int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) { uint8_t *p; int i; unsigned long l; if (s->state == a) { p = ssl_handshake_start(s); i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, s->s3->tmp.finish_md); if (i <= 0) return 0; s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); l = i; /* Copy the finished so we can use it for renegotiation checks */ if (s->type == SSL_ST_CONNECT) { OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i); s->s3->previous_client_finished_len = i; } else { OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i); s->s3->previous_server_finished_len = i; } ssl_set_handshake_header(s, SSL3_MT_FINISHED, l); s->state = b; } /* SSL3_ST_SEND_xxxxxx_HELLO_B */ return ssl_do_write(s); }
int ssl3_output_cert_chain(SSL *ssl) { uint8_t *p; unsigned long l = 3 + SSL_HM_HEADER_LENGTH(ssl); if (!ssl_add_cert_chain(ssl, &l)) { return 0; } l -= 3 + SSL_HM_HEADER_LENGTH(ssl); p = ssl_handshake_start(ssl); l2n3(l, p); l += 3; return ssl_set_handshake_header(ssl, SSL3_MT_CERTIFICATE, l); }
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) { unsigned char *p; unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s); if (!ssl_add_cert_chain(s, cpk, &l)) return 0; l -= 3 + SSL_HM_HEADER_LENGTH(s); p = ssl_handshake_start(s); l2n3(l,p); l += 3; ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l); return l + SSL_HM_HEADER_LENGTH(s); }
int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) { unsigned char *p; int i; unsigned long l; if (s->state == a) { p = ssl_handshake_start(s); i=s->method->ssl3_enc->final_finish_mac(s, sender,slen,s->s3->tmp.finish_md); if (i == 0) return 0; s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); l=i; /* Copy the finished so we can use it for renegotiation checks */ if(s->type == SSL_ST_CONNECT) { OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i); s->s3->previous_client_finished_len=i; } else { OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i); s->s3->previous_server_finished_len=i; } #ifdef OPENSSL_SYS_WIN16 /* MSVC 1.5 does not clear the top bytes of the word unless * I do this. */ l&=0xffff; #endif ssl_set_handshake_header(s, SSL3_MT_FINISHED, l); s->state=b; } /* SSL3_ST_SEND_xxxxxx_HELLO_B */ return ssl_do_write(s); }
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) { unsigned char *p; unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s); if (!ssl_add_cert_chain(s, cpk, &l)) return 0; l -= 3 + SSL_HM_HEADER_LENGTH(s); p = ssl_handshake_start(s); l2n3(l, p); l += 3; if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l)) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR); return 0; } return l + SSL_HM_HEADER_LENGTH(s); }
int ssl3_send_finished(SSL *ssl, int a, int b) { uint8_t *p; int n; if (ssl->state == a) { p = ssl_handshake_start(ssl); n = ssl->s3->enc_method->final_finish_mac(ssl, ssl->server, ssl->s3->tmp.finish_md); if (n == 0) { return 0; } ssl->s3->tmp.finish_md_len = n; memcpy(p, ssl->s3->tmp.finish_md, n); /* Log the master secret, if logging is enabled. */ if (!ssl_log_master_secret(ssl, ssl->s3->client_random, SSL3_RANDOM_SIZE, ssl->session->master_key, ssl->session->master_key_length)) { return 0; } /* Copy the finished so we can use it for renegotiation checks */ if (ssl->server) { assert(n <= EVP_MAX_MD_SIZE); memcpy(ssl->s3->previous_server_finished, ssl->s3->tmp.finish_md, n); ssl->s3->previous_server_finished_len = n; } else { assert(n <= EVP_MAX_MD_SIZE); memcpy(ssl->s3->previous_client_finished, ssl->s3->tmp.finish_md, n); ssl->s3->previous_client_finished_len = n; } if (!ssl_set_handshake_header(ssl, SSL3_MT_FINISHED, n)) { return 0; } ssl->state = b; } /* SSL3_ST_SEND_xxxxxx_HELLO_B */ return ssl_do_write(ssl); }
int ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) { uint8_t *p; unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s); if (cpk == NULL) { /* TLSv1 sends a chain with nothing in it, instead of an alert. */ if (!BUF_MEM_grow_clean(s->init_buf, l)) { OPENSSL_PUT_ERROR(SSL, ssl3_output_cert_chain, ERR_R_BUF_LIB); return 0; } } else if (!ssl_add_cert_chain(s, cpk, &l)) { return 0; } l -= 3 + SSL_HM_HEADER_LENGTH(s); p = ssl_handshake_start(s); l2n3(l, p); l += 3; return ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l); }
int tls_construct_finished(SSL *s, const char *sender, int slen) { unsigned char *p; int i; unsigned long l; p = ssl_handshake_start(s); i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, s->s3->tmp.finish_md); if (i <= 0) return 0; s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); l = i; /* * Copy the finished so we can use it for renegotiation checks */ if (!s->server) { OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i); s->s3->previous_client_finished_len = i; } else { OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i); s->s3->previous_server_finished_len = i; } if (!ssl_set_handshake_header(s, SSL3_MT_FINISHED, l)) { SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR); return 0; } return 1; }