2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 int ssl3_do_change_cipher_spec(SSL
*s
)
21 i
= SSL3_CHANGE_CIPHER_SERVER_READ
;
23 i
= SSL3_CHANGE_CIPHER_CLIENT_READ
;
25 if (s
->s3
->tmp
.key_block
== NULL
) {
26 if (s
->session
== NULL
|| s
->session
->master_key_length
== 0) {
27 /* might happen if dtls1_read_bytes() calls this */
28 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC
, SSL_R_CCS_RECEIVED_EARLY
);
32 s
->session
->cipher
= s
->s3
->tmp
.new_cipher
;
33 if (!s
->method
->ssl3_enc
->setup_key_block(s
))
37 if (!s
->method
->ssl3_enc
->change_cipher_state(s
, i
))
41 * we have to record the message digest at this point so we can get it
42 * before we read the finished message
45 sender
= s
->method
->ssl3_enc
->server_finished_label
;
46 slen
= s
->method
->ssl3_enc
->server_finished_label_len
;
48 sender
= s
->method
->ssl3_enc
->client_finished_label
;
49 slen
= s
->method
->ssl3_enc
->client_finished_label_len
;
52 finish_md_len
= s
->method
->ssl3_enc
->final_finish_mac(s
, sender
, slen
,
53 s
->s3
->tmp
.peer_finish_md
);
54 if (finish_md_len
== 0) {
55 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC
, ERR_R_INTERNAL_ERROR
);
58 s
->s3
->tmp
.peer_finish_md_len
= finish_md_len
;
63 int ssl3_send_alert(SSL
*s
, int level
, int desc
)
65 /* Map tls/ssl alert value to correct one */
66 desc
= s
->method
->ssl3_enc
->alert_value(desc
);
67 if (s
->version
== SSL3_VERSION
&& desc
== SSL_AD_PROTOCOL_VERSION
)
68 desc
= SSL_AD_HANDSHAKE_FAILURE
; /* SSL 3.0 does not have
69 * protocol_version alerts */
72 /* If a fatal one, remove from cache */
73 if ((level
== SSL3_AL_FATAL
) && (s
->session
!= NULL
))
74 SSL_CTX_remove_session(s
->session_ctx
, s
->session
);
76 s
->s3
->alert_dispatch
= 1;
77 s
->s3
->send_alert
[0] = level
;
78 s
->s3
->send_alert
[1] = desc
;
79 if (!RECORD_LAYER_write_pending(&s
->rlayer
)) {
80 /* data still being written out? */
81 return s
->method
->ssl_dispatch_alert(s
);
84 * else data is still being written out, we will get written some time in
90 int ssl3_dispatch_alert(SSL
*s
)
94 void (*cb
) (const SSL
*ssl
, int type
, int val
) = NULL
;
97 s
->s3
->alert_dispatch
= 0;
99 i
= do_ssl3_write(s
, SSL3_RT_ALERT
, &s
->s3
->send_alert
[0], &alertlen
, 1, 0,
102 s
->s3
->alert_dispatch
= 1;
105 * Alert sent to BIO. If it is important, flush it now. If the
106 * message does not get sent due to non-blocking IO, we will not
109 if (s
->s3
->send_alert
[0] == SSL3_AL_FATAL
)
110 (void)BIO_flush(s
->wbio
);
113 s
->msg_callback(1, s
->version
, SSL3_RT_ALERT
, s
->s3
->send_alert
,
114 2, s
, s
->msg_callback_arg
);
116 if (s
->info_callback
!= NULL
)
117 cb
= s
->info_callback
;
118 else if (s
->ctx
->info_callback
!= NULL
)
119 cb
= s
->ctx
->info_callback
;
122 j
= (s
->s3
->send_alert
[0] << 8) | s
->s3
->send_alert
[1];
123 cb(s
, SSL_CB_WRITE_ALERT
, j
);