Corrected bug in mutual certificate authentication in SSL 3.0 (part 2).

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2004-02-27 17:59:17 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2004-02-27 17:59:17 +0000
commit: 3c8cb8bf7da97d2c93a9809a755c9c57882d47fe (patch)
tree: 5ca65afd23c77066fa6ef237415e5f2156d6c2db
parent: e491747808c5e1f389433d8869a8f125b2b2021e (diff)
download: gnutls-3c8cb8bf7da97d2c93a9809a755c9c57882d47fe.tar.gz
2 files changed, 37 insertions, 36 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index aa16bab583..9d9de3d230 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -60,9 +60,7 @@
 #define FALSE 0
 
 int _gnutls_server_select_comp_method(gnutls_session session,
-	opaque * data, int datalen);
-inline static
-void _gnutls_ssl3_hash_extra_data( gnutls_session session, int type, GNUTLS_MAC_HANDLE td);
+				    opaque * data, int datalen);
 
 
 /* Clears the handshake hash buffers and handles.
@@ -134,11 +132,15 @@ void _gnutls_set_client_random(gnutls_session session, uint8 * random)
 
 /* Calculate The SSL3 Finished message 
  */
-
+#define SSL3_CLIENT_MSG "CLNT"
+#define SSL3_SERVER_MSG "SRVR"
+#define SSL_MSG_LEN 4
 static int _gnutls_ssl3_finished(gnutls_session session, int type, opaque * ret)
 {
+	const int siz = SSL_MSG_LEN;
 	GNUTLS_MAC_HANDLE td_md5;
 	GNUTLS_MAC_HANDLE td_sha;
+	const char *mesg;
 
 	td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5);
 	if (td_md5 == NULL) {
@@ -153,8 +155,14 @@ static int _gnutls_ssl3_finished(gnutls_session session, int type, opaque * ret)
 		return GNUTLS_E_HASH_FAILED;
 	}
 
-	_gnutls_ssl3_hash_extra_data( session, type, td_md5);
-	_gnutls_ssl3_hash_extra_data( session, type, td_sha);
+	if (type == GNUTLS_SERVER) {
+		mesg = SSL3_SERVER_MSG;
+	} else {
+		mesg = SSL3_CLIENT_MSG;
+	}
+
+	_gnutls_hash(td_md5, mesg, siz);
+	_gnutls_hash(td_sha, mesg, siz);
 
 	_gnutls_mac_deinit_ssl3_handshake(td_md5, ret, session->security_parameters.master_secret, TLS_MASTER_SIZE);
 	_gnutls_mac_deinit_ssl3_handshake(td_sha, &ret[16], session->security_parameters.master_secret, TLS_MASTER_SIZE);
@@ -701,8 +709,7 @@ int ret;
 		return ret;
 	}
 
-	if ( type != GNUTLS_HELLO_REQUEST) 
-	{
+	if ( type != GNUTLS_HELLO_REQUEST) {
 		_gnutls_hash( session->internals.handshake_mac_handle_sha, dataptr, datalen);
 		_gnutls_hash( session->internals.handshake_mac_handle_md5, dataptr, datalen);
 	}
@@ -2565,21 +2572,3 @@ gnutls_handshake_description gnutls_handshake_get_last_out( gnutls_session sessi
 	return session->internals.last_handshake_out;
 }
 
-/* Appends to a hash handle the data required by the SSL 3.0
- * handshake hash.
- */
-#define SSL3_CLIENT_MSG "CLNT"
-#define SSL3_SERVER_MSG "SRVR"
-#define SSL_MSG_LEN 4
-inline static
-void _gnutls_ssl3_hash_extra_data( gnutls_session session, int type, GNUTLS_MAC_HANDLE td)
-{
-const char* mesg;
-
-	if (type==GNUTLS_CLIENT)
-		mesg = SSL3_CLIENT_MSG;
-        else
-        	mesg = SSL3_SERVER_MSG;
-
-	_gnutls_hash(td, mesg, SSL_MSG_LEN);
-}
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 0d8adfeb0d..1c6306f4c7 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -57,15 +57,15 @@ gnutls_protocol_version ver = gnutls_protocol_get_version( session);
 		return GNUTLS_E_HASH_FAILED;
 	}
 
-	ret = _gnutls_generate_master( session, 1);
-	if  (ret < 0) {
-		gnutls_assert();
-		return ret;
-	}
+	if (ver == GNUTLS_SSL3) {
+		ret = _gnutls_generate_master( session, 1);
+		if  (ret < 0) {
+			gnutls_assert();
+			return ret;
+		}
 
-	if (ver == GNUTLS_SSL3)
 		_gnutls_mac_deinit_ssl3_handshake( td_sha, &concat[16], session->security_parameters.master_secret, TLS_MASTER_SIZE);
-	else
+	} else
 		_gnutls_hash_deinit(td_sha, &concat[16]);
 
 	switch (cert->subject_pk_algorithm) {
@@ -294,6 +294,7 @@ opaque concat[36];
 GNUTLS_MAC_HANDLE td_md5;
 GNUTLS_MAC_HANDLE td_sha;
 gnutls_datum dconcat;
+gnutls_protocol_version ver = gnutls_protocol_get_version( session);
 
 	td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5);
 	if (td_md5 == NULL) {
@@ -308,9 +309,20 @@ gnutls_datum dconcat;
 		return GNUTLS_E_HASH_FAILED;
 	}
 
-	_gnutls_hash_deinit(td_md5, concat);
-	_gnutls_hash_deinit(td_sha, &concat[16]);
-	
+	if (ver == GNUTLS_SSL3) {
+		ret = _gnutls_generate_master( session, 1);
+		if  (ret < 0) {
+			gnutls_assert();
+			return ret;
+		}
+
+		_gnutls_mac_deinit_ssl3_handshake( td_md5, concat, session->security_parameters.master_secret, TLS_MASTER_SIZE);
+		_gnutls_mac_deinit_ssl3_handshake( td_sha, &concat[16], session->security_parameters.master_secret, TLS_MASTER_SIZE);
+	} else {
+		_gnutls_hash_deinit(td_md5, concat);
+		_gnutls_hash_deinit(td_sha, &concat[16]);
+	}
+
 	dconcat.data = concat;
 	dconcat.size = 20+16; /* md5+ sha */
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2004-02-27 17:59:17 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2004-02-27 17:59:17 +0000
commit	3c8cb8bf7da97d2c93a9809a755c9c57882d47fe (patch)
tree	5ca65afd23c77066fa6ef237415e5f2156d6c2db
parent	e491747808c5e1f389433d8869a8f125b2b2021e (diff)
download	gnutls-3c8cb8bf7da97d2c93a9809a755c9c57882d47fe.tar.gz