Use separate arrays for certificate verify and for finished hashes.
diff --git a/CHANGES b/CHANGES
index 073e7f9..5572e1f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Clean up 'Finished' handling.
+ [Bodo Moeller]
+
*) Enhanced support for Alpha Linux is added. Now ./config checks if
the host supports BWX extension and if Compaq C is present on the
$PATH. Just exploiting of the BWX extention results in 20-30%
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index a6348b6..996f05f 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
+#include <string.h>
#include <stdio.h>
#include <openssl/buffer.h>
#include <openssl/rand.h>
@@ -69,6 +70,19 @@
unsigned char *p,*d;
int i;
unsigned long l;
+ unsigned char *finish_md;
+ int *finish_md_len;
+
+ if (s->state & SSL_ST_ACCEPT)
+ {
+ finish_md = s->s3->tmp.server_finish_md;
+ finish_md_len = &s->s3->tmp.server_finish_md_len;
+ }
+ else
+ {
+ finish_md = s->s3->tmp.client_finish_md;
+ finish_md_len = &s->s3->tmp.client_finish_md_len;
+ }
if (s->state == a)
{
@@ -78,7 +92,9 @@
i=s->method->ssl3_enc->final_finish_mac(s,
&(s->s3->finish_dgst1),
&(s->s3->finish_dgst2),
- sender,slen,p);
+ sender,slen,finish_md);
+ *finish_md_len = i;
+ memcpy(p, finish_md, i);
p+=i;
l=i;
@@ -106,9 +122,22 @@
int al,i,ok;
long n;
unsigned char *p;
+ unsigned char *finish_md;
+ int *finish_md_len;
+
+ if (s->state & SSL_ST_ACCEPT)
+ {
+ finish_md = s->s3->tmp.client_finish_md;
+ finish_md_len = &s->s3->tmp.client_finish_md_len;
+ }
+ else
+ {
+ finish_md = s->s3->tmp.server_finish_md;
+ finish_md_len = &s->s3->tmp.server_finish_md_len;
+ }
/* the mac has already been generated when we received the
- * change cipher spec message and is in s->s3->tmp.finish_md
+ * change cipher spec message and is in finish_md
*/
n=ssl3_get_message(s,
@@ -131,7 +160,7 @@
p=(unsigned char *)s->init_buf->data;
- i=s->method->ssl3_enc->finish_mac_length;
+ i=*finish_md_len;
if (i != n)
{
@@ -140,7 +169,7 @@
goto f_err;
}
- if (memcmp( p, (char *)&(s->s3->tmp.finish_md[0]),i) != 0)
+ if (memcmp(p, finish_md, i) != 0)
{
al=SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 1ce1c16..4caf708 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -79,7 +79,7 @@
0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
- unsigned char *sender, int len, unsigned char *p);
+ const char *sender, int len, unsigned char *p);
static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
{
@@ -423,7 +423,7 @@
}
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
- unsigned char *sender, int len, unsigned char *p)
+ const char *sender, int len, unsigned char *p)
{
unsigned int ret;
int npad,n;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 85b929c..8b8ecdf 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -937,6 +937,8 @@
int i;
const char *sender;
int slen;
+ unsigned char *finish_md;
+ int *finish_md_len;
if (s->state & SSL_ST_ACCEPT)
i=SSL3_CHANGE_CIPHER_SERVER_READ;
@@ -959,17 +961,21 @@
{
sender=s->method->ssl3_enc->server_finished_label;
slen=s->method->ssl3_enc->server_finished_label_len;
+ finish_md = s->s3->tmp.server_finish_md;
+ finish_md_len = &s->s3->tmp.server_finish_md_len;
}
else
{
sender=s->method->ssl3_enc->client_finished_label;
slen=s->method->ssl3_enc->client_finished_label_len;
+ finish_md = s->s3->tmp.client_finish_md;
+ finish_md_len = &s->s3->tmp.client_finish_md_len;
}
- s->method->ssl3_enc->final_finish_mac(s,
+ *finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
&(s->s3->finish_dgst1),
&(s->s3->finish_dgst2),
- sender,slen,&(s->s3->tmp.finish_md[0]));
+ sender,slen,finish_md);
return(1);
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 1a4a98b..9e08b75 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -368,10 +368,10 @@
* a client cert, it can be verified */
s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst1),
- &(s->s3->tmp.finish_md[0]));
+ &(s->s3->tmp.cert_verify_md[0]));
s->method->ssl3_enc->cert_verify_mac(s,
&(s->s3->finish_dgst2),
- &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]));
+ &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
break;
@@ -1484,7 +1484,7 @@
#ifndef NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
- i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md,
+ i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
pkey->pkey.rsa);
if (i < 0)
@@ -1506,7 +1506,7 @@
if (pkey->type == EVP_PKEY_DSA)
{
j=DSA_verify(pkey->save_type,
- &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]),
+ &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
if (j <= 0)
{
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 41a621b..60f33de 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -314,8 +314,14 @@
int in_read_app_data;
struct {
- /* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
- unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+ /* actually only needs to be 16+20 */
+ unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
+
+ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+ unsigned char server_finish_md[EVP_MAX_MD_SIZE*2];
+ int server_finish_md_len;
+ unsigned char client_finish_md[EVP_MAX_MD_SIZE*2];
+ int client_finish_md_len;
unsigned long message_size;
int message_type;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index fbf9105..b8f43c2 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -442,7 +442,7 @@
int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len);
int ssl3_part_read(SSL *s, int i);
int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1,EVP_MD_CTX *ctx2,
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
const char *sender, int slen,unsigned char *p);
int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
