summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/gnutls_handshake.c41
-rw-r--r--lib/gnutls_sig.c32
2 files changed, 37 insertions, 36 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index aa16bab583..9d9de3d230 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -60,9 +60,7 @@
#define FALSE 0
int _gnutls_server_select_comp_method(gnutls_session session,
- opaque * data, int datalen);
-inline static
-void _gnutls_ssl3_hash_extra_data( gnutls_session session, int type, GNUTLS_MAC_HANDLE td);
+ opaque * data, int datalen);
/* Clears the handshake hash buffers and handles.
@@ -134,11 +132,15 @@ void _gnutls_set_client_random(gnutls_session session, uint8 * random)
/* Calculate The SSL3 Finished message
*/
-
+#define SSL3_CLIENT_MSG "CLNT"
+#define SSL3_SERVER_MSG "SRVR"
+#define SSL_MSG_LEN 4
static int _gnutls_ssl3_finished(gnutls_session session, int type, opaque * ret)
{
+ const int siz = SSL_MSG_LEN;
GNUTLS_MAC_HANDLE td_md5;
GNUTLS_MAC_HANDLE td_sha;
+ const char *mesg;
td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5);
if (td_md5 == NULL) {
@@ -153,8 +155,14 @@ static int _gnutls_ssl3_finished(gnutls_session session, int type, opaque * ret)
return GNUTLS_E_HASH_FAILED;
}
- _gnutls_ssl3_hash_extra_data( session, type, td_md5);
- _gnutls_ssl3_hash_extra_data( session, type, td_sha);
+ if (type == GNUTLS_SERVER) {
+ mesg = SSL3_SERVER_MSG;
+ } else {
+ mesg = SSL3_CLIENT_MSG;
+ }
+
+ _gnutls_hash(td_md5, mesg, siz);
+ _gnutls_hash(td_sha, mesg, siz);
_gnutls_mac_deinit_ssl3_handshake(td_md5, ret, session->security_parameters.master_secret, TLS_MASTER_SIZE);
_gnutls_mac_deinit_ssl3_handshake(td_sha, &ret[16], session->security_parameters.master_secret, TLS_MASTER_SIZE);
@@ -701,8 +709,7 @@ int ret;
return ret;
}
- if ( type != GNUTLS_HELLO_REQUEST)
- {
+ if ( type != GNUTLS_HELLO_REQUEST) {
_gnutls_hash( session->internals.handshake_mac_handle_sha, dataptr, datalen);
_gnutls_hash( session->internals.handshake_mac_handle_md5, dataptr, datalen);
}
@@ -2565,21 +2572,3 @@ gnutls_handshake_description gnutls_handshake_get_last_out( gnutls_session sessi
return session->internals.last_handshake_out;
}
-/* Appends to a hash handle the data required by the SSL 3.0
- * handshake hash.
- */
-#define SSL3_CLIENT_MSG "CLNT"
-#define SSL3_SERVER_MSG "SRVR"
-#define SSL_MSG_LEN 4
-inline static
-void _gnutls_ssl3_hash_extra_data( gnutls_session session, int type, GNUTLS_MAC_HANDLE td)
-{
-const char* mesg;
-
- if (type==GNUTLS_CLIENT)
- mesg = SSL3_CLIENT_MSG;
- else
- mesg = SSL3_SERVER_MSG;
-
- _gnutls_hash(td, mesg, SSL_MSG_LEN);
-}
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 0d8adfeb0d..1c6306f4c7 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -57,15 +57,15 @@ gnutls_protocol_version ver = gnutls_protocol_get_version( session);
return GNUTLS_E_HASH_FAILED;
}
- ret = _gnutls_generate_master( session, 1);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
+ if (ver == GNUTLS_SSL3) {
+ ret = _gnutls_generate_master( session, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
- if (ver == GNUTLS_SSL3)
_gnutls_mac_deinit_ssl3_handshake( td_sha, &concat[16], session->security_parameters.master_secret, TLS_MASTER_SIZE);
- else
+ } else
_gnutls_hash_deinit(td_sha, &concat[16]);
switch (cert->subject_pk_algorithm) {
@@ -294,6 +294,7 @@ opaque concat[36];
GNUTLS_MAC_HANDLE td_md5;
GNUTLS_MAC_HANDLE td_sha;
gnutls_datum dconcat;
+gnutls_protocol_version ver = gnutls_protocol_get_version( session);
td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5);
if (td_md5 == NULL) {
@@ -308,9 +309,20 @@ gnutls_datum dconcat;
return GNUTLS_E_HASH_FAILED;
}
- _gnutls_hash_deinit(td_md5, concat);
- _gnutls_hash_deinit(td_sha, &concat[16]);
-
+ if (ver == GNUTLS_SSL3) {
+ ret = _gnutls_generate_master( session, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ _gnutls_mac_deinit_ssl3_handshake( td_md5, concat, session->security_parameters.master_secret, TLS_MASTER_SIZE);
+ _gnutls_mac_deinit_ssl3_handshake( td_sha, &concat[16], session->security_parameters.master_secret, TLS_MASTER_SIZE);
+ } else {
+ _gnutls_hash_deinit(td_md5, concat);
+ _gnutls_hash_deinit(td_sha, &concat[16]);
+ }
+
dconcat.data = concat;
dconcat.size = 20+16; /* md5+ sha */