SSL3 support was added

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2000-12-07 09:47:03 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2000-12-07 09:47:03 +0000
commit: f926187b03b89113734cf7cac57e62b7ed8755a5 (patch)
tree: 346baece0b273edf5a4695cbe0c75fef9f3c2ffc /lib
parent: 8ea2cb55648ba24899e57ed41b61ee7dc5bf7678 (diff)
download: gnutls-f926187b03b89113734cf7cac57e62b7ed8755a5.tar.gz
3 files changed, 68 insertions, 9 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 2cf93e1e38..329b4e47f1 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -51,8 +51,8 @@ void* _gnutls_ssl3_finished( GNUTLS_STATE state, int type, int skip) {
 	char* concat=gnutls_malloc(36);
 	char *mesg;
 	
-	td = gnutls_mac_init_ssl3( GNUTLS_MAC_MD5, state->security_parameters.master_secret, 48);
-	td2 = gnutls_mac_init_ssl3( GNUTLS_MAC_SHA, state->security_parameters.master_secret, 48);
+	td = gnutls_mac_init_ssl3_handshake( GNUTLS_MAC_MD5, state->security_parameters.master_secret, 48);
+	td2 = gnutls_mac_init_ssl3_handshake( GNUTLS_MAC_SHA, state->security_parameters.master_secret, 48);
 			
 	siz = gnutls_getHashDataBufferSize( state) - skip;
 	data = gnutls_malloc( siz);
@@ -61,27 +61,25 @@ void* _gnutls_ssl3_finished( GNUTLS_STATE state, int type, int skip) {
 
 	gnutls_mac_ssl3(td, data, siz);
 	gnutls_mac_ssl3(td2, data, siz);
-			
 	gnutls_free(data);
+	
 	if (type==GNUTLS_SERVER) {
 		mesg = SSL3_SERVER_MSG;
 	} else {
 		mesg = SSL3_CLIENT_MSG;
 	}
-
 	siz = strlen(mesg);
 	gnutls_mac_ssl3(td, mesg, siz);
 	gnutls_mac_ssl3(td2, mesg, siz);
-	
-	data = gnutls_mac_deinit_ssl3(td);
+
+	data = gnutls_mac_deinit_ssl3_handshake(td);
 	memcpy( concat, data, 16);
 	gnutls_free(data);
 			
-	data = gnutls_mac_deinit_ssl3(td2);
+	data = gnutls_mac_deinit_ssl3_handshake(td2);
 
 	memcpy( &concat[16], data, 20);
 	gnutls_free(data);
-			
 	return concat;
 }
 
@@ -397,7 +395,7 @@ int _gnutls_recv_handshake(int cd, GNUTLS_STATE state, uint8 **data,
 	if (length32 > 0 && data!=NULL)
 		memmove( *data, &dataptr[HANDSHAKE_HEADERS_SIZE], length32);
 
-	/* here we do the hashing work needed at Finished message */
+	/* here we buffer the handshake messages - needed at Finished message */
 	gnutls_insertHashDataBuffer( state, dataptr, length32+HANDSHAKE_HEADERS_SIZE);
 
 	switch (dataptr[0]) {
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index c847d42edf..8fe6d06d15 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -265,6 +265,22 @@ GNUTLS_MAC_HANDLE gnutls_mac_init_ssl3(MACAlgorithm algorithm, void *key,
 	return ret;
 }
 
+GNUTLS_MAC_HANDLE gnutls_mac_init_ssl3_handshake(MACAlgorithm algorithm, void *key,
+					int keylen)
+{
+	GNUTLS_MAC_HANDLE ret;
+	char *digest;
+	int padsize;
+
+	ret = gnutls_hash_init(algorithm);
+	if (ret!=GNUTLS_MAC_FAILED) {
+		ret->key = key;
+		ret->keysize = keylen;
+	}
+
+	return ret;
+}
+
 void *gnutls_mac_deinit_ssl3(GNUTLS_MAC_HANDLE handle)
 {
 	void *ret=NULL;
@@ -302,6 +318,49 @@ void *gnutls_mac_deinit_ssl3(GNUTLS_MAC_HANDLE handle)
 	return ret;
 }
 
+void *gnutls_mac_deinit_ssl3_handshake(GNUTLS_MAC_HANDLE handle)
+{
+	void *ret=NULL;
+	GNUTLS_MAC_HANDLE td;
+	char opad[48];
+	char ipad[48];
+	int padsize;
+	int block;
+	
+	switch (handle->algorithm) {
+	case GNUTLS_MAC_MD5:
+		padsize = 48;
+		break;
+	case GNUTLS_MAC_SHA:
+		padsize = 40;
+		break;
+	default:
+		padsize=0;
+	}
+	if (padsize > 0) {
+		memset(opad, 0x5C, padsize);
+		memset(ipad, 0x36, padsize);
+	}
+
+	td = gnutls_hash_init(handle->algorithm);
+	if (td!=GNUTLS_MAC_FAILED) {
+		if (handle->keysize > 0) gnutls_hash(td, handle->key, handle->keysize);
+
+		gnutls_hash(td, opad, padsize);
+		block = gnutls_hmac_get_algo_len(handle->algorithm);
+		
+		if (handle->keysize > 0) gnutls_hash( handle, handle->key, handle->keysize);
+		gnutls_hash(handle, ipad, padsize);
+		ret = gnutls_hash_deinit(handle);	/* get the previous hash */
+
+		gnutls_hash(td, ret, block);
+		gnutls_free(ret);
+
+		ret = gnutls_hash_deinit(td);
+	}
+	return ret;
+}
+
 static void *ssl3_sha(int i, char *secret, int secret_len, char *random,
 	       int random_len)
 {
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index 14c246bc85..5d0febf871 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -44,4 +44,6 @@ void* gnutls_hash_deinit(GNUTLS_MAC_HANDLE handle);
 
 void *gnutls_ssl3_generate_random(void *secret, int secret_len, void *random, int random_len, int bytes);
 
+GNUTLS_MAC_HANDLE gnutls_mac_init_ssl3_handshake(MACAlgorithm algorithm, void *key, int keylen);
+void *gnutls_mac_deinit_ssl3_handshake(GNUTLS_MAC_HANDLE handle);
 #endif /* GNUTLS_HASH_INT_H */
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2000-12-07 09:47:03 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2000-12-07 09:47:03 +0000
commit	f926187b03b89113734cf7cac57e62b7ed8755a5 (patch)
tree	346baece0b273edf5a4695cbe0c75fef9f3c2ffc /lib
parent	8ea2cb55648ba24899e57ed41b61ee7dc5bf7678 (diff)
download	gnutls-f926187b03b89113734cf7cac57e62b7ed8755a5.tar.gz