sslChangeCipher.cpp [plain text]
#include "sslContext.h"
#include "sslHandshake.h"
#include "sslMemory.h"
#include "sslAlertMessage.h"
#include "sslDebug.h"
#include <assert.h>
#include <string.h>
OSStatus
SSLEncodeChangeCipherSpec(SSLRecord &rec, SSLContext *ctx)
{ OSStatus err;
assert(ctx->writePending.ready);
sslLogNegotiateDebug("===Sending changeCipherSpec msg");
rec.contentType = SSL_RecordTypeChangeCipher;
assert((ctx->negProtocolVersion == SSL_Version_3_0) ||
(ctx->negProtocolVersion == TLS_Version_1_0));
rec.protocolVersion = ctx->negProtocolVersion;
rec.contents.length = 1;
if ((err = SSLAllocBuffer(rec.contents, 1, ctx)) != 0)
return err;
rec.contents.data[0] = 1;
return noErr;
}
OSStatus
SSLProcessChangeCipherSpec(SSLRecord rec, SSLContext *ctx)
{ OSStatus err;
if (rec.contents.length != 1 || rec.contents.data[0] != 1)
{ SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx);
sslErrorLog("***bad changeCipherSpec msg: length %d data 0x%x\n",
(unsigned)rec.contents.length, (unsigned)rec.contents.data[0]);
return errSSLProtocol;
}
if (!ctx->readPending.ready || ctx->state != SSL_HdskStateChangeCipherSpec)
{ SSLFatalSessionAlert(SSL_AlertUnexpectedMsg, ctx);
sslErrorLog("***bad changeCipherSpec msg: readPending.ready %d state %d\n",
(unsigned)ctx->readPending.ready, (unsigned)ctx->state);
return errSSLProtocol;
}
sslLogNegotiateDebug("===Processing changeCipherSpec msg");
if ((err = SSLDisposeCipherSuite(&ctx->readCipher, ctx)) != 0)
{ SSLFatalSessionAlert(SSL_AlertInternalError, ctx);
return err;
}
ctx->readCipher = ctx->readPending;
ctx->readCipher.ready = 0;
SSLChangeHdskState(ctx, SSL_HdskStateFinished);
memset(&ctx->readPending, 0, sizeof(CipherContext));
return noErr;
}
OSStatus
SSLDisposeCipherSuite(CipherContext *cipher, SSLContext *ctx)
{ OSStatus err;
if (cipher->symKey)
{ if ((err = cipher->symCipher->finish(cipher, ctx)) != 0)
return err;
cipher->symKey = 0;
}
ctx->sslTslCalls->freeMac(cipher);
return noErr;
}