Move handshake message handling functions from ssl_both.c to client/server.

Currently, ssl_both.c contains several functions that are used by both the legacy client and legacy server. This interwines the client and server, making it harder to make progressive changes. While it does deduplicate some code, it also ends up with code that is conditioned on s->server and forces the caller to pass in SSL3_ST_* values. Move these functions from ssl_both.c into ssl_clnt.c and ssl_srvr.c, renaming as appropriate and removing the s->server conditionals. Also move the client and server function prototypes from ssl_locl.h into the .c files, making them static in the process. ok tb@
author: jsing <> 2022-10-01 16:23:15 +0000
committer: jsing <> 2022-10-01 16:23:15 +0000
commit: d5e660940f76ba9fedb2400c0fa888e996ee93c9 (patch)
tree: 17355bd2c7397fbcda5912079e30abc288561c2f /src/lib/libssl/ssl_clnt.c
parent: 891337e5a26a9faa47ed08abfbaeaf58e11c669c (diff)
download: openbsd-d5e660940f76ba9fedb2400c0fa888e996ee93c9.tar.gz
openbsd-d5e660940f76ba9fedb2400c0fa888e996ee93c9.tar.bz2
openbsd-d5e660940f76ba9fedb2400c0fa888e996ee93c9.zip
1 files changed, 172 insertions, 22 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 0e50285898..8b2f209a79 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.153 2022/08/17 07:39:19 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.154 2022/10/01 16:23:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -176,6 +176,25 @@
 static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);
+static int ssl3_send_client_hello(SSL *s);
+static int ssl3_get_dtls_hello_verify(SSL *s);
+static int ssl3_get_server_hello(SSL *s);
+static int ssl3_get_certificate_request(SSL *s);
+static int ssl3_get_new_session_ticket(SSL *s);
+static int ssl3_get_cert_status(SSL *s);
+static int ssl3_get_server_done(SSL *s);
+static int ssl3_send_client_verify(SSL *s);
+static int ssl3_send_client_certificate(SSL *s);
+static int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
+static int ssl3_send_client_key_exchange(SSL *s);
+static int ssl3_get_server_key_exchange(SSL *s);
+static int ssl3_get_server_certificate(SSL *s);
+static int ssl3_check_cert_and_algorithm(SSL *s);
+static int ssl3_check_finished(SSL *s);
+static int ssl3_send_client_change_cipher_spec(SSL *s);
+static int ssl3_send_client_finished(SSL *s);
+static int ssl3_get_server_finished(SSL *s);
 int
 ssl3_connect(SSL *s)
 {
@@ -469,8 +488,7 @@ ssl3_connect(SSL *s)
                case SSL3_ST_CW_CHANGE_B:
                        if (SSL_is_dtls(s) && !s->internal->hit)
                                dtls1_start_timer(s);
-                        ret = ssl3_send_change_cipher_spec(s,
+                        ret = ssl3_send_client_change_cipher_spec(s);
-                            SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
                        if (ret <= 0)
                                goto end;
@@ -492,8 +510,7 @@ ssl3_connect(SSL *s)
                case SSL3_ST_CW_FINISHED_B:
                        if (SSL_is_dtls(s) && !s->internal->hit)
                                dtls1_start_timer(s);
-                        ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
+                        ret = ssl3_send_client_finished(s);
-                            SSL3_ST_CW_FINISHED_B);
                        if (ret <= 0)
                                goto end;
                        if (!SSL_is_dtls(s))
@@ -539,8 +556,7 @@ ssl3_connect(SSL *s)
                                s->d1->change_cipher_spec_ok = 1;
                        else
                                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-                        ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
+                        ret = ssl3_get_server_finished(s);
-                            SSL3_ST_CR_FINISHED_B);
                        if (ret <= 0)
                                goto end;
                        if (SSL_is_dtls(s))
@@ -640,7 +656,7 @@ ssl3_connect(SSL *s)
        return (ret);
 }
-int
+static int
 ssl3_send_client_hello(SSL *s)
 {
        CBB cbb, client_hello, session_id, cookie, cipher_suites;
@@ -752,7 +768,7 @@ ssl3_send_client_hello(SSL *s)
        return (-1);
 }
-int
+static int
 ssl3_get_dtls_hello_verify(SSL *s)
 {
        CBS hello_verify_request, cookie;
@@ -813,7 +829,7 @@ ssl3_get_dtls_hello_verify(SSL *s)
        return -1;
 }
-int
+static int
 ssl3_get_server_hello(SSL *s)
 {
        CBS cbs, server_random, session_id;
@@ -1083,7 +1099,7 @@ ssl3_get_server_hello(SSL *s)
        return (-1);
 }
-int
+static int
 ssl3_get_server_certificate(SSL *s)
 {
        CBS cbs, cert_list, cert_data;
@@ -1280,7 +1296,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs)
        return 0;
 }
-int
+static int
 ssl3_get_server_key_exchange(SSL *s)
 {
        CBS cbs, signature;
@@ -1428,7 +1444,7 @@ ssl3_get_server_key_exchange(SSL *s)
        return (-1);
 }
-int
+static int
 ssl3_get_certificate_request(SSL *s)
 {
        CBS cert_request, cert_types, rdn_list;
@@ -1572,7 +1588,7 @@ ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
        return (X509_NAME_cmp(*a, *b));
 }
-int
+static int
 ssl3_get_new_session_ticket(SSL *s)
 {
        uint32_t lifetime_hint;
@@ -1647,7 +1663,7 @@ ssl3_get_new_session_ticket(SSL *s)
        return (-1);
 }
-int
+static int
 ssl3_get_cert_status(SSL *s)
 {
        CBS cert_status, response;
@@ -1748,7 +1764,7 @@ ssl3_get_cert_status(SSL *s)
        return (-1);
 }
-int
+static int
 ssl3_get_server_done(SSL *s)
 {
        int ret;
@@ -2024,7 +2040,7 @@ ssl3_send_client_kex_gost(SSL *s, CBB *cbb)
        return ret;
 }
-int
+static int
 ssl3_send_client_key_exchange(SSL *s)
 {
        unsigned long alg_k;
@@ -2283,7 +2299,7 @@ ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
 }
 #endif
-int
+static int
 ssl3_send_client_verify(SSL *s)
 {
        const struct ssl_sigalg *sigalg;
@@ -2345,7 +2361,7 @@ ssl3_send_client_verify(SSL *s)
        return (-1);
 }
-int
+static int
 ssl3_send_client_certificate(SSL *s)
 {
        EVP_PKEY *pkey = NULL;
@@ -2423,7 +2439,7 @@ ssl3_send_client_certificate(SSL *s)
 #define has_bits(i,m)   (((i)&(m)) == (m))
-int
+static int
 ssl3_check_cert_and_algorithm(SSL *s)
 {
        long alg_k, alg_a;
@@ -2481,7 +2497,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
 * session tickets we have to check the next message to be sure.
 */
-int
+static int
 ssl3_check_finished(SSL *s)
 {
        int ret;
@@ -2503,7 +2519,7 @@ ssl3_check_finished(SSL *s)
        return (1);
 }
-int
+static int
 ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
 {
        int     i = 0;
@@ -2521,3 +2537,137 @@ ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
                i = s->ctx->internal->client_cert_cb(s, px509, ppkey);
        return (i);
 }
+static int
+ssl3_send_client_change_cipher_spec(SSL *s)
+{
+        size_t outlen;
+        CBB cbb;
+        memset(&cbb, 0, sizeof(cbb));
+        if (s->s3->hs.state == SSL3_ST_CW_CHANGE_A) {
+                if (!CBB_init_fixed(&cbb, s->internal->init_buf->data,
+                    s->internal->init_buf->length))
+                        goto err;
+                if (!CBB_add_u8(&cbb, SSL3_MT_CCS))
+                        goto err;
+                if (!CBB_finish(&cbb, NULL, &outlen))
+                        goto err;
+                if (outlen > INT_MAX)
+                        goto err;
+                s->internal->init_num = (int)outlen;
+                s->internal->init_off = 0;
+                if (SSL_is_dtls(s)) {
+                        s->d1->handshake_write_seq =
+                            s->d1->next_handshake_write_seq;
+                        dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
+                            s->d1->handshake_write_seq, 0, 0);
+                        dtls1_buffer_message(s, 1);
+                }
+                s->s3->hs.state = SSL3_ST_CW_CHANGE_B;
+        }
+        /* SSL3_ST_CW_CHANGE_B */
+        return ssl3_record_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
+ err:
+        CBB_cleanup(&cbb);
+        return -1;
+}
+static int
+ssl3_send_client_finished(SSL *s)
+{
+        CBB cbb, finished;
+        memset(&cbb, 0, sizeof(cbb));
+        if (s->s3->hs.state == SSL3_ST_CW_FINISHED_A) {
+                if (!tls12_derive_finished(s))
+                        goto err;
+                /* Copy finished so we can use it for renegotiation checks. */
+                memcpy(s->s3->previous_client_finished,
+                    s->s3->hs.finished, s->s3->hs.finished_len);
+                s->s3->previous_client_finished_len =
+                    s->s3->hs.finished_len;
+                if (!ssl3_handshake_msg_start(s, &cbb, &finished,
+                    SSL3_MT_FINISHED))
+                        goto err;
+                if (!CBB_add_bytes(&finished, s->s3->hs.finished,
+                    s->s3->hs.finished_len))
+                        goto err;
+                if (!ssl3_handshake_msg_finish(s, &cbb))
+                        goto err;
+                s->s3->hs.state = SSL3_ST_CW_FINISHED_B;
+        }
+        return (ssl3_handshake_write(s));
+ err:
+        CBB_cleanup(&cbb);
+        return (-1);
+}
+static int
+ssl3_get_server_finished(SSL *s)
+{
+        int al, md_len, ret;
+        CBS cbs;
+        /* should actually be 36+4 :-) */
+        if ((ret = ssl3_get_message(s, SSL3_ST_CR_FINISHED_A,
+            SSL3_ST_CR_FINISHED_B, SSL3_MT_FINISHED, 64)) <= 0)
+                return ret;
+        /* If this occurs, we have missed a message */
+        if (!s->s3->change_cipher_spec) {
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
+                goto fatal_err;
+        }
+        s->s3->change_cipher_spec = 0;
+        md_len = TLS1_FINISH_MAC_LENGTH;
+        if (s->internal->init_num < 0) {
+                al = SSL_AD_DECODE_ERROR;
+                SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
+                goto fatal_err;
+        }
+        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
+        if (s->s3->hs.peer_finished_len != md_len ||
+            CBS_len(&cbs) != md_len) {
+                al = SSL_AD_DECODE_ERROR;
+                SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
+                goto fatal_err;
+        }
+        if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) {
+                al = SSL_AD_DECRYPT_ERROR;
+                SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
+                goto fatal_err;
+        }
+        /* Copy finished so we can use it for renegotiation checks. */
+        OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
+        memcpy(s->s3->previous_server_finished,
+            s->s3->hs.peer_finished, md_len);
+        s->s3->previous_server_finished_len = md_len;
+        return (1);
+ fatal_err:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        return (0);
+}
author	jsing <>	2022-10-01 16:23:15 +0000
committer	jsing <>	2022-10-01 16:23:15 +0000
commit	d5e660940f76ba9fedb2400c0fa888e996ee93c9 (patch)
tree	17355bd2c7397fbcda5912079e30abc288561c2f /src/lib/libssl/ssl_clnt.c
parent	891337e5a26a9faa47ed08abfbaeaf58e11c669c (diff)
download	openbsd-d5e660940f76ba9fedb2400c0fa888e996ee93c9.tar.gz openbsd-d5e660940f76ba9fedb2400c0fa888e996ee93c9.tar.bz2 openbsd-d5e660940f76ba9fedb2400c0fa888e996ee93c9.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 0e50285898..8b2f209a79 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.153 2022/08/17 07:39:19 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.154 2022/10/01 16:23:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -176,6 +176,25 @@
176		176
177	static int ca_dn_cmp(const X509_NAME * const a, const X509_NAME const *b);	177	static int ca_dn_cmp(const X509_NAME * const a, const X509_NAME const *b);
178		178
		179	static int ssl3_send_client_hello(SSL *s);
		180	static int ssl3_get_dtls_hello_verify(SSL *s);
		181	static int ssl3_get_server_hello(SSL *s);
		182	static int ssl3_get_certificate_request(SSL *s);
		183	static int ssl3_get_new_session_ticket(SSL *s);
		184	static int ssl3_get_cert_status(SSL *s);
		185	static int ssl3_get_server_done(SSL *s);
		186	static int ssl3_send_client_verify(SSL *s);
		187	static int ssl3_send_client_certificate(SSL *s);
		188	static int ssl_do_client_cert_cb(SSL s, X509 px509, EVP_PKEY *ppkey);
		189	static int ssl3_send_client_key_exchange(SSL *s);
		190	static int ssl3_get_server_key_exchange(SSL *s);
		191	static int ssl3_get_server_certificate(SSL *s);
		192	static int ssl3_check_cert_and_algorithm(SSL *s);
		193	static int ssl3_check_finished(SSL *s);
		194	static int ssl3_send_client_change_cipher_spec(SSL *s);
		195	static int ssl3_send_client_finished(SSL *s);
		196	static int ssl3_get_server_finished(SSL *s);
		197
179	int	198	int
180	ssl3_connect(SSL *s)	199	ssl3_connect(SSL *s)
181	{	200	{
@@ -469,8 +488,7 @@ ssl3_connect(SSL *s)
469	case SSL3_ST_CW_CHANGE_B:	488	case SSL3_ST_CW_CHANGE_B:
470	if (SSL_is_dtls(s) && !s->internal->hit)	489	if (SSL_is_dtls(s) && !s->internal->hit)
471	dtls1_start_timer(s);	490	dtls1_start_timer(s);
472	ret = ssl3_send_change_cipher_spec(s,	491	ret = ssl3_send_client_change_cipher_spec(s);
473	SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
474	if (ret <= 0)	492	if (ret <= 0)
475	goto end;	493	goto end;
476		494
@@ -492,8 +510,7 @@ ssl3_connect(SSL *s)
492	case SSL3_ST_CW_FINISHED_B:	510	case SSL3_ST_CW_FINISHED_B:
493	if (SSL_is_dtls(s) && !s->internal->hit)	511	if (SSL_is_dtls(s) && !s->internal->hit)
494	dtls1_start_timer(s);	512	dtls1_start_timer(s);
495	ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,	513	ret = ssl3_send_client_finished(s);
496	SSL3_ST_CW_FINISHED_B);
497	if (ret <= 0)	514	if (ret <= 0)
498	goto end;	515	goto end;
499	if (!SSL_is_dtls(s))	516	if (!SSL_is_dtls(s))
@@ -539,8 +556,7 @@ ssl3_connect(SSL *s)
539	s->d1->change_cipher_spec_ok = 1;	556	s->d1->change_cipher_spec_ok = 1;
540	else	557	else
541	s->s3->flags \|= SSL3_FLAGS_CCS_OK;	558	s->s3->flags \|= SSL3_FLAGS_CCS_OK;
542	ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,	559	ret = ssl3_get_server_finished(s);
543	SSL3_ST_CR_FINISHED_B);
544	if (ret <= 0)	560	if (ret <= 0)
545	goto end;	561	goto end;
546	if (SSL_is_dtls(s))	562	if (SSL_is_dtls(s))
@@ -640,7 +656,7 @@ ssl3_connect(SSL *s)
640	return (ret);	656	return (ret);
641	}	657	}
642		658
643	int	659	static int
644	ssl3_send_client_hello(SSL *s)	660	ssl3_send_client_hello(SSL *s)
645	{	661	{
646	CBB cbb, client_hello, session_id, cookie, cipher_suites;	662	CBB cbb, client_hello, session_id, cookie, cipher_suites;
@@ -752,7 +768,7 @@ ssl3_send_client_hello(SSL *s)
752	return (-1);	768	return (-1);
753	}	769	}
754		770
755	int	771	static int
756	ssl3_get_dtls_hello_verify(SSL *s)	772	ssl3_get_dtls_hello_verify(SSL *s)
757	{	773	{
758	CBS hello_verify_request, cookie;	774	CBS hello_verify_request, cookie;
@@ -813,7 +829,7 @@ ssl3_get_dtls_hello_verify(SSL *s)
813	return -1;	829	return -1;
814	}	830	}
815		831
816	int	832	static int
817	ssl3_get_server_hello(SSL *s)	833	ssl3_get_server_hello(SSL *s)
818	{	834	{
819	CBS cbs, server_random, session_id;	835	CBS cbs, server_random, session_id;
@@ -1083,7 +1099,7 @@ ssl3_get_server_hello(SSL *s)
1083	return (-1);	1099	return (-1);
1084	}	1100	}
1085		1101
1086	int	1102	static int
1087	ssl3_get_server_certificate(SSL *s)	1103	ssl3_get_server_certificate(SSL *s)
1088	{	1104	{
1089	CBS cbs, cert_list, cert_data;	1105	CBS cbs, cert_list, cert_data;
@@ -1280,7 +1296,7 @@ ssl3_get_server_kex_ecdhe(SSL s, CBS cbs)
1280	return 0;	1296	return 0;
1281	}	1297	}
1282		1298
1283	int	1299	static int
1284	ssl3_get_server_key_exchange(SSL *s)	1300	ssl3_get_server_key_exchange(SSL *s)
1285	{	1301	{
1286	CBS cbs, signature;	1302	CBS cbs, signature;
@@ -1428,7 +1444,7 @@ ssl3_get_server_key_exchange(SSL *s)
1428	return (-1);	1444	return (-1);
1429	}	1445	}
1430		1446
1431	int	1447	static int
1432	ssl3_get_certificate_request(SSL *s)	1448	ssl3_get_certificate_request(SSL *s)
1433	{	1449	{
1434	CBS cert_request, cert_types, rdn_list;	1450	CBS cert_request, cert_types, rdn_list;
@@ -1572,7 +1588,7 @@ ca_dn_cmp(const X509_NAME * const a, const X509_NAME const *b)
1572	return (X509_NAME_cmp(a, b));	1588	return (X509_NAME_cmp(a, b));
1573	}	1589	}
1574		1590
1575	int	1591	static int
1576	ssl3_get_new_session_ticket(SSL *s)	1592	ssl3_get_new_session_ticket(SSL *s)
1577	{	1593	{
1578	uint32_t lifetime_hint;	1594	uint32_t lifetime_hint;
@@ -1647,7 +1663,7 @@ ssl3_get_new_session_ticket(SSL *s)
1647	return (-1);	1663	return (-1);
1648	}	1664	}
1649		1665
1650	int	1666	static int
1651	ssl3_get_cert_status(SSL *s)	1667	ssl3_get_cert_status(SSL *s)
1652	{	1668	{
1653	CBS cert_status, response;	1669	CBS cert_status, response;
@@ -1748,7 +1764,7 @@ ssl3_get_cert_status(SSL *s)
1748	return (-1);	1764	return (-1);
1749	}	1765	}
1750		1766
1751	int	1767	static int
1752	ssl3_get_server_done(SSL *s)	1768	ssl3_get_server_done(SSL *s)
1753	{	1769	{
1754	int ret;	1770	int ret;
@@ -2024,7 +2040,7 @@ ssl3_send_client_kex_gost(SSL s, CBB cbb)
2024	return ret;	2040	return ret;
2025	}	2041	}
2026		2042
2027	int	2043	static int
2028	ssl3_send_client_key_exchange(SSL *s)	2044	ssl3_send_client_key_exchange(SSL *s)
2029	{	2045	{
2030	unsigned long alg_k;	2046	unsigned long alg_k;
@@ -2283,7 +2299,7 @@ ssl3_send_client_verify_gost(SSL s, EVP_PKEY pkey, CBB *cert_verify)
2283	}	2299	}
2284	#endif	2300	#endif
2285		2301
2286	int	2302	static int
2287	ssl3_send_client_verify(SSL *s)	2303	ssl3_send_client_verify(SSL *s)
2288	{	2304	{
2289	const struct ssl_sigalg *sigalg;	2305	const struct ssl_sigalg *sigalg;
@@ -2345,7 +2361,7 @@ ssl3_send_client_verify(SSL *s)
2345	return (-1);	2361	return (-1);
2346	}	2362	}
2347		2363
2348	int	2364	static int
2349	ssl3_send_client_certificate(SSL *s)	2365	ssl3_send_client_certificate(SSL *s)
2350	{	2366	{
2351	EVP_PKEY *pkey = NULL;	2367	EVP_PKEY *pkey = NULL;
@@ -2423,7 +2439,7 @@ ssl3_send_client_certificate(SSL *s)
2423		2439
2424	#define has_bits(i,m) (((i)&(m)) == (m))	2440	#define has_bits(i,m) (((i)&(m)) == (m))
2425		2441
2426	int	2442	static int
2427	ssl3_check_cert_and_algorithm(SSL *s)	2443	ssl3_check_cert_and_algorithm(SSL *s)
2428	{	2444	{
2429	long alg_k, alg_a;	2445	long alg_k, alg_a;
@@ -2481,7 +2497,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2481	* session tickets we have to check the next message to be sure.	2497	* session tickets we have to check the next message to be sure.
2482	*/	2498	*/
2483		2499
2484	int	2500	static int
2485	ssl3_check_finished(SSL *s)	2501	ssl3_check_finished(SSL *s)
2486	{	2502	{
2487	int ret;	2503	int ret;
@@ -2503,7 +2519,7 @@ ssl3_check_finished(SSL *s)
2503	return (1);	2519	return (1);
2504	}	2520	}
2505		2521
2506	int	2522	static int
2507	ssl_do_client_cert_cb(SSL s, X509 px509, EVP_PKEY *ppkey)	2523	ssl_do_client_cert_cb(SSL s, X509 px509, EVP_PKEY *ppkey)
2508	{	2524	{
2509	int i = 0;	2525	int i = 0;
@@ -2521,3 +2537,137 @@ ssl_do_client_cert_cb(SSL s, X509 px509, EVP_PKEY *ppkey)
2521	i = s->ctx->internal->client_cert_cb(s, px509, ppkey);	2537	i = s->ctx->internal->client_cert_cb(s, px509, ppkey);
2522	return (i);	2538	return (i);
2523	}	2539	}
		2540
		2541	static int
		2542	ssl3_send_client_change_cipher_spec(SSL *s)
		2543	{
		2544	size_t outlen;
		2545	CBB cbb;
		2546
		2547	memset(&cbb, 0, sizeof(cbb));
		2548
		2549	if (s->s3->hs.state == SSL3_ST_CW_CHANGE_A) {
		2550	if (!CBB_init_fixed(&cbb, s->internal->init_buf->data,
		2551	s->internal->init_buf->length))
		2552	goto err;
		2553	if (!CBB_add_u8(&cbb, SSL3_MT_CCS))
		2554	goto err;
		2555	if (!CBB_finish(&cbb, NULL, &outlen))
		2556	goto err;
		2557
		2558	if (outlen > INT_MAX)
		2559	goto err;
		2560
		2561	s->internal->init_num = (int)outlen;
		2562	s->internal->init_off = 0;
		2563
		2564	if (SSL_is_dtls(s)) {
		2565	s->d1->handshake_write_seq =
		2566	s->d1->next_handshake_write_seq;
		2567	dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
		2568	s->d1->handshake_write_seq, 0, 0);
		2569	dtls1_buffer_message(s, 1);
		2570	}
		2571
		2572	s->s3->hs.state = SSL3_ST_CW_CHANGE_B;
		2573	}
		2574
		2575	/* SSL3_ST_CW_CHANGE_B */
		2576	return ssl3_record_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
		2577
		2578	err:
		2579	CBB_cleanup(&cbb);
		2580
		2581	return -1;
		2582	}
		2583
		2584	static int
		2585	ssl3_send_client_finished(SSL *s)
		2586	{
		2587	CBB cbb, finished;
		2588
		2589	memset(&cbb, 0, sizeof(cbb));
		2590
		2591	if (s->s3->hs.state == SSL3_ST_CW_FINISHED_A) {
		2592	if (!tls12_derive_finished(s))
		2593	goto err;
		2594
		2595	/* Copy finished so we can use it for renegotiation checks. */
		2596	memcpy(s->s3->previous_client_finished,
		2597	s->s3->hs.finished, s->s3->hs.finished_len);
		2598	s->s3->previous_client_finished_len =
		2599	s->s3->hs.finished_len;
		2600
		2601	if (!ssl3_handshake_msg_start(s, &cbb, &finished,
		2602	SSL3_MT_FINISHED))
		2603	goto err;
		2604	if (!CBB_add_bytes(&finished, s->s3->hs.finished,
		2605	s->s3->hs.finished_len))
		2606	goto err;
		2607	if (!ssl3_handshake_msg_finish(s, &cbb))
		2608	goto err;
		2609
		2610	s->s3->hs.state = SSL3_ST_CW_FINISHED_B;
		2611	}
		2612
		2613	return (ssl3_handshake_write(s));
		2614
		2615	err:
		2616	CBB_cleanup(&cbb);
		2617
		2618	return (-1);
		2619	}
		2620
		2621	static int
		2622	ssl3_get_server_finished(SSL *s)
		2623	{
		2624	int al, md_len, ret;
		2625	CBS cbs;
		2626
		2627	/* should actually be 36+4 :-) */
		2628	if ((ret = ssl3_get_message(s, SSL3_ST_CR_FINISHED_A,
		2629	SSL3_ST_CR_FINISHED_B, SSL3_MT_FINISHED, 64)) <= 0)
		2630	return ret;
		2631
		2632	/* If this occurs, we have missed a message */
		2633	if (!s->s3->change_cipher_spec) {
		2634	al = SSL_AD_UNEXPECTED_MESSAGE;
		2635	SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
		2636	goto fatal_err;
		2637	}
		2638	s->s3->change_cipher_spec = 0;
		2639
		2640	md_len = TLS1_FINISH_MAC_LENGTH;
		2641
		2642	if (s->internal->init_num < 0) {
		2643	al = SSL_AD_DECODE_ERROR;
		2644	SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
		2645	goto fatal_err;
		2646	}
		2647
		2648	CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
		2649
		2650	if (s->s3->hs.peer_finished_len != md_len \|\|
		2651	CBS_len(&cbs) != md_len) {
		2652	al = SSL_AD_DECODE_ERROR;
		2653	SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
		2654	goto fatal_err;
		2655	}
		2656
		2657	if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) {
		2658	al = SSL_AD_DECRYPT_ERROR;
		2659	SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
		2660	goto fatal_err;
		2661	}
		2662
		2663	/* Copy finished so we can use it for renegotiation checks. */
		2664	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
		2665	memcpy(s->s3->previous_server_finished,
		2666	s->s3->hs.peer_finished, md_len);
		2667	s->s3->previous_server_finished_len = md_len;
		2668
		2669	return (1);
		2670	fatal_err:
		2671	ssl3_send_alert(s, SSL3_AL_FATAL, al);
		2672	return (0);
		2673	}