int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
{
uint8_t *p;
int i;
unsigned long l;
if (s->state == a) {
p = ssl_handshake_start(s);
i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
s->s3->tmp.finish_md);
if (i <= 0)
return 0;
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
l = i;
/* Copy the finished so we can use it for renegotiation checks */
if (s->type == SSL_ST_CONNECT) {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
s->s3->previous_client_finished_len = i;
} else {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
s->s3->previous_server_finished_len = i;
}
ssl_set_handshake_header(s, SSL3_MT_FINISHED, l);
s->state = b;
}
/* SSL3_ST_SEND_xxxxxx_HELLO_B */
return ssl_do_write(s);
}
int ssl3_output_cert_chain(SSL *ssl) {
uint8_t *p;
unsigned long l = 3 + SSL_HM_HEADER_LENGTH(ssl);
if (!ssl_add_cert_chain(ssl, &l)) {
return 0;
}
l -= 3 + SSL_HM_HEADER_LENGTH(ssl);
p = ssl_handshake_start(ssl);
l2n3(l, p);
l += 3;
return ssl_set_handshake_header(ssl, SSL3_MT_CERTIFICATE, l);
}
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
{
unsigned char *p;
unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);
if (!ssl_add_cert_chain(s, cpk, &l))
return 0;
l -= 3 + SSL_HM_HEADER_LENGTH(s);
p = ssl_handshake_start(s);
l2n3(l,p);
l += 3;
ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
return l + SSL_HM_HEADER_LENGTH(s);
}
int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
{
unsigned char *p;
int i;
unsigned long l;
if (s->state == a)
{
p = ssl_handshake_start(s);
i=s->method->ssl3_enc->final_finish_mac(s,
sender,slen,s->s3->tmp.finish_md);
if (i == 0)
return 0;
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
l=i;
/* Copy the finished so we can use it for
renegotiation checks */
if(s->type == SSL_ST_CONNECT)
{
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished,
s->s3->tmp.finish_md, i);
s->s3->previous_client_finished_len=i;
}
else
{
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished,
s->s3->tmp.finish_md, i);
s->s3->previous_server_finished_len=i;
}
#ifdef OPENSSL_SYS_WIN16
/* MSVC 1.5 does not clear the top bytes of the word unless
* I do this.
*/
l&=0xffff;
#endif
ssl_set_handshake_header(s, SSL3_MT_FINISHED, l);
s->state=b;
}
/* SSL3_ST_SEND_xxxxxx_HELLO_B */
return ssl_do_write(s);
}
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
{
unsigned char *p;
unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);
if (!ssl_add_cert_chain(s, cpk, &l))
return 0;
l -= 3 + SSL_HM_HEADER_LENGTH(s);
p = ssl_handshake_start(s);
l2n3(l, p);
l += 3;
if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l)) {
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
return 0;
}
return l + SSL_HM_HEADER_LENGTH(s);
}
int ssl3_send_finished(SSL *ssl, int a, int b) {
uint8_t *p;
int n;
if (ssl->state == a) {
p = ssl_handshake_start(ssl);
n = ssl->s3->enc_method->final_finish_mac(ssl, ssl->server,
ssl->s3->tmp.finish_md);
if (n == 0) {
return 0;
}
ssl->s3->tmp.finish_md_len = n;
memcpy(p, ssl->s3->tmp.finish_md, n);
/* Log the master secret, if logging is enabled. */
if (!ssl_log_master_secret(ssl, ssl->s3->client_random, SSL3_RANDOM_SIZE,
ssl->session->master_key,
ssl->session->master_key_length)) {
return 0;
}
/* Copy the finished so we can use it for renegotiation checks */
if (ssl->server) {
assert(n <= EVP_MAX_MD_SIZE);
memcpy(ssl->s3->previous_server_finished, ssl->s3->tmp.finish_md, n);
ssl->s3->previous_server_finished_len = n;
} else {
assert(n <= EVP_MAX_MD_SIZE);
memcpy(ssl->s3->previous_client_finished, ssl->s3->tmp.finish_md, n);
ssl->s3->previous_client_finished_len = n;
}
if (!ssl_set_handshake_header(ssl, SSL3_MT_FINISHED, n)) {
return 0;
}
ssl->state = b;
}
/* SSL3_ST_SEND_xxxxxx_HELLO_B */
return ssl_do_write(ssl);
}
int ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) {
uint8_t *p;
unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);
if (cpk == NULL) {
/* TLSv1 sends a chain with nothing in it, instead of an alert. */
if (!BUF_MEM_grow_clean(s->init_buf, l)) {
OPENSSL_PUT_ERROR(SSL, ssl3_output_cert_chain, ERR_R_BUF_LIB);
return 0;
}
} else if (!ssl_add_cert_chain(s, cpk, &l)) {
return 0;
}
l -= 3 + SSL_HM_HEADER_LENGTH(s);
p = ssl_handshake_start(s);
l2n3(l, p);
l += 3;
return ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
}
int tls_construct_finished(SSL *s, const char *sender, int slen)
{
unsigned char *p;
int i;
unsigned long l;
p = ssl_handshake_start(s);
i = s->method->ssl3_enc->final_finish_mac(s,
sender, slen,
s->s3->tmp.finish_md);
if (i <= 0)
return 0;
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
l = i;
/*
* Copy the finished so we can use it for renegotiation checks
*/
if (!s->server) {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
s->s3->previous_client_finished_len = i;
} else {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
s->s3->previous_server_finished_len = i;
}
if (!ssl_set_handshake_header(s, SSL3_MT_FINISHED, l)) {
SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
return 0;
}
return 1;
}