summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2021-04-25 13:15:23 +0000
committerjsing <>2021-04-25 13:15:23 +0000
commitebe128ca73ce7d178a186b93684c8bf8577f3b80 (patch)
tree0d77df32f82a4eb3addc8531055c43c868f52f5e
parent6b7899114d6b9acd6fbc1fc2f5129bf1ca98ac1c (diff)
downloadopenbsd-ebe128ca73ce7d178a186b93684c8bf8577f3b80.tar.gz
openbsd-ebe128ca73ce7d178a186b93684c8bf8577f3b80.tar.bz2
openbsd-ebe128ca73ce7d178a186b93684c8bf8577f3b80.zip
Clean up derivation of finished/peer finished.
Make this process more readable by having specific client/server functions, calling the correct one based on s->server. This allows to remove various SSL_ST_ACCEPT/SSL_ST_CONNECT checks, along with duplicate code. ok inoguchi@ tb@
Diffstat
-rw-r--r--src/lib/libssl/Makefile3
-rw-r--r--src/lib/libssl/ssl_both.c77
-rw-r--r--src/lib/libssl/ssl_clnt.c5
-rw-r--r--src/lib/libssl/ssl_locl.h13
-rw-r--r--src/lib/libssl/ssl_pkt.c38
-rw-r--r--src/lib/libssl/ssl_srvr.c8
-rw-r--r--src/lib/libssl/t1_enc.c27
-rw-r--r--src/lib/libssl/tls12_lib.c92
8 files changed, 147 insertions, 116 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index e4ad5f36f7..d6730a5e04 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.68 2020/10/03 18:01:55 jsing Exp $ 1# $OpenBSD: Makefile,v 1.69 2021/04/25 13:15:22 jsing Exp $
2 2
3.include <bsd.own.mk> 3.include <bsd.own.mk>
4.ifndef NOMAN 4.ifndef NOMAN
@@ -67,6 +67,7 @@ SRCS= \
67 ssl_versions.c \ 67 ssl_versions.c \
68 t1_enc.c \ 68 t1_enc.c \
69 t1_lib.c \ 69 t1_lib.c \
70 tls12_lib.c \
70 tls12_record_layer.c \ 71 tls12_record_layer.c \
71 tls13_buffer.c \ 72 tls13_buffer.c \
72 tls13_client.c \ 73 tls13_client.c \
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index ad9b0ee257..fe04f809b0 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_both.c,v 1.28 2021/04/19 16:51:56 jsing Exp $ */ 1/* $OpenBSD: ssl_both.c,v 1.29 2021/04/25 13:15:22 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -164,42 +164,39 @@ ssl3_do_write(SSL *s, int type)
164} 164}
165 165
166int 166int
167ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) 167ssl3_send_finished(SSL *s, int state_a, int state_b)
168{ 168{
169 CBB cbb, finished; 169 CBB cbb, finished;
170 int md_len;
171 170
172 memset(&cbb, 0, sizeof(cbb)); 171 memset(&cbb, 0, sizeof(cbb));
173 172
174 if (S3I(s)->hs.state == a) { 173 if (S3I(s)->hs.state == state_a) {
175 md_len = TLS1_FINISH_MAC_LENGTH; 174 if (!tls12_derive_finished(s))
176 OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); 175 goto err;
177
178 if (tls1_final_finish_mac(s, sender, slen,
179 S3I(s)->hs.finished) != md_len)
180 return (0);
181 S3I(s)->hs.finished_len = md_len;
182 176
183 /* Copy finished so we can use it for renegotiation checks. */ 177 /* Copy finished so we can use it for renegotiation checks. */
184 if (!s->server) { 178 if (!s->server) {
185 memcpy(S3I(s)->previous_client_finished, 179 memcpy(S3I(s)->previous_client_finished,
186 S3I(s)->hs.finished, md_len); 180 S3I(s)->hs.finished, S3I(s)->hs.finished_len);
187 S3I(s)->previous_client_finished_len = md_len; 181 S3I(s)->previous_client_finished_len =
182 S3I(s)->hs.finished_len;
188 } else { 183 } else {
189 memcpy(S3I(s)->previous_server_finished, 184 memcpy(S3I(s)->previous_server_finished,
190 S3I(s)->hs.finished, md_len); 185 S3I(s)->hs.finished, S3I(s)->hs.finished_len);
191 S3I(s)->previous_server_finished_len = md_len; 186 S3I(s)->previous_server_finished_len =
187 S3I(s)->hs.finished_len;
192 } 188 }
193 189
194 if (!ssl3_handshake_msg_start(s, &cbb, &finished, 190 if (!ssl3_handshake_msg_start(s, &cbb, &finished,
195 SSL3_MT_FINISHED)) 191 SSL3_MT_FINISHED))
196 goto err; 192 goto err;
197 if (!CBB_add_bytes(&finished, S3I(s)->hs.finished, md_len)) 193 if (!CBB_add_bytes(&finished, S3I(s)->hs.finished,
194 S3I(s)->hs.finished_len))
198 goto err; 195 goto err;
199 if (!ssl3_handshake_msg_finish(s, &cbb)) 196 if (!ssl3_handshake_msg_finish(s, &cbb))
200 goto err; 197 goto err;
201 198
202 S3I(s)->hs.state = b; 199 S3I(s)->hs.state = state_b;
203 } 200 }
204 201
205 return (ssl3_handshake_write(s)); 202 return (ssl3_handshake_write(s));
@@ -210,36 +207,6 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
210 return (-1); 207 return (-1);
211} 208}
212 209
213/*
214 * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
215 * so far.
216 */
217static void
218ssl3_take_mac(SSL *s)
219{
220 const char *sender;
221 int slen;
222
223 /*
224 * If no new cipher setup return immediately: other functions will
225 * set the appropriate error.
226 */
227 if (S3I(s)->hs.cipher == NULL)
228 return;
229
230 if (S3I(s)->hs.state & SSL_ST_CONNECT) {
231 sender = TLS_MD_SERVER_FINISH_CONST;
232 slen = TLS_MD_SERVER_FINISH_CONST_SIZE;
233 } else {
234 sender = TLS_MD_CLIENT_FINISH_CONST;
235 slen = TLS_MD_CLIENT_FINISH_CONST_SIZE;
236 }
237
238 S3I(s)->hs.peer_finished_len =
239 tls1_final_finish_mac(s, sender, slen,
240 S3I(s)->hs.peer_finished);
241}
242
243int 210int
244ssl3_get_finished(SSL *s, int a, int b) 211ssl3_get_finished(SSL *s, int a, int b)
245{ 212{
@@ -544,10 +511,16 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
544 n -= i; 511 n -= i;
545 } 512 }
546 513
547 /* If receiving Finished, record MAC of prior handshake messages for 514 /*
548 * Finished verification. */ 515 * If receiving Finished, record MAC of prior handshake messages for
549 if (*s->internal->init_buf->data == SSL3_MT_FINISHED) 516 * Finished verification.
550 ssl3_take_mac(s); 517 */
518 if (*s->internal->init_buf->data == SSL3_MT_FINISHED) {
519 if (S3I(s)->hs.cipher != NULL) {
520 if (!tls12_derive_peer_finished(s))
521 goto err;
522 }
523 }
551 524
552 /* Feed this message into MAC computation. */ 525 /* Feed this message into MAC computation. */
553 if (s->internal->mac_packet) { 526 if (s->internal->mac_packet) {
@@ -566,7 +539,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
566 539
567 fatal_err: 540 fatal_err:
568 ssl3_send_alert(s, SSL3_AL_FATAL, al); 541 ssl3_send_alert(s, SSL3_AL_FATAL, al);
569err: 542 err:
570 *ok = 0; 543 *ok = 0;
571 return (-1); 544 return (-1);
572} 545}
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 7f69b8ba98..c129bb6d66 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.92 2021/04/21 19:27:56 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.93 2021/04/25 13:15:22 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -497,8 +497,7 @@ ssl3_connect(SSL *s)
497 if (SSL_is_dtls(s) && !s->internal->hit) 497 if (SSL_is_dtls(s) && !s->internal->hit)
498 dtls1_start_timer(s); 498 dtls1_start_timer(s);
499 ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A, 499 ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
500 SSL3_ST_CW_FINISHED_B, TLS_MD_CLIENT_FINISH_CONST, 500 SSL3_ST_CW_FINISHED_B);
501 TLS_MD_CLIENT_FINISH_CONST_SIZE);
502 if (ret <= 0) 501 if (ret <= 0)
503 goto end; 502 goto end;
504 if (!SSL_is_dtls(s)) 503 if (!SSL_is_dtls(s))
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 27397308ef..a9cab69ee0 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.337 2021/04/21 19:27:56 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.338 2021/04/25 13:15:22 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1219,7 +1219,7 @@ int ssl3_do_write(SSL *s, int type);
1219int ssl3_send_alert(SSL *s, int level, int desc); 1219int ssl3_send_alert(SSL *s, int level, int desc);
1220int ssl3_get_req_cert_types(SSL *s, CBB *cbb); 1220int ssl3_get_req_cert_types(SSL *s, CBB *cbb);
1221long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); 1221long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
1222int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); 1222int ssl3_send_finished(SSL *s, int state_a, int state_b);
1223int ssl3_num_ciphers(void); 1223int ssl3_num_ciphers(void);
1224const SSL_CIPHER *ssl3_get_cipher(unsigned int u); 1224const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
1225const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id); 1225const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id);
@@ -1371,10 +1371,14 @@ void tls1_transcript_freeze(SSL *s);
1371void tls1_transcript_unfreeze(SSL *s); 1371void tls1_transcript_unfreeze(SSL *s);
1372int tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len); 1372int tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len);
1373 1373
1374int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
1375 const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
1376 const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
1377 const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len);
1378
1374void tls1_cleanup_key_block(SSL *s); 1379void tls1_cleanup_key_block(SSL *s);
1375int tls1_change_cipher_state(SSL *s, int which); 1380int tls1_change_cipher_state(SSL *s, int which);
1376int tls1_setup_key_block(SSL *s); 1381int tls1_setup_key_block(SSL *s);
1377int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p);
1378int tls1_generate_master_secret(SSL *s, unsigned char *out, 1382int tls1_generate_master_secret(SSL *s, unsigned char *out,
1379 unsigned char *p, int len); 1383 unsigned char *p, int len);
1380int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1384int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
@@ -1383,6 +1387,9 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1383int tls1_alert_code(int code); 1387int tls1_alert_code(int code);
1384int ssl_ok(SSL *s); 1388int ssl_ok(SSL *s);
1385 1389
1390int tls12_derive_finished(SSL *s);
1391int tls12_derive_peer_finished(SSL *s);
1392
1386int ssl_using_ecc_cipher(SSL *s); 1393int ssl_using_ecc_cipher(SSL *s);
1387int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); 1394int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
1388 1395
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index a760f90a3a..6e0cfe2102 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_pkt.c,v 1.40 2021/03/29 16:46:09 jsing Exp $ */ 1/* $OpenBSD: ssl_pkt.c,v 1.41 2021/04/25 13:15:22 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1155,13 +1155,6 @@ int
1155ssl3_do_change_cipher_spec(SSL *s) 1155ssl3_do_change_cipher_spec(SSL *s)
1156{ 1156{
1157 int i; 1157 int i;
1158 const char *sender;
1159 int slen;
1160
1161 if (S3I(s)->hs.state & SSL_ST_ACCEPT)
1162 i = SSL3_CHANGE_CIPHER_SERVER_READ;
1163 else
1164 i = SSL3_CHANGE_CIPHER_CLIENT_READ;
1165 1158
1166 if (S3I(s)->hs.tls12.key_block == NULL) { 1159 if (S3I(s)->hs.tls12.key_block == NULL) {
1167 if (s->session == NULL || s->session->master_key_length == 0) { 1160 if (s->session == NULL || s->session->master_key_length == 0) {
@@ -1175,27 +1168,20 @@ ssl3_do_change_cipher_spec(SSL *s)
1175 return (0); 1168 return (0);
1176 } 1169 }
1177 1170
1171 if (S3I(s)->hs.state & SSL_ST_ACCEPT)
1172 i = SSL3_CHANGE_CIPHER_SERVER_READ;
1173 else
1174 i = SSL3_CHANGE_CIPHER_CLIENT_READ;
1175
1178 if (!tls1_change_cipher_state(s, i)) 1176 if (!tls1_change_cipher_state(s, i))
1179 return (0); 1177 return (0);
1180 1178
1181 /* we have to record the message digest at 1179 /*
1182 * this point so we can get it before we read 1180 * We have to record the message digest at this point so we can get it
1183 * the finished message */ 1181 * before we read the finished message.
1184 if (S3I(s)->hs.state & SSL_ST_CONNECT) { 1182 */
1185 sender = TLS_MD_SERVER_FINISH_CONST; 1183 if (!tls12_derive_peer_finished(s))
1186 slen = TLS_MD_SERVER_FINISH_CONST_SIZE; 1184 return (0);
1187 } else {
1188 sender = TLS_MD_CLIENT_FINISH_CONST;
1189 slen = TLS_MD_CLIENT_FINISH_CONST_SIZE;
1190 }
1191
1192 i = tls1_final_finish_mac(s, sender, slen,
1193 S3I(s)->hs.peer_finished);
1194 if (i == 0) {
1195 SSLerror(s, ERR_R_INTERNAL_ERROR);
1196 return 0;
1197 }
1198 S3I(s)->hs.peer_finished_len = i;
1199 1185
1200 return (1); 1186 return (1);
1201} 1187}
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index c85a25158f..2c15081f45 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.103 2021/04/21 19:27:56 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.104 2021/04/25 13:15:22 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -666,10 +666,8 @@ ssl3_accept(SSL *s)
666 666
667 case SSL3_ST_SW_FINISHED_A: 667 case SSL3_ST_SW_FINISHED_A:
668 case SSL3_ST_SW_FINISHED_B: 668 case SSL3_ST_SW_FINISHED_B:
669 ret = ssl3_send_finished(s, 669 ret = ssl3_send_finished(s, SSL3_ST_SW_FINISHED_A,
670 SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B, 670 SSL3_ST_SW_FINISHED_B);
671 TLS_MD_SERVER_FINISH_CONST,
672 TLS_MD_SERVER_FINISH_CONST_SIZE);
673 if (ret <= 0) 671 if (ret <= 0)
674 goto end; 672 goto end;
675 S3I(s)->hs.state = SSL3_ST_SW_FLUSH; 673 S3I(s)->hs.state = SSL3_ST_SW_FLUSH;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 6b3d40d8ec..3f93bcecf5 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.138 2021/04/19 17:26:39 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.139 2021/04/25 13:15:22 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -144,11 +144,6 @@
144#include <openssl/hmac.h> 144#include <openssl/hmac.h>
145#include <openssl/md5.h> 145#include <openssl/md5.h>
146 146
147int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
148 const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
149 const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
150 const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len);
151
152void 147void
153tls1_cleanup_key_block(SSL *s) 148tls1_cleanup_key_block(SSL *s)
154{ 149{
@@ -471,26 +466,6 @@ tls1_setup_key_block(SSL *s)
471} 466}
472 467
473int 468int
474tls1_final_finish_mac(SSL *s, const char *str, int str_len, unsigned char *out)
475{
476 unsigned char buf[EVP_MAX_MD_SIZE];
477 size_t hash_len;
478
479 if (str_len < 0)
480 return 0;
481
482 if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len))
483 return 0;
484
485 if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length,
486 str, str_len, buf, hash_len, NULL, 0, NULL, 0, NULL, 0,
487 out, TLS1_FINISH_MAC_LENGTH))
488 return 0;
489
490 return TLS1_FINISH_MAC_LENGTH;
491}
492
493int
494tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, 469tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
495 int len) 470 int len)
496{ 471{
diff --git a/src/lib/libssl/tls12_lib.c b/src/lib/libssl/tls12_lib.c
new file mode 100644
index 0000000000..520f41678d
--- /dev/null
+++ b/src/lib/libssl/tls12_lib.c
@@ -0,0 +1,92 @@
1/* $OpenBSD: tls12_lib.c,v 1.1 2021/04/25 13:15:23 jsing Exp $ */
2/*
3 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include "ssl_locl.h"
19
20static int
21tls12_finished_verify_data(SSL *s, const char *finished_label,
22 size_t finished_label_len, uint8_t *verify_data, size_t verify_data_len,
23 size_t *out_len)
24{
25 uint8_t transcript_hash[EVP_MAX_MD_SIZE];
26 size_t transcript_hash_len;
27
28 *out_len = 0;
29
30 if (verify_data_len < TLS1_FINISH_MAC_LENGTH)
31 return 0;
32
33 if (!tls1_transcript_hash_value(s, transcript_hash,
34 sizeof(transcript_hash), &transcript_hash_len))
35 return 0;
36
37 if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length,
38 finished_label, finished_label_len, transcript_hash,
39 transcript_hash_len, NULL, 0, NULL, 0, NULL, 0, verify_data,
40 TLS1_FINISH_MAC_LENGTH))
41 return 0;
42
43 *out_len = TLS1_FINISH_MAC_LENGTH;
44
45 return 1;
46}
47
48static int
49tls12_client_finished_verify_data(SSL *s, uint8_t *verify_data,
50 size_t verify_data_len, size_t *out_len)
51{
52 return tls12_finished_verify_data(s, TLS_MD_CLIENT_FINISH_CONST,
53 TLS_MD_CLIENT_FINISH_CONST_SIZE, verify_data, verify_data_len,
54 out_len);
55}
56
57static int
58tls12_server_finished_verify_data(SSL *s, uint8_t *verify_data,
59 size_t verify_data_len, size_t *out_len)
60{
61 return tls12_finished_verify_data(s, TLS_MD_SERVER_FINISH_CONST,
62 TLS_MD_SERVER_FINISH_CONST_SIZE, verify_data, verify_data_len,
63 out_len);
64}
65
66int
67tls12_derive_finished(SSL *s)
68{
69 if (!s->server) {
70 return tls12_client_finished_verify_data(s,
71 S3I(s)->hs.finished, sizeof(S3I(s)->hs.finished),
72 &S3I(s)->hs.finished_len);
73 } else {
74 return tls12_server_finished_verify_data(s,
75 S3I(s)->hs.finished, sizeof(S3I(s)->hs.finished),
76 &S3I(s)->hs.finished_len);
77 }
78}
79
80int
81tls12_derive_peer_finished(SSL *s)
82{
83 if (s->server) {
84 return tls12_client_finished_verify_data(s,
85 S3I(s)->hs.peer_finished, sizeof(S3I(s)->hs.peer_finished),
86 &S3I(s)->hs.peer_finished_len);
87 } else {
88 return tls12_server_finished_verify_data(s,
89 S3I(s)->hs.peer_finished, sizeof(S3I(s)->hs.peer_finished),
90 &S3I(s)->hs.peer_finished_len);
91 }
92}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 16:19:19 +0000