char *
be_tls_get_peer_finished(Port *port, size_t *len)
{
char dummy[1];
char *result;
/*
* OpenSSL does not offer an API to directly get the length of the
* expected TLS Finished message, so just do a dummy call to grab this
* information to allow caller to do an allocation with a correct size.
*/
*len = SSL_get_peer_finished(port->ssl, dummy, sizeof(dummy));
result = palloc(*len);
(void) SSL_get_peer_finished(port->ssl, result, *len);
return result;
}
static int
tlso_session_unique( tls_session *sess, struct berval *buf, int is_server)
{
tlso_session *s = (tlso_session *)sess;
/* Usually the client sends the finished msg. But if the
* session was resumed, the server sent the msg.
*/
if (SSL_session_reused(s) ^ !is_server)
buf->bv_len = SSL_get_finished(s, buf->bv_val, buf->bv_len);
else
buf->bv_len = SSL_get_peer_finished(s, buf->bv_val, buf->bv_len);
return buf->bv_len;
}
/**
* Gets the latest "Finished" message received.
*/
static int meth_getpeerfinished(lua_State *L)
{
size_t len = 0;
char *buffer = NULL;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 0;
}
if ((len = SSL_get_peer_finished(ssl->ssl, NULL, 0)) == 0)
return 0;
buffer = (char*)malloc(len);
if (!buffer) {
lua_pushnil(L);
lua_pushstring(L, "out of memory");
return 2;
}
SSL_get_peer_finished(ssl->ssl, buffer, len);
lua_pushlstring(L, buffer, len);
free(buffer);
return 1;
}
extern "C" int32_t CryptoNative_SslGetPeerFinished(SSL* ssl, void* buf, int32_t count)
{
size_t result = SSL_get_peer_finished(ssl, buf, size_t(count));
assert(result <= INT32_MAX);
return static_cast<int32_t>(result);
}
