1: /* ssl/s3_srvr.c */
    2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
    3:  * All rights reserved.
    4:  *
    5:  * This package is an SSL implementation written
    6:  * by Eric Young (eay@cryptsoft.com).
    7:  * The implementation was written so as to conform with Netscapes SSL.
    8:  * 
    9:  * This library is free for commercial and non-commercial use as long as
   10:  * the following conditions are aheared to.  The following conditions
   11:  * apply to all code found in this distribution, be it the RC4, RSA,
   12:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   13:  * included with this distribution is covered by the same copyright terms
   14:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   15:  * 
   16:  * Copyright remains Eric Young's, and as such any Copyright notices in
   17:  * the code are not to be removed.
   18:  * If this package is used in a product, Eric Young should be given attribution
   19:  * as the author of the parts of the library used.
   20:  * This can be in the form of a textual message at program startup or
   21:  * in documentation (online or textual) provided with the package.
   22:  * 
   23:  * Redistribution and use in source and binary forms, with or without
   24:  * modification, are permitted provided that the following conditions
   25:  * are met:
   26:  * 1. Redistributions of source code must retain the copyright
   27:  *    notice, this list of conditions and the following disclaimer.
   28:  * 2. Redistributions in binary form must reproduce the above copyright
   29:  *    notice, this list of conditions and the following disclaimer in the
   30:  *    documentation and/or other materials provided with the distribution.
   31:  * 3. All advertising materials mentioning features or use of this software
   32:  *    must display the following acknowledgement:
   33:  *    "This product includes cryptographic software written by
   34:  *     Eric Young (eay@cryptsoft.com)"
   35:  *    The word 'cryptographic' can be left out if the rouines from the library
   36:  *    being used are not cryptographic related :-).
   37:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   38:  *    the apps directory (application code) you must include an acknowledgement:
   39:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   40:  * 
   41:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   42:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   43:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   44:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   45:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   46:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   47:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   48:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   49:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   50:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   51:  * SUCH DAMAGE.
   52:  * 
   53:  * The licence and distribution terms for any publically available version or
   54:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
   55:  * copied and put under another distribution licence
   56:  * [including the GNU Public Licence.]
   57:  */
   58: /* ====================================================================
   59:  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
   60:  *
   61:  * Redistribution and use in source and binary forms, with or without
   62:  * modification, are permitted provided that the following conditions
   63:  * are met:
   64:  *
   65:  * 1. Redistributions of source code must retain the above copyright
   66:  *    notice, this list of conditions and the following disclaimer. 
   67:  *
   68:  * 2. Redistributions in binary form must reproduce the above copyright
   69:  *    notice, this list of conditions and the following disclaimer in
   70:  *    the documentation and/or other materials provided with the
   71:  *    distribution.
   72:  *
   73:  * 3. All advertising materials mentioning features or use of this
   74:  *    software must display the following acknowledgment:
   75:  *    "This product includes software developed by the OpenSSL Project
   76:  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
   77:  *
   78:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   79:  *    endorse or promote products derived from this software without
   80:  *    prior written permission. For written permission, please contact
   81:  *    openssl-core@openssl.org.
   82:  *
   83:  * 5. Products derived from this software may not be called "OpenSSL"
   84:  *    nor may "OpenSSL" appear in their names without prior written
   85:  *    permission of the OpenSSL Project.
   86:  *
   87:  * 6. Redistributions of any form whatsoever must retain the following
   88:  *    acknowledgment:
   89:  *    "This product includes software developed by the OpenSSL Project
   90:  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
   91:  *
   92:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   93:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   94:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   95:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   96:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   97:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   98:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   99:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103:  * OF THE POSSIBILITY OF SUCH DAMAGE.
  104:  * ====================================================================
  105:  *
  106:  * This product includes cryptographic software written by Eric Young
  107:  * (eay@cryptsoft.com).  This product includes software written by Tim
  108:  * Hudson (tjh@cryptsoft.com).
  109:  *
  110:  */
  111: /* ====================================================================
  112:  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  113:  *
  114:  * Portions of the attached software ("Contribution") are developed by 
  115:  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
  116:  *
  117:  * The Contribution is licensed pursuant to the OpenSSL open source
  118:  * license provided above.
  119:  *
  120:  * ECC cipher suite support in OpenSSL originally written by
  121:  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
  122:  *
  123:  */
  124: 
  125: #define REUSE_CIPHER_BUG
  126: #define NETSCAPE_HANG_BUG
  127: 
  128: #include <stdio.h>
  129: #include "ssl_locl.h"
  130: #include "kssl_lcl.h"
  131: #include <openssl/buffer.h>
  132: #include <openssl/rand.h>
  133: #include <openssl/objects.h>
  134: #include <openssl/evp.h>
  135: #include <openssl/hmac.h>
  136: #include <openssl/x509.h>
  137: #ifndef OPENSSL_NO_DH
  138: #include <openssl/dh.h>
  139: #endif
  140: #include <openssl/bn.h>
  141: #ifndef OPENSSL_NO_KRB5
  142: #include <openssl/krb5_asn.h>
  143: #endif
  144: #include <openssl/md5.h>
  145: 
  146: static SSL_METHOD *ssl3_get_server_method(int ver);
  147: #ifndef OPENSSL_NO_ECDH
  148: static int nid2curve_id(int nid);
  149: #endif
  150: 
  151: static SSL_METHOD *ssl3_get_server_method(int ver)
  152:         {
  153:         if (ver == SSL3_VERSION)
  154:                 return(SSLv3_server_method());
  155:         else
  156:                 return(NULL);
  157:         }
  158: 
  159: IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
  160:                         ssl3_accept,
  161:                         ssl_undefined_function,
  162:                         ssl3_get_server_method)
  163: 
  164: int ssl3_accept(SSL *s)
  165:         {
  166:         BUF_MEM *buf;
  167:         unsigned long l,Time=(unsigned long)time(NULL);
  168:         void (*cb)(const SSL *ssl,int type,int val)=NULL;
  169:         long num1;
  170:         int ret= -1;
  171:         int new_state,state,skip=0;
  172: 
  173:         RAND_add(&Time,sizeof(Time),0);
  174:         ERR_clear_error();
  175:         clear_sys_error();
  176: 
  177:         if (s->info_callback != NULL)
  178:                 cb=s->info_callback;
  179:         else if (s->ctx->info_callback != NULL)
  180:                 cb=s->ctx->info_callback;
  181: 
  182:         /* init things to blank */
  183:         s->in_handshake++;
  184:         if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
  185: 
  186:         if (s->cert == NULL)
  187:                 {
  188:                 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
  189:                 return(-1);
  190:                 }
  191: 
  192:         for (;;)
  193:                 {
  194:                 state=s->state;
  195: 
  196:                 switch (s->state)
  197:                         {
  198:                 case SSL_ST_RENEGOTIATE:
  199:                         s->new_session=1;
  200:                         /* s->state=SSL_ST_ACCEPT; */
  201: 
  202:                 case SSL_ST_BEFORE:
  203:                 case SSL_ST_ACCEPT:
  204:                 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
  205:                 case SSL_ST_OK|SSL_ST_ACCEPT:
  206: 
  207:                         s->server=1;
  208:                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
  209: 
  210:                         if ((s->version>>8) != 3)
  211:                                 {
  212:                                 SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
  213:                                 return -1;
  214:                                 }
  215:                         s->type=SSL_ST_ACCEPT;
  216: 
  217:                         if (s->init_buf == NULL)
  218:                                 {
  219:                                 if ((buf=BUF_MEM_new()) == NULL)
  220:                                         {
  221:                                         ret= -1;
  222:                                         goto end;
  223:                                         }
  224:                                 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
  225:                                         {
  226:                                         ret= -1;
  227:                                         goto end;
  228:                                         }
  229:                                 s->init_buf=buf;
  230:                                 }
  231: 
  232:                         if (!ssl3_setup_buffers(s))
  233:                                 {
  234:                                 ret= -1;
  235:                                 goto end;
  236:                                 }
  237: 
  238:                         s->init_num=0;
  239: 
  240:                         if (s->state != SSL_ST_RENEGOTIATE)
  241:                                 {
  242:                                 /* Ok, we now need to push on a buffering BIO so that
  243:                                  * the output is sent in a way that TCP likes :-)
  244:                                  */
  245:                                 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
  246:                                 
  247:                                 ssl3_init_finished_mac(s);
  248:                                 s->state=SSL3_ST_SR_CLNT_HELLO_A;
  249:                                 s->ctx->stats.sess_accept++;
  250:                                 }
  251:                         else
  252:                                 {
  253:                                 /* s->state == SSL_ST_RENEGOTIATE,
  254:                                  * we will just send a HelloRequest */
  255:                                 s->ctx->stats.sess_accept_renegotiate++;
  256:                                 s->state=SSL3_ST_SW_HELLO_REQ_A;
  257:                                 }
  258:                         break;
  259: 
  260:                 case SSL3_ST_SW_HELLO_REQ_A:
  261:                 case SSL3_ST_SW_HELLO_REQ_B:
  262: 
  263:                         s->shutdown=0;
  264:                         ret=ssl3_send_hello_request(s);
  265:                         if (ret <= 0) goto end;
  266:                         s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
  267:                         s->state=SSL3_ST_SW_FLUSH;
  268:                         s->init_num=0;
  269: 
  270:                         ssl3_init_finished_mac(s);
  271:                         break;
  272: 
  273:                 case SSL3_ST_SW_HELLO_REQ_C:
  274:                         s->state=SSL_ST_OK;
  275:                         break;
  276: 
  277:                 case SSL3_ST_SR_CLNT_HELLO_A:
  278:                 case SSL3_ST_SR_CLNT_HELLO_B:
  279:                 case SSL3_ST_SR_CLNT_HELLO_C:
  280: 
  281:                         s->shutdown=0;
  282:                         ret=ssl3_get_client_hello(s);
  283:                         if (ret <= 0) goto end;
  284:                         s->new_session = 2;
  285:                         s->state=SSL3_ST_SW_SRVR_HELLO_A;
  286:                         s->init_num=0;
  287:                         break;
  288: 
  289:                 case SSL3_ST_SW_SRVR_HELLO_A:
  290:                 case SSL3_ST_SW_SRVR_HELLO_B:
  291:                         ret=ssl3_send_server_hello(s);
  292:                         if (ret <= 0) goto end;
  293: 
  294:                         if (s->hit)
  295:                                 s->state=SSL3_ST_SW_CHANGE_A;
  296:                         else
  297:                                 s->state=SSL3_ST_SW_CERT_A;
  298:                         s->init_num=0;
  299:                         break;
  300: 
  301:                 case SSL3_ST_SW_CERT_A:
  302:                 case SSL3_ST_SW_CERT_B:
  303:                         /* Check if it is anon DH or anon ECDH or KRB5 */
  304:                         if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
  305:                                 && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
  306:                                 {
  307:                                 ret=ssl3_send_server_certificate(s);
  308:                                 if (ret <= 0) goto end;
  309:                                 }
  310:                         else
  311:                                 skip=1;
  312:                         s->state=SSL3_ST_SW_KEY_EXCH_A;
  313:                         s->init_num=0;
  314:                         break;
  315: 
  316:                 case SSL3_ST_SW_KEY_EXCH_A:
  317:                 case SSL3_ST_SW_KEY_EXCH_B:
  318:                         l=s->s3->tmp.new_cipher->algorithms;
  319: 
  320:                         /* clear this, it may get reset by
  321:                          * send_server_key_exchange */
  322:                         if ((s->options & SSL_OP_EPHEMERAL_RSA)
  323: #ifndef OPENSSL_NO_KRB5
  324:                                 && !(l & SSL_KRB5)
  325: #endif /* OPENSSL_NO_KRB5 */
  326:                                 )
  327:                                 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
  328:                                  * even when forbidden by protocol specs
  329:                                  * (handshake may fail as clients are not required to
  330:                                  * be able to handle this) */
  331:                                 s->s3->tmp.use_rsa_tmp=1;
  332:                         else
  333:                                 s->s3->tmp.use_rsa_tmp=0;
  334: 
  335: 
  336:                         /* only send if a DH key exchange, fortezza or
  337:                          * RSA but we have a sign only certificate
  338:                          *
  339:                          * For ECC ciphersuites, we send a serverKeyExchange
  340:                          * message only if the cipher suite is either
  341:                          * ECDH-anon or ECDHE. In other cases, the
  342:                          * server certificate contains the server's 
  343:                          * public key for key exchange.
  344:                          */
  345:                         if (s->s3->tmp.use_rsa_tmp
  346:                             || (l & SSL_kECDHE)
  347:                             || (l & (SSL_DH|SSL_kFZA))
  348:                             || ((l & SSL_kRSA)
  349:                                 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
  350:                                     || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
  351:                                         && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
  352:                                         )
  353:                                     )
  354:                                 )
  355:                             )
  356:                                 {
  357:                                 ret=ssl3_send_server_key_exchange(s);
  358:                                 if (ret <= 0) goto end;
  359:                                 }
  360:                         else
  361:                                 skip=1;
  362: 
  363:                         s->state=SSL3_ST_SW_CERT_REQ_A;
  364:                         s->init_num=0;
  365:                         break;
  366: 
  367:                 case SSL3_ST_SW_CERT_REQ_A:
  368:                 case SSL3_ST_SW_CERT_REQ_B:
  369:                         if (/* don't request cert unless asked for it: */
  370:                                 !(s->verify_mode & SSL_VERIFY_PEER) ||
  371:                                 /* if SSL_VERIFY_CLIENT_ONCE is set,
  372:                                  * don't request cert during re-negotiation: */
  373:                                 ((s->session->peer != NULL) &&
  374:                                  (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
  375:                                 /* never request cert in anonymous ciphersuites
  376:                                  * (see section "Certificate request" in SSL 3 drafts
  377:                                  * and in RFC 2246): */
  378:                                 ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
  379:                                  /* ... except when the application insists on verification
  380:                                   * (against the specs, but s3_clnt.c accepts this for SSL 3) */
  381:                                  !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
  382:                                  /* never request cert in Kerberos ciphersuites */
  383:                                 (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
  384:                                 {
  385:                                 /* no cert request */
  386:                                 skip=1;
  387:                                 s->s3->tmp.cert_request=0;
  388:                                 s->state=SSL3_ST_SW_SRVR_DONE_A;
  389:                                 }
  390:                         else
  391:                                 {
  392:                                 s->s3->tmp.cert_request=1;
  393:                                 ret=ssl3_send_certificate_request(s);
  394:                                 if (ret <= 0) goto end;
  395: #ifndef NETSCAPE_HANG_BUG
  396:                                 s->state=SSL3_ST_SW_SRVR_DONE_A;
  397: #else
  398:                                 s->state=SSL3_ST_SW_FLUSH;
  399:                                 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
  400: #endif
  401:                                 s->init_num=0;
  402:                                 }
  403:                         break;
  404: 
  405:                 case SSL3_ST_SW_SRVR_DONE_A:
  406:                 case SSL3_ST_SW_SRVR_DONE_B:
  407:                         ret=ssl3_send_server_done(s);
  408:                         if (ret <= 0) goto end;
  409:                         s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
  410:                         s->state=SSL3_ST_SW_FLUSH;
  411:                         s->init_num=0;
  412:                         break;
  413:                 
  414:                 case SSL3_ST_SW_FLUSH:
  415:                         /* number of bytes to be flushed */
  416:                         num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
  417:                         if (num1 > 0)
  418:                                 {
  419:                                 s->rwstate=SSL_WRITING;
  420:                                 num1=BIO_flush(s->wbio);
  421:                                 if (num1 <= 0) { ret= -1; goto end; }
  422:                                 s->rwstate=SSL_NOTHING;
  423:                                 }
  424: 
  425:                         s->state=s->s3->tmp.next_state;
  426:                         break;
  427: 
  428:                 case SSL3_ST_SR_CERT_A:
  429:                 case SSL3_ST_SR_CERT_B:
  430:                         /* Check for second client hello (MS SGC) */
  431:                         ret = ssl3_check_client_hello(s);
  432:                         if (ret <= 0)
  433:                                 goto end;
  434:                         if (ret == 2)
  435:                                 s->state = SSL3_ST_SR_CLNT_HELLO_C;
  436:                         else {
  437:                                 if (s->s3->tmp.cert_request)
  438:                                         {
  439:                                         ret=ssl3_get_client_certificate(s);
  440:                                         if (ret <= 0) goto end;
  441:                                         }
  442:                                 s->init_num=0;
  443:                                 s->state=SSL3_ST_SR_KEY_EXCH_A;
  444:                         }
  445:                         break;
  446: 
  447:                 case SSL3_ST_SR_KEY_EXCH_A:
  448:                 case SSL3_ST_SR_KEY_EXCH_B:
  449:                         ret=ssl3_get_client_key_exchange(s);
  450:                         if (ret <= 0) 
  451:                                 goto end;
  452:                         if (ret == 2)
  453:                                 {
  454:                                 /* For the ECDH ciphersuites when
  455:                                  * the client sends its ECDH pub key in
  456:                                  * a certificate, the CertificateVerify
  457:                                  * message is not sent.
  458:                                  */
  459:                                 s->state=SSL3_ST_SR_FINISHED_A;
  460:                                 s->init_num = 0;
  461:                                 }
  462:                         else   
  463:                                 {
  464:                                 s->state=SSL3_ST_SR_CERT_VRFY_A;
  465:                                 s->init_num=0;
  466: 
  467:                                 /* We need to get hashes here so if there is
  468:                                  * a client cert, it can be verified
  469:                                  */ 
  470:                                 s->method->ssl3_enc->cert_verify_mac(s,
  471:                                     &(s->s3->finish_dgst1),
  472:                                     &(s->s3->tmp.cert_verify_md[0]));
  473:                                 s->method->ssl3_enc->cert_verify_mac(s,
  474:                                     &(s->s3->finish_dgst2),
  475:                                     &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
  476:                                 }
  477:                         break;
  478: 
  479:                 case SSL3_ST_SR_CERT_VRFY_A:
  480:                 case SSL3_ST_SR_CERT_VRFY_B:
  481: 
  482:                         /* we should decide if we expected this one */
  483:                         ret=ssl3_get_cert_verify(s);
  484:                         if (ret <= 0) goto end;
  485: 
  486:                         s->state=SSL3_ST_SR_FINISHED_A;
  487:                         s->init_num=0;
  488:                         break;
  489: 
  490:                 case SSL3_ST_SR_FINISHED_A:
  491:                 case SSL3_ST_SR_FINISHED_B:
  492:                         ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
  493:                                 SSL3_ST_SR_FINISHED_B);
  494:                         if (ret <= 0) goto end;
  495:                         if (s->hit)
  496:                                 s->state=SSL_ST_OK;
  497: #ifndef OPENSSL_NO_TLSEXT
  498:                         else if (s->tlsext_ticket_expected)
  499:                                 s->state=SSL3_ST_SW_SESSION_TICKET_A;
  500: #endif
  501:                         else
  502:                                 s->state=SSL3_ST_SW_CHANGE_A;
  503:                         s->init_num=0;
  504:                         break;
  505: 
  506: #ifndef OPENSSL_NO_TLSEXT
  507:                 case SSL3_ST_SW_SESSION_TICKET_A:
  508:                 case SSL3_ST_SW_SESSION_TICKET_B:
  509:                         ret=ssl3_send_newsession_ticket(s);
  510:                         if (ret <= 0) goto end;
  511:                         s->state=SSL3_ST_SW_CHANGE_A;
  512:                         s->init_num=0;
  513:                         break;
  514: 
  515: #endif
  516: 
  517:                 case SSL3_ST_SW_CHANGE_A:
  518:                 case SSL3_ST_SW_CHANGE_B:
  519: 
  520:                         s->session->cipher=s->s3->tmp.new_cipher;
  521:                         if (!s->method->ssl3_enc->setup_key_block(s))
  522:                                 { ret= -1; goto end; }
  523: 
  524:                         ret=ssl3_send_change_cipher_spec(s,
  525:                                 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
  526: 
  527:                         if (ret <= 0) goto end;
  528:                         s->state=SSL3_ST_SW_FINISHED_A;
  529:                         s->init_num=0;
  530: 
  531:                         if (!s->method->ssl3_enc->change_cipher_state(s,
  532:                                 SSL3_CHANGE_CIPHER_SERVER_WRITE))
  533:                                 {
  534:                                 ret= -1;
  535:                                 goto end;
  536:                                 }
  537: 
  538:                         break;
  539: 
  540:                 case SSL3_ST_SW_FINISHED_A:
  541:                 case SSL3_ST_SW_FINISHED_B:
  542:                         ret=ssl3_send_finished(s,
  543:                                 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
  544:                                 s->method->ssl3_enc->server_finished_label,
  545:                                 s->method->ssl3_enc->server_finished_label_len);
  546:                         if (ret <= 0) goto end;
  547:                         s->state=SSL3_ST_SW_FLUSH;
  548:                         if (s->hit)
  549:                                 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
  550:                         else
  551:                                 s->s3->tmp.next_state=SSL_ST_OK;
  552: