Home | History | Annotate | Download | only in ssl

Lines Matching refs:ssl

4  * This package is an SSL implementation written
6  * The implementation was written so as to conform with Netscapes SSL.
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
113 #include <openssl/ssl.h>
133 /* ssl3_do_write sends |ssl->init_buf| in records of type 'type'
136 int ssl3_do_write(SSL *ssl, int type) {
139   n = ssl3_write_bytes(ssl, type, &ssl->init_buf->data[ssl->init_off],
140                        ssl->init_num);
145   if (n == ssl->init_num) {
146     if (ssl->msg_callback) {
147       ssl->msg_callback(1, ssl->version, type, ssl->init_buf->data,
148                       (size_t)(ssl->init_off + ssl->init_num), ssl,
149                       ssl->msg_callback_arg);
154   ssl->init_off += n;
155   ssl->init_num -= n;
159 int ssl3_send_finished(SSL *ssl, int a, int b, const char *sender, int slen) {
163   if (ssl->state == a) {
164     p = ssl_handshake_start(ssl);
166     n = ssl->enc_method->final_finish_mac(ssl, sender, slen,
167                                           ssl->s3->tmp.finish_md);
171     ssl->s3->tmp.finish_md_len = n;
172     memcpy(p, ssl->s3->tmp.finish_md, n);
175     if (!ssl_log_master_secret(ssl, ssl->s3->client_random, SSL3_RANDOM_SIZE,
176                                ssl->session->master_key,
177                                ssl->session->master_key_length)) {
182     if (ssl->server) {
184       memcpy(ssl->s3->previous_server_finished, ssl->s3->tmp.finish_md, n);
185       ssl->s3->previous_server_finished_len = n;
188       memcpy(ssl->s3->previous_client_finished, ssl->s3->tmp.finish_md, n);
189       ssl->s3->previous_client_finished_len = n;
192     if (!ssl_set_handshake_header(ssl, SSL3_MT_FINISHED, n)) {
195     ssl->state = b;
199   return ssl_do_write(ssl);
204 static void ssl3_take_mac(SSL *ssl) {
210   if (ssl->s3->tmp.new_cipher == NULL) {
214   if (ssl->state & SSL_ST_CONNECT) {
215     sender = ssl->enc_method->server_finished_label;
216     slen = ssl->enc_method->server_finished_label_len;
218     sender = ssl->enc_method->client_finished_label;
219     slen = ssl->enc_method->client_finished_label_len;
222   ssl->s3->tmp.peer_finish_md_len = ssl->enc_method->final_finish_mac(
223       ssl, sender, slen, ssl->s3->tmp.peer_finish_md);
226 int ssl3_get_finished(SSL *ssl, int a, int b) {
231   message_len = ssl->method->ssl_get_message(
232       ssl, a, b, SSL3_MT_FINISHED, EVP_MAX_MD_SIZE, ssl_dont_hash_message, &ok);
239   ssl3_take_mac(ssl);
240   if (!ssl3_hash_current_message(ssl)) {
244   p = ssl->init_msg;
245   finished_len = ssl->s3->tmp.peer_finish_md_len;
249     OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_DIGEST_LENGTH);
253   if (CRYPTO_memcmp(p, ssl->s3->tmp.peer_finish_md, finished_len) != 0) {
255     OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
260   if (ssl->server) {
262     memcpy(ssl->s3->previous_client_finished, ssl->s3->tmp.peer_finish_md,
264     ssl->s3->previous_client_finished_len = finished_len;
267     memcpy(ssl->s3->previous_server_finished, ssl->s3->tmp.peer_finish_md,
269     ssl->s3->previous_server_finished_len = finished_len;
275   ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
281  * ssl->enc_read_ctx      re-init
282  * ssl->s3->read_sequence   zero
283  * ssl->s3->read_mac_secret   re-init
284  * ssl->session->read_sym_enc   assign
285  * ssl->session->read_compression assign
286  * ssl->session->read_hash    assign */
287 int ssl3_send_change_cipher_spec(SSL *ssl, int a, int b) {
288   if (ssl->state == a) {
289     *((uint8_t *)ssl->init_buf->data) = SSL3_MT_CCS;
290     ssl->init_num = 1;
291     ssl->init_off = 0;
293     ssl->state = b;
297   return ssl3_do_write(ssl, SSL3_RT_CHANGE_CIPHER_SPEC);
300 int ssl3_output_cert_chain(SSL *ssl) {
302   unsigned long l = 3 + SSL_HM_HEADER_LENGTH(ssl);
304   if (!ssl_add_cert_chain(ssl, &l)) {
308   l -= 3 + SSL_HM_HEADER_LENGTH(ssl);
309   p = ssl_handshake_start(ssl);
312   return ssl_set_handshake_header(ssl, SSL3_MT_CERTIFICATE, l);
319 long ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type,
326   if (ssl->s3->tmp.reuse_message) {
331     ssl->s3->tmp.reuse_message = 0;
332     if (msg_type >= 0 && ssl->s3->tmp.message_type != msg_type) {
334       OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
338     ssl->state = body_state;
339     ssl->init_msg = (uint8_t *)ssl->init_buf->data + 4;
340     ssl->init_num = (int)ssl->s3->tmp.message_size;
341     return ssl->init_num;
344   p = (uint8_t *)ssl->init_buf->data;
346   if (ssl->state == header_state) {
347     assert(ssl->init_num < 4);
350       while (ssl->init_num < 4) {
352             ssl, SSL3_RT_HANDSHAKE, &p[ssl->init_num], 4 - ssl->init_num, 0);
357         ssl->init_num += bytes_read;
361       if (ssl->server || memcmp(p, kHelloRequest, sizeof(kHelloRequest)) != 0) {
368       ssl->init_num = 0;
370       if (ssl->msg_callback) {
371         ssl->msg_callback(0, ssl->version, SSL3_RT_HANDSHAKE, p, 4, ssl,
372                         ssl->msg_callback_arg);
376     /* ssl->init_num == 4 */
380       OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
383     ssl->s3->tmp.message_type = *(p++);
388       OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE);
392     if (l && !BUF_MEM_grow_clean(ssl->init_buf, l + 4)) {
393       OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB);
396     ssl->s3->tmp.message_size = l;
397     ssl->state = body_state;
399     ssl->init_msg = (uint8_t *)ssl->init_buf->data + 4;
400     ssl->init_num = 0;
404   p = ssl->init_msg;
405   n = ssl->s3->tmp.message_size - ssl->init_num;
408         ssl3_read_bytes(ssl, SSL3_RT_HANDSHAKE, &p[ssl->init_num], n, 0);
410       ssl->rwstate = SSL_READING;
414     ssl->init_num += bytes_read;
419   if (hash_message == ssl_hash_message && !ssl3_hash_current_message(ssl)) {
422   if (ssl->msg_callback) {
423     ssl->msg_callback(0, ssl->version, SSL3_RT_HANDSHAKE, ssl->init_buf->data,
424                     (size_t)ssl->init_num + 4, ssl, ssl->msg_callback_arg);
427   return ssl->init_num;
430   ssl3_send_alert(ssl, SSL3_AL_FATAL, al);
437 int ssl3_hash_current_message(SSL *ssl) {
440   size_t header_len = ssl->init_msg - (uint8_t *)ssl->init_buf->data;
441   return ssl3_update_handshake_hash(ssl, (uint8_t *)ssl->init_buf->data,
442                                     ssl->init_num + header_len);
450 int ssl3_cert_verify_hash(SSL *ssl, uint8_t *out, size_t *out_len,
455   if (SSL_USE_SIGALGS(ssl)) {
461         !EVP_DigestUpdate(&mctx, ssl->s3->handshake_buffer->data,
462                           ssl->s3->handshake_buffer->length) ||
464       OPENSSL_PUT_ERROR(SSL
470     if (ssl->enc_method->cert_verify_mac(ssl, NID_md5, out) == 0 ||
471         ssl->enc_method->cert_verify_mac(ssl, NID_sha1,
478     if (ssl->enc_method->cert_verify_mac(ssl, NID_sha1, out) == 0) {
484     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);