2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "ssl_local.h"
12 int ssl3_do_change_cipher_spec(SSL
*s
)
17 i
= SSL3_CHANGE_CIPHER_SERVER_READ
;
19 i
= SSL3_CHANGE_CIPHER_CLIENT_READ
;
21 if (s
->s3
.tmp
.key_block
== NULL
) {
22 if (s
->session
== NULL
|| s
->session
->master_key_length
== 0) {
23 /* might happen if dtls1_read_bytes() calls this */
24 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC
, SSL_R_CCS_RECEIVED_EARLY
);
28 s
->session
->cipher
= s
->s3
.tmp
.new_cipher
;
29 if (!s
->method
->ssl3_enc
->setup_key_block(s
)) {
30 /* SSLfatal() already called */
35 if (!s
->method
->ssl3_enc
->change_cipher_state(s
, i
)) {
36 /* SSLfatal() already called */
43 int ssl3_send_alert(SSL
*s
, int level
, int desc
)
45 /* Map tls/ssl alert value to correct one */
46 if (SSL_TREAT_AS_TLS13(s
))
47 desc
= tls13_alert_code(desc
);
49 desc
= s
->method
->ssl3_enc
->alert_value(desc
);
50 if (s
->version
== SSL3_VERSION
&& desc
== SSL_AD_PROTOCOL_VERSION
)
51 desc
= SSL_AD_HANDSHAKE_FAILURE
; /* SSL 3.0 does not have
52 * protocol_version alerts */
55 /* If a fatal one, remove from cache */
56 if ((level
== SSL3_AL_FATAL
) && (s
->session
!= NULL
))
57 SSL_CTX_remove_session(s
->session_ctx
, s
->session
);
59 s
->s3
.alert_dispatch
= 1;
60 s
->s3
.send_alert
[0] = level
;
61 s
->s3
.send_alert
[1] = desc
;
62 if (!RECORD_LAYER_write_pending(&s
->rlayer
)) {
63 /* data still being written out? */
64 return s
->method
->ssl_dispatch_alert(s
);
67 * else data is still being written out, we will get written some time in
73 int ssl3_dispatch_alert(SSL
*s
)
77 void (*cb
) (const SSL
*ssl
, int type
, int val
) = NULL
;
80 s
->s3
.alert_dispatch
= 0;
82 i
= do_ssl3_write(s
, SSL3_RT_ALERT
, &s
->s3
.send_alert
[0], &alertlen
, 1, 0,
85 s
->s3
.alert_dispatch
= 1;
88 * Alert sent to BIO - now flush. If the message does not get sent due
89 * to non-blocking IO, we will not worry too much.
91 (void)BIO_flush(s
->wbio
);
94 s
->msg_callback(1, s
->version
, SSL3_RT_ALERT
, s
->s3
.send_alert
,
95 2, s
, s
->msg_callback_arg
);
97 if (s
->info_callback
!= NULL
)
98 cb
= s
->info_callback
;
99 else if (s
->ctx
->info_callback
!= NULL
)
100 cb
= s
->ctx
->info_callback
;
103 j
= (s
->s3
.send_alert
[0] << 8) | s
->s3
.send_alert
[1];
104 cb(s
, SSL_CB_WRITE_ALERT
, j
);