]>
Commit | Line | Data |
---|---|---|
846e33c7 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
c103c7e2 | 3 | * |
846e33c7 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
c103c7e2 MC |
8 | */ |
9 | ||
10 | #define USE_SOCKETS | |
11 | #include "ssl_locl.h" | |
12 | ||
13 | int ssl3_do_change_cipher_spec(SSL *s) | |
14 | { | |
15 | int i; | |
12472b45 | 16 | size_t finish_md_len; |
c103c7e2 | 17 | const char *sender; |
8b0e934a | 18 | size_t slen; |
c103c7e2 | 19 | |
49ae7423 | 20 | if (s->server) |
c103c7e2 MC |
21 | i = SSL3_CHANGE_CIPHER_SERVER_READ; |
22 | else | |
23 | i = SSL3_CHANGE_CIPHER_CLIENT_READ; | |
24 | ||
25 | if (s->s3->tmp.key_block == NULL) { | |
26 | if (s->session == NULL || s->session->master_key_length == 0) { | |
27 | /* might happen if dtls1_read_bytes() calls this */ | |
a230b26e | 28 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); |
c103c7e2 MC |
29 | return (0); |
30 | } | |
31 | ||
32 | s->session->cipher = s->s3->tmp.new_cipher; | |
33 | if (!s->method->ssl3_enc->setup_key_block(s)) | |
34 | return (0); | |
35 | } | |
36 | ||
37 | if (!s->method->ssl3_enc->change_cipher_state(s, i)) | |
38 | return (0); | |
39 | ||
40 | /* | |
41 | * we have to record the message digest at this point so we can get it | |
42 | * before we read the finished message | |
43 | */ | |
49ae7423 | 44 | if (!s->server) { |
c103c7e2 MC |
45 | sender = s->method->ssl3_enc->server_finished_label; |
46 | slen = s->method->ssl3_enc->server_finished_label_len; | |
47 | } else { | |
48 | sender = s->method->ssl3_enc->client_finished_label; | |
49 | slen = s->method->ssl3_enc->client_finished_label_len; | |
50 | } | |
51 | ||
12472b45 MC |
52 | finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender, slen, |
53 | s->s3->tmp.peer_finish_md); | |
54 | if (finish_md_len == 0) { | |
c103c7e2 MC |
55 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); |
56 | return 0; | |
57 | } | |
12472b45 | 58 | s->s3->tmp.peer_finish_md_len = finish_md_len; |
c103c7e2 MC |
59 | |
60 | return (1); | |
61 | } | |
62 | ||
63 | int ssl3_send_alert(SSL *s, int level, int desc) | |
64 | { | |
65 | /* Map tls/ssl alert value to correct one */ | |
66 | desc = s->method->ssl3_enc->alert_value(desc); | |
67 | if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) | |
68 | desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have | |
69 | * protocol_version alerts */ | |
70 | if (desc < 0) | |
71 | return -1; | |
72 | /* If a fatal one, remove from cache */ | |
73 | if ((level == SSL3_AL_FATAL) && (s->session != NULL)) | |
e2bb9b9b | 74 | SSL_CTX_remove_session(s->session_ctx, s->session); |
c103c7e2 MC |
75 | |
76 | s->s3->alert_dispatch = 1; | |
77 | s->s3->send_alert[0] = level; | |
78 | s->s3->send_alert[1] = desc; | |
f161995e | 79 | if (!RECORD_LAYER_write_pending(&s->rlayer)) { |
c103c7e2 MC |
80 | /* data still being written out? */ |
81 | return s->method->ssl_dispatch_alert(s); | |
82 | } | |
83 | /* | |
84 | * else data is still being written out, we will get written some time in | |
85 | * the future | |
86 | */ | |
87 | return -1; | |
88 | } | |
89 | ||
90 | int ssl3_dispatch_alert(SSL *s) | |
91 | { | |
92 | int i, j; | |
7ee8627f | 93 | size_t alertlen; |
c103c7e2 | 94 | void (*cb) (const SSL *ssl, int type, int val) = NULL; |
7ee8627f | 95 | size_t written; |
c103c7e2 MC |
96 | |
97 | s->s3->alert_dispatch = 0; | |
d102d9df | 98 | alertlen = 2; |
7ee8627f MC |
99 | i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0, |
100 | &written); | |
c103c7e2 MC |
101 | if (i <= 0) { |
102 | s->s3->alert_dispatch = 1; | |
103 | } else { | |
104 | /* | |
105 | * Alert sent to BIO. If it is important, flush it now. If the | |
106 | * message does not get sent due to non-blocking IO, we will not | |
107 | * worry too much. | |
108 | */ | |
109 | if (s->s3->send_alert[0] == SSL3_AL_FATAL) | |
110 | (void)BIO_flush(s->wbio); | |
111 | ||
112 | if (s->msg_callback) | |
113 | s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, | |
114 | 2, s, s->msg_callback_arg); | |
115 | ||
116 | if (s->info_callback != NULL) | |
117 | cb = s->info_callback; | |
118 | else if (s->ctx->info_callback != NULL) | |
119 | cb = s->ctx->info_callback; | |
120 | ||
121 | if (cb != NULL) { | |
122 | j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]; | |
123 | cb(s, SSL_CB_WRITE_ALERT, j); | |
124 | } | |
125 | } | |
7ee8627f | 126 | return i; |
c103c7e2 | 127 | } |