Exemplo n.º 1
0
int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
{
    uint8_t *p;
    int i;
    unsigned long l;

    if (s->state == a) {
        p = ssl_handshake_start(s);

        i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
                                                  s->s3->tmp.finish_md);
        if (i <= 0)
            return 0;
        s->s3->tmp.finish_md_len = i;
        memcpy(p, s->s3->tmp.finish_md, i);
        l = i;

        /* Copy the finished so we can use it for renegotiation checks */
        if (s->type == SSL_ST_CONNECT) {
            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
            memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
            s->s3->previous_client_finished_len = i;
        } else {
            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
            memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
            s->s3->previous_server_finished_len = i;
        }
 
        ssl_set_handshake_header(s, SSL3_MT_FINISHED, l);
        s->state = b;
    }

    /* SSL3_ST_SEND_xxxxxx_HELLO_B */
    return ssl_do_write(s);
}
Exemplo n.º 2
0
int ssl3_output_cert_chain(SSL *ssl) {
  uint8_t *p;
  unsigned long l = 3 + SSL_HM_HEADER_LENGTH(ssl);

  if (!ssl_add_cert_chain(ssl, &l)) {
    return 0;
  }

  l -= 3 + SSL_HM_HEADER_LENGTH(ssl);
  p = ssl_handshake_start(ssl);
  l2n3(l, p);
  l += 3;
  return ssl_set_handshake_header(ssl, SSL3_MT_CERTIFICATE, l);
}
Exemplo n.º 3
0
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
	{
	unsigned char *p;
	unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);

	if (!ssl_add_cert_chain(s, cpk, &l))
		return 0;

	l -= 3 + SSL_HM_HEADER_LENGTH(s);
	p = ssl_handshake_start(s);
	l2n3(l,p);
	l += 3;
	ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
	return l + SSL_HM_HEADER_LENGTH(s);
	}
Exemplo n.º 4
0
int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
	{
	unsigned char *p;
	int i;
	unsigned long l;

	if (s->state == a)
		{
		p = ssl_handshake_start(s);

		i=s->method->ssl3_enc->final_finish_mac(s,
			sender,slen,s->s3->tmp.finish_md);
		if (i == 0)
			return 0;
		s->s3->tmp.finish_md_len = i;
		memcpy(p, s->s3->tmp.finish_md, i);
		l=i;

                /* Copy the finished so we can use it for
                   renegotiation checks */
                if(s->type == SSL_ST_CONNECT)
                        {
                         OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
                         memcpy(s->s3->previous_client_finished, 
                             s->s3->tmp.finish_md, i);
                         s->s3->previous_client_finished_len=i;
                        }
                else
                        {
                        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
                        memcpy(s->s3->previous_server_finished, 
                            s->s3->tmp.finish_md, i);
                        s->s3->previous_server_finished_len=i;
                        }

#ifdef OPENSSL_SYS_WIN16
		/* MSVC 1.5 does not clear the top bytes of the word unless
		 * I do this.
		 */
		l&=0xffff;
#endif
		ssl_set_handshake_header(s, SSL3_MT_FINISHED, l);
		s->state=b;
		}

	/* SSL3_ST_SEND_xxxxxx_HELLO_B */
	return ssl_do_write(s);
	}
Exemplo n.º 5
0
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk)
{
    unsigned char *p;
    unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);

    if (!ssl_add_cert_chain(s, cpk, &l))
        return 0;

    l -= 3 + SSL_HM_HEADER_LENGTH(s);
    p = ssl_handshake_start(s);
    l2n3(l, p);
    l += 3;

    if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l)) {
        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_INTERNAL_ERROR);
        return 0;
    }
    return l + SSL_HM_HEADER_LENGTH(s);
}
Exemplo n.º 6
0
int ssl3_send_finished(SSL *ssl, int a, int b) {
  uint8_t *p;
  int n;

  if (ssl->state == a) {
    p = ssl_handshake_start(ssl);

    n = ssl->s3->enc_method->final_finish_mac(ssl, ssl->server,
                                              ssl->s3->tmp.finish_md);
    if (n == 0) {
      return 0;
    }
    ssl->s3->tmp.finish_md_len = n;
    memcpy(p, ssl->s3->tmp.finish_md, n);

    /* Log the master secret, if logging is enabled. */
    if (!ssl_log_master_secret(ssl, ssl->s3->client_random, SSL3_RANDOM_SIZE,
                               ssl->session->master_key,
                               ssl->session->master_key_length)) {
      return 0;
    }

    /* Copy the finished so we can use it for renegotiation checks */
    if (ssl->server) {
      assert(n <= EVP_MAX_MD_SIZE);
      memcpy(ssl->s3->previous_server_finished, ssl->s3->tmp.finish_md, n);
      ssl->s3->previous_server_finished_len = n;
    } else {
      assert(n <= EVP_MAX_MD_SIZE);
      memcpy(ssl->s3->previous_client_finished, ssl->s3->tmp.finish_md, n);
      ssl->s3->previous_client_finished_len = n;
    }

    if (!ssl_set_handshake_header(ssl, SSL3_MT_FINISHED, n)) {
      return 0;
    }
    ssl->state = b;
  }

  /* SSL3_ST_SEND_xxxxxx_HELLO_B */
  return ssl_do_write(ssl);
}
Exemplo n.º 7
0
int ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk) {
  uint8_t *p;
  unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);

  if (cpk == NULL) {
    /* TLSv1 sends a chain with nothing in it, instead of an alert. */
    if (!BUF_MEM_grow_clean(s->init_buf, l)) {
      OPENSSL_PUT_ERROR(SSL, ssl3_output_cert_chain, ERR_R_BUF_LIB);
      return 0;
    }
  } else if (!ssl_add_cert_chain(s, cpk, &l)) {
    return 0;
  }

  l -= 3 + SSL_HM_HEADER_LENGTH(s);
  p = ssl_handshake_start(s);
  l2n3(l, p);
  l += 3;
  return ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
}
Exemplo n.º 8
0
int tls_construct_finished(SSL *s, const char *sender, int slen)
{
    unsigned char *p;
    int i;
    unsigned long l;

    p = ssl_handshake_start(s);

    i = s->method->ssl3_enc->final_finish_mac(s,
                                              sender, slen,
                                              s->s3->tmp.finish_md);
    if (i <= 0)
        return 0;
    s->s3->tmp.finish_md_len = i;
    memcpy(p, s->s3->tmp.finish_md, i);
    l = i;

    /*
     * Copy the finished so we can use it for renegotiation checks
     */
    if (!s->server) {
        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
        memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
        s->s3->previous_client_finished_len = i;
    } else {
        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
        memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
        s->s3->previous_server_finished_len = i;
    }

    if (!ssl_set_handshake_header(s, SSL3_MT_FINISHED, l)) {
        SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
        return 0;
    }

    return 1;
}