s3_msg.c 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "ssl_local.h"
  10. int ssl3_do_change_cipher_spec(SSL *s)
  11. {
  12. int i;
  13. if (s->server)
  14. i = SSL3_CHANGE_CIPHER_SERVER_READ;
  15. else
  16. i = SSL3_CHANGE_CIPHER_CLIENT_READ;
  17. if (s->s3.tmp.key_block == NULL) {
  18. if (s->session == NULL || s->session->master_key_length == 0) {
  19. /* might happen if dtls1_read_bytes() calls this */
  20. SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
  21. return 0;
  22. }
  23. s->session->cipher = s->s3.tmp.new_cipher;
  24. if (!s->method->ssl3_enc->setup_key_block(s)) {
  25. /* SSLfatal() already called */
  26. return 0;
  27. }
  28. }
  29. if (!s->method->ssl3_enc->change_cipher_state(s, i)) {
  30. /* SSLfatal() already called */
  31. return 0;
  32. }
  33. return 1;
  34. }
  35. int ssl3_send_alert(SSL *s, int level, int desc)
  36. {
  37. /* Map tls/ssl alert value to correct one */
  38. if (SSL_TREAT_AS_TLS13(s))
  39. desc = tls13_alert_code(desc);
  40. else
  41. desc = s->method->ssl3_enc->alert_value(desc);
  42. if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
  43. desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
  44. * protocol_version alerts */
  45. if (desc < 0)
  46. return -1;
  47. /* If a fatal one, remove from cache */
  48. if ((level == SSL3_AL_FATAL) && (s->session != NULL))
  49. SSL_CTX_remove_session(s->session_ctx, s->session);
  50. s->s3.alert_dispatch = 1;
  51. s->s3.send_alert[0] = level;
  52. s->s3.send_alert[1] = desc;
  53. if (!RECORD_LAYER_write_pending(&s->rlayer)) {
  54. /* data still being written out? */
  55. return s->method->ssl_dispatch_alert(s);
  56. }
  57. /*
  58. * else data is still being written out, we will get written some time in
  59. * the future
  60. */
  61. return -1;
  62. }
  63. int ssl3_dispatch_alert(SSL *s)
  64. {
  65. int i, j;
  66. size_t alertlen;
  67. void (*cb) (const SSL *ssl, int type, int val) = NULL;
  68. size_t written;
  69. s->s3.alert_dispatch = 0;
  70. alertlen = 2;
  71. i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3.send_alert[0], &alertlen, 1, 0,
  72. &written);
  73. if (i <= 0) {
  74. s->s3.alert_dispatch = 1;
  75. } else {
  76. /*
  77. * Alert sent to BIO - now flush. If the message does not get sent due
  78. * to non-blocking IO, we will not worry too much.
  79. */
  80. (void)BIO_flush(s->wbio);
  81. if (s->msg_callback)
  82. s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3.send_alert,
  83. 2, s, s->msg_callback_arg);
  84. if (s->info_callback != NULL)
  85. cb = s->info_callback;
  86. else if (s->ctx->info_callback != NULL)
  87. cb = s->ctx->info_callback;
  88. if (cb != NULL) {
  89. j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1];
  90. cb(s, SSL_CB_WRITE_ALERT, j);
  91. }
  92. }
  93. return i;
  94. }