC |
54 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); |
55 | return 0; | |
56 | } | |
12472b45 | 57 | s->s3->tmp.peer_finish_md_len = finish_md_len; |
c103c7e2 | 58 | |
208fb891 | 59 | return 1; |
c103c7e2 MC |
60 | } |
61 | ||
62 | int ssl3_send_alert(SSL *s, int level, int desc) | |
63 | { | |
64 | /* Map tls/ssl alert value to correct one */ | |
49e7fe12 MC |
65 | if (SSL_TREAT_AS_TLS13(s)) |
66 | desc = tls13_alert_code(desc); | |
67 | else | |
68 | desc = s->method->ssl3_enc->alert_value(desc); | |
c103c7e2 MC |
69 | if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) |
70 | desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have | |
71 | * protocol_version alerts */ | |
72 | if (desc < 0) | |
73 | return -1; | |
74 | /* If a fatal one, remove from cache */ | |
75 | if ((level == SSL3_AL_FATAL) && (s->session != NULL)) | |
e2bb9b9b | 76 | SSL_CTX_remove_session(s->session_ctx, s->session); |
c103c7e2 MC |
77 | |
78 | s->s3->alert_dispatch = 1; | |
79 | s->s3->send_alert[0] = level; | |
80 | s->s3->send_alert[1] = desc; | |
f161995e | 81 | if (!RECORD_LAYER_write_pending(&s->rlayer)) { |
c103c7e2 MC |
82 | /* data still being written out? */ |
83 | return s->method->ssl_dispatch_alert(s); | |
84 | } | |
85 | /* | |
86 | * else data is still being written out, we will get written some time in | |
87 | * the future | |
88 | */ | |
89 | return -1; | |
90 | } | |
91 | ||
92 | int ssl3_dispatch_alert(SSL *s) | |
93 | { | |
94 | int i, j; | |
7ee8627f | 95 | size_t alertlen; |
c103c7e2 | 96 | void (*cb) (const SSL *ssl, int type, int val) = NULL; |
7ee8627f | 97 | size_t written; |
c103c7e2 MC |
98 | |
99 | s->s3->alert_dispatch = 0; | |
d102d9df | 100 | alertlen = 2; |
7ee8627f MC |
101 | i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0, |
102 | &written); | |
c103c7e2 MC |
103 | if (i <= 0) { |
104 | s->s3->alert_dispatch = 1; | |
105 | } else { | |
106 | /* | |
270d65fa TS |
107 | * Alert sent to BIO - now flush. If the message does not get sent due |
108 | * to non-blocking IO, we will not worry too much. | |
c103c7e2 | 109 | */ |
270d65fa | 110 | (void)BIO_flush(s->wbio); |
c103c7e2 MC |
111 | |
112 | if (s->msg_callback) | |
113 | s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, | |
114 | 2, s, s->msg_callback_arg); | |
115 | ||
116 | if (s->info_callback != NULL) | |
117 | cb = s->info_callback; | |
118 | else if (s->ctx->info_callback != NULL) | |
119 | cb = s->ctx->info_callback; | |
120 | ||
121 | if (cb != NULL) { | |
122 | j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]; | |
123 | cb(s, SSL_CB_WRITE_ALERT, j); | |
124 | } | |
125 | } | |
7ee8627f | 126 | return i; |
c103c7e2 | 127 | } |