unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
{
WPACKET pkt;
if (!WPACKET_init(&pkt, s->init_buf)) {
/* Should not happen */
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
goto err;
}
if (!ssl_set_handshake_header2(s, &pkt, SSL3_MT_CERTIFICATE)
|| !WPACKET_start_sub_packet_u24(&pkt)) {
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
goto err;
}
if (!ssl_add_cert_chain(s, &pkt, cpk))
goto err;
if (!WPACKET_close(&pkt) || !ssl_close_construct_packet(s, &pkt)) {
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
goto err;
}
return 1;
err:
WPACKET_cleanup(&pkt);
return 0;
}
unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
{
if (!WPACKET_start_sub_packet_u24(pkt)
|| !ssl_add_cert_chain(s, pkt, cpk)
|| !WPACKET_close(pkt)) {
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
return 0;
}
return 1;
}
int tls13_prepare_certificate(SSL *ssl) {
CBB cbb, body;
if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE) ||
/* The request context is always empty in the handshake. */
!CBB_add_u8(&body, 0) ||
!ssl_add_cert_chain(ssl, &body) ||
!ssl->method->finish_message(ssl, &cbb)) {
CBB_cleanup(&cbb);
return 0;
}
return 1;
}
int ssl3_output_cert_chain(SSL *ssl) {
uint8_t *p;
unsigned long l = 3 + SSL_HM_HEADER_LENGTH(ssl);
if (!ssl_add_cert_chain(ssl, &l)) {
return 0;
}
l -= 3 + SSL_HM_HEADER_LENGTH(ssl);
p = ssl_handshake_start(ssl);
l2n3(l, p);
l += 3;
return ssl_set_handshake_header(ssl, SSL3_MT_CERTIFICATE, l);
}
int tls13_prepare_certificate(SSL *ssl) {
CBB cbb, body, context;
if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CERTIFICATE) ||
!CBB_add_u8_length_prefixed(&body, &context) ||
!CBB_add_bytes(&context, ssl->s3->hs->cert_context,
ssl->s3->hs->cert_context_len) ||
!ssl_add_cert_chain(ssl, &body) ||
!ssl->method->finish_message(ssl, &cbb)) {
CBB_cleanup(&cbb);
return 0;
}
return 1;
}
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
{
unsigned char *p;
unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);
if (!ssl_add_cert_chain(s, cpk, &l))
return 0;
l -= 3 + SSL_HM_HEADER_LENGTH(s);
p = ssl_handshake_start(s);
l2n3(l,p);
l += 3;
ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
return l + SSL_HM_HEADER_LENGTH(s);
}
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
{
unsigned char *p;
unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);
if (!ssl_add_cert_chain(s, cpk, &l))
return 0;
l -= 3 + SSL_HM_HEADER_LENGTH(s);
p = ssl_handshake_start(s);
l2n3(l, p);
l += 3;
if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l)) {
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
return 0;
}
return l + SSL_HM_HEADER_LENGTH(s);
}
int ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) {
uint8_t *p;
unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);
if (cpk == NULL) {
/* TLSv1 sends a chain with nothing in it, instead of an alert. */
if (!BUF_MEM_grow_clean(s->init_buf, l)) {
OPENSSL_PUT_ERROR(SSL, ssl3_output_cert_chain, ERR_R_BUF_LIB);
return 0;
}
} else if (!ssl_add_cert_chain(s, cpk, &l)) {
return 0;
}
l -= 3 + SSL_HM_HEADER_LENGTH(s);
p = ssl_handshake_start(s);
l2n3(l, p);
l += 3;
return ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
}