xref: /freebsd/crypto/openssl/ssl/s3_msg.c (revision 17f01e9963948a18f55eb97173123702c5dae671)
1e71b7053SJung-uk Kim /*
2e71b7053SJung-uk Kim  * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3e71b7053SJung-uk Kim  *
4e71b7053SJung-uk Kim  * Licensed under the OpenSSL license (the "License").  You may not use
5e71b7053SJung-uk Kim  * this file except in compliance with the License.  You can obtain a copy
6e71b7053SJung-uk Kim  * in the file LICENSE in the source distribution or at
7e71b7053SJung-uk Kim  * https://www.openssl.org/source/license.html
8e71b7053SJung-uk Kim  */
9e71b7053SJung-uk Kim 
10*17f01e99SJung-uk Kim #include "ssl_local.h"
11e71b7053SJung-uk Kim 
12e71b7053SJung-uk Kim int ssl3_do_change_cipher_spec(SSL *s)
13e71b7053SJung-uk Kim {
14e71b7053SJung-uk Kim     int i;
15e71b7053SJung-uk Kim 
16e71b7053SJung-uk Kim     if (s->server)
17e71b7053SJung-uk Kim         i = SSL3_CHANGE_CIPHER_SERVER_READ;
18e71b7053SJung-uk Kim     else
19e71b7053SJung-uk Kim         i = SSL3_CHANGE_CIPHER_CLIENT_READ;
20e71b7053SJung-uk Kim 
21e71b7053SJung-uk Kim     if (s->s3->tmp.key_block == NULL) {
22e71b7053SJung-uk Kim         if (s->session == NULL || s->session->master_key_length == 0) {
23e71b7053SJung-uk Kim             /* might happen if dtls1_read_bytes() calls this */
24e71b7053SJung-uk Kim             SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
25e71b7053SJung-uk Kim             return 0;
26e71b7053SJung-uk Kim         }
27e71b7053SJung-uk Kim 
28e71b7053SJung-uk Kim         s->session->cipher = s->s3->tmp.new_cipher;
29e71b7053SJung-uk Kim         if (!s->method->ssl3_enc->setup_key_block(s))
30e71b7053SJung-uk Kim             return 0;
31e71b7053SJung-uk Kim     }
32e71b7053SJung-uk Kim 
33e71b7053SJung-uk Kim     if (!s->method->ssl3_enc->change_cipher_state(s, i))
34e71b7053SJung-uk Kim         return 0;
35e71b7053SJung-uk Kim 
36e71b7053SJung-uk Kim     return 1;
37e71b7053SJung-uk Kim }
38e71b7053SJung-uk Kim 
39e71b7053SJung-uk Kim int ssl3_send_alert(SSL *s, int level, int desc)
40e71b7053SJung-uk Kim {
41e71b7053SJung-uk Kim     /* Map tls/ssl alert value to correct one */
42e71b7053SJung-uk Kim     if (SSL_TREAT_AS_TLS13(s))
43e71b7053SJung-uk Kim         desc = tls13_alert_code(desc);
44e71b7053SJung-uk Kim     else
45e71b7053SJung-uk Kim         desc = s->method->ssl3_enc->alert_value(desc);
46e71b7053SJung-uk Kim     if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
47e71b7053SJung-uk Kim         desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
48e71b7053SJung-uk Kim                                           * protocol_version alerts */
49e71b7053SJung-uk Kim     if (desc < 0)
50e71b7053SJung-uk Kim         return -1;
51e71b7053SJung-uk Kim     /* If a fatal one, remove from cache */
52e71b7053SJung-uk Kim     if ((level == SSL3_AL_FATAL) && (s->session != NULL))
53e71b7053SJung-uk Kim         SSL_CTX_remove_session(s->session_ctx, s->session);
54e71b7053SJung-uk Kim 
55e71b7053SJung-uk Kim     s->s3->alert_dispatch = 1;
56e71b7053SJung-uk Kim     s->s3->send_alert[0] = level;
57e71b7053SJung-uk Kim     s->s3->send_alert[1] = desc;
58e71b7053SJung-uk Kim     if (!RECORD_LAYER_write_pending(&s->rlayer)) {
59e71b7053SJung-uk Kim         /* data still being written out? */
60e71b7053SJung-uk Kim         return s->method->ssl_dispatch_alert(s);
61e71b7053SJung-uk Kim     }
62e71b7053SJung-uk Kim     /*
63e71b7053SJung-uk Kim      * else data is still being written out, we will get written some time in
64e71b7053SJung-uk Kim      * the future
65e71b7053SJung-uk Kim      */
66e71b7053SJung-uk Kim     return -1;
67e71b7053SJung-uk Kim }
68e71b7053SJung-uk Kim 
69e71b7053SJung-uk Kim int ssl3_dispatch_alert(SSL *s)
70e71b7053SJung-uk Kim {
71e71b7053SJung-uk Kim     int i, j;
72e71b7053SJung-uk Kim     size_t alertlen;
73e71b7053SJung-uk Kim     void (*cb) (const SSL *ssl, int type, int val) = NULL;
74e71b7053SJung-uk Kim     size_t written;
75e71b7053SJung-uk Kim 
76e71b7053SJung-uk Kim     s->s3->alert_dispatch = 0;
77e71b7053SJung-uk Kim     alertlen = 2;
78e71b7053SJung-uk Kim     i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0,
79e71b7053SJung-uk Kim                       &written);
80e71b7053SJung-uk Kim     if (i <= 0) {
81e71b7053SJung-uk Kim         s->s3->alert_dispatch = 1;
82e71b7053SJung-uk Kim     } else {
83e71b7053SJung-uk Kim         /*
84e71b7053SJung-uk Kim          * Alert sent to BIO - now flush. If the message does not get sent due
85e71b7053SJung-uk Kim          * to non-blocking IO, we will not worry too much.
86e71b7053SJung-uk Kim          */
87e71b7053SJung-uk Kim         (void)BIO_flush(s->wbio);
88e71b7053SJung-uk Kim 
89e71b7053SJung-uk Kim         if (s->msg_callback)
90e71b7053SJung-uk Kim             s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
91e71b7053SJung-uk Kim                             2, s, s->msg_callback_arg);
92e71b7053SJung-uk Kim 
93e71b7053SJung-uk Kim         if (s->info_callback != NULL)
94e71b7053SJung-uk Kim             cb = s->info_callback;
95e71b7053SJung-uk Kim         else if (s->ctx->info_callback != NULL)
96e71b7053SJung-uk Kim             cb = s->ctx->info_callback;
97e71b7053SJung-uk Kim 
98e71b7053SJung-uk Kim         if (cb != NULL) {
99e71b7053SJung-uk Kim             j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
100e71b7053SJung-uk Kim             cb(s, SSL_CB_WRITE_ALERT, j);
101e71b7053SJung-uk Kim         }
102e71b7053SJung-uk Kim     }
103e71b7053SJung-uk Kim     return i;
104e71b7053SJung-uk Kim }
105