Use less complicated arrangement for data strutures related to Finished
messages.
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 996f05f..bbe9aa7 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -70,19 +70,6 @@
unsigned char *p,*d;
int i;
unsigned long l;
- unsigned char *finish_md;
- int *finish_md_len;
-
- if (s->state & SSL_ST_ACCEPT)
- {
- finish_md = s->s3->tmp.server_finish_md;
- finish_md_len = &s->s3->tmp.server_finish_md_len;
- }
- else
- {
- finish_md = s->s3->tmp.client_finish_md;
- finish_md_len = &s->s3->tmp.client_finish_md_len;
- }
if (s->state == a)
{
@@ -92,9 +79,9 @@
i=s->method->ssl3_enc->final_finish_mac(s,
&(s->s3->finish_dgst1),
&(s->s3->finish_dgst2),
- sender,slen,finish_md);
- *finish_md_len = i;
- memcpy(p, finish_md, i);
+ sender,slen,s->s3->tmp.finish_md);
+ s->s3->tmp.finish_md_len = i;
+ memcpy(p, s->s3->tmp.finish_md, i);
p+=i;
l=i;
@@ -122,22 +109,9 @@
int al,i,ok;
long n;
unsigned char *p;
- unsigned char *finish_md;
- int *finish_md_len;
-
- if (s->state & SSL_ST_ACCEPT)
- {
- finish_md = s->s3->tmp.client_finish_md;
- finish_md_len = &s->s3->tmp.client_finish_md_len;
- }
- else
- {
- finish_md = s->s3->tmp.server_finish_md;
- finish_md_len = &s->s3->tmp.server_finish_md_len;
- }
/* the mac has already been generated when we received the
- * change cipher spec message and is in finish_md
+ * change cipher spec message and is in s->s3->tmp.peer_finish_md
*/
n=ssl3_get_message(s,
@@ -158,9 +132,8 @@
}
s->s3->change_cipher_spec=0;
- p=(unsigned char *)s->init_buf->data;
-
- i=*finish_md_len;
+ p = (unsigned char *)s->init_buf->data;
+ i = s->s3->tmp.peer_finish_md_len;
if (i != n)
{
@@ -169,7 +142,7 @@
goto f_err;
}
- if (memcmp(p, finish_md, i) != 0)
+ if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
{
al=SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 8b8ecdf..1ce30ff 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -937,8 +937,6 @@
int i;
const char *sender;
int slen;
- unsigned char *finish_md;
- int *finish_md_len;
if (s->state & SSL_ST_ACCEPT)
i=SSL3_CHANGE_CIPHER_SERVER_READ;
@@ -961,21 +959,17 @@
{
sender=s->method->ssl3_enc->server_finished_label;
slen=s->method->ssl3_enc->server_finished_label_len;
- finish_md = s->s3->tmp.server_finish_md;
- finish_md_len = &s->s3->tmp.server_finish_md_len;
}
else
{
sender=s->method->ssl3_enc->client_finished_label;
slen=s->method->ssl3_enc->client_finished_label_len;
- finish_md = s->s3->tmp.client_finish_md;
- finish_md_len = &s->s3->tmp.client_finish_md_len;
}
- *finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+ s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
&(s->s3->finish_dgst1),
&(s->s3->finish_dgst2),
- sender,slen,finish_md);
+ sender,slen,s->s3->tmp.peer_finish_md);
return(1);
}
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 60f33de..322acaf 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -318,10 +318,10 @@
unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
- unsigned char server_finish_md[EVP_MAX_MD_SIZE*2];
- int server_finish_md_len;
- unsigned char client_finish_md[EVP_MAX_MD_SIZE*2];
- int client_finish_md_len;
+ unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+ int finish_md_len;
+ unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
+ int peer_finish_md_len;
unsigned long message_size;
int message_type;
