diff options
| author | Bodo Möller <bodo@openssl.org> | 2000-01-06 00:24:24 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2000-01-06 00:24:24 +0000 |
| commit | f2d9a32cf47ed8c4e4d025a2258154f3dbe5eca6 (patch) | |
| tree | 9417d6b1d982541c77d3ad1b581e7a869e7ab530 /ssl/s3_both.c | |
| parent | 245206eadd7e1a686ee9695341c166190fbc2c7c (diff) | |
| download | openssl-new-f2d9a32cf47ed8c4e4d025a2258154f3dbe5eca6.tar.gz | |
Use separate arrays for certificate verify and for finished hashes.
Diffstat (limited to 'ssl/s3_both.c')
| -rw-r--r-- | ssl/s3_both.c | 37 |
1 files changed, 33 insertions, 4 deletions
diff --git a/ssl/s3_both.c b/ssl/s3_both.c index a6348b6260..996f05ff48 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include <string.h> #include <stdio.h> #include <openssl/buffer.h> #include <openssl/rand.h> @@ -69,6 +70,19 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) unsigned char *p,*d; int i; unsigned long l; + unsigned char *finish_md; + int *finish_md_len; + + if (s->state & SSL_ST_ACCEPT) + { + finish_md = s->s3->tmp.server_finish_md; + finish_md_len = &s->s3->tmp.server_finish_md_len; + } + else + { + finish_md = s->s3->tmp.client_finish_md; + finish_md_len = &s->s3->tmp.client_finish_md_len; + } if (s->state == a) { @@ -78,7 +92,9 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) i=s->method->ssl3_enc->final_finish_mac(s, &(s->s3->finish_dgst1), &(s->s3->finish_dgst2), - sender,slen,p); + sender,slen,finish_md); + *finish_md_len = i; + memcpy(p, finish_md, i); p+=i; l=i; @@ -106,9 +122,22 @@ int ssl3_get_finished(SSL *s, int a, int b) int al,i,ok; long n; unsigned char *p; + unsigned char *finish_md; + int *finish_md_len; + + if (s->state & SSL_ST_ACCEPT) + { + finish_md = s->s3->tmp.client_finish_md; + finish_md_len = &s->s3->tmp.client_finish_md_len; + } + else + { + finish_md = s->s3->tmp.server_finish_md; + finish_md_len = &s->s3->tmp.server_finish_md_len; + } /* the mac has already been generated when we received the - * change cipher spec message and is in s->s3->tmp.finish_md + * change cipher spec message and is in finish_md */ n=ssl3_get_message(s, @@ -131,7 +160,7 @@ int ssl3_get_finished(SSL *s, int a, int b) p=(unsigned char *)s->init_buf->data; - i=s->method->ssl3_enc->finish_mac_length; + i=*finish_md_len; if (i != n) { @@ -140,7 +169,7 @@ int ssl3_get_finished(SSL *s, int a, int b) goto f_err; } - if (memcmp( p, (char *)&(s->s3->tmp.finish_md[0]),i) != 0) + if (memcmp(p, finish_md, i) != 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); |