X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Fs3_msg.c;h=fd75677dc08143187dae2a06ce8cf587a36e0e72;hb=87930507ff1c020d4ba1ca895ef3ef08e17253b3;hp=185f0e98903251934e1ed1c71ec152fc87f927dc;hpb=e2bb9b9bf355792d89e131518cc0fd141d46ca5c;p=openssl.git diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 185f0e9890..fd75677dc0 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -1,20 +1,17 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#define USE_SOCKETS #include "ssl_locl.h" int ssl3_do_change_cipher_spec(SSL *s) { int i; - const char *sender; - int slen; if (s->server) i = SSL3_CHANGE_CIPHER_SERVER_READ; @@ -24,47 +21,32 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, - SSL_R_CCS_RECEIVED_EARLY); - return (0); + SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY); + return 0; } s->session->cipher = s->s3->tmp.new_cipher; - if (!s->method->ssl3_enc->setup_key_block(s)) - return (0); - } - - if (!s->method->ssl3_enc->change_cipher_state(s, i)) - return (0); - - /* - * we have to record the message digest at this point so we can get it - * before we read the finished message - */ - if (!s->server) { - sender = s->method->ssl3_enc->server_finished_label; - slen = s->method->ssl3_enc->server_finished_label_len; - } else { - sender = s->method->ssl3_enc->client_finished_label; - slen = s->method->ssl3_enc->client_finished_label_len; + if (!s->method->ssl3_enc->setup_key_block(s)) { + /* SSLfatal() already called */ + return 0; + } } - i = s->method->ssl3_enc->final_finish_mac(s, - sender, slen, - s->s3->tmp.peer_finish_md); - if (i == 0) { - SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); + if (!s->method->ssl3_enc->change_cipher_state(s, i)) { + /* SSLfatal() already called */ return 0; } - s->s3->tmp.peer_finish_md_len = i; - return (1); + return 1; } int ssl3_send_alert(SSL *s, int level, int desc) { /* Map tls/ssl alert value to correct one */ - desc = s->method->ssl3_enc->alert_value(desc); + if (SSL_TREAT_AS_TLS13(s)) + desc = tls13_alert_code(desc); + else + desc = s->method->ssl3_enc->alert_value(desc); if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have * protocol_version alerts */ @@ -91,22 +73,22 @@ int ssl3_send_alert(SSL *s, int level, int desc) int ssl3_dispatch_alert(SSL *s) { int i, j; - unsigned int alertlen; + size_t alertlen; void (*cb) (const SSL *ssl, int type, int val) = NULL; + size_t written; s->s3->alert_dispatch = 0; alertlen = 2; - i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0); + i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0, + &written); if (i <= 0) { s->s3->alert_dispatch = 1; } else { /* - * Alert sent to BIO. If it is important, flush it now. If the - * message does not get sent due to non-blocking IO, we will not - * worry too much. + * Alert sent to BIO - now flush. If the message does not get sent due + * to non-blocking IO, we will not worry too much. */ - if (s->s3->send_alert[0] == SSL3_AL_FATAL) - (void)BIO_flush(s->wbio); + (void)BIO_flush(s->wbio); if (s->msg_callback) s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, @@ -122,5 +104,5 @@ int ssl3_dispatch_alert(SSL *s) cb(s, SSL_CB_WRITE_ALERT, j); } } - return (i); + return i; }