Apply Lutz Behnke's 56 bit cipher patch with a few

[openssl.git] / ssl / s3_both.c

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index a6348b6260361c68d8bc0c56138c452a0fa1c3b3..bbe9aa74236e9d500fcbff842da1be208f164c1d 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <string.h>
 #include <stdio.h>
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
@@ -78,7 +79,9 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                i=s->method->ssl3_enc->final_finish_mac(s,
                        &(s->s3->finish_dgst1),
                        &(s->s3->finish_dgst2),
-                       sender,slen,p);
+                       sender,slen,s->s3->tmp.finish_md);
+               s->s3->tmp.finish_md_len = i;
+               memcpy(p, s->s3->tmp.finish_md, i);
                p+=i;
                l=i;
 
@@ -108,7 +111,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
        unsigned char *p;
 
        /* the mac has already been generated when we received the
-        * change cipher spec message and is in s->s3->tmp.finish_md
+        * change cipher spec message and is in s->s3->tmp.peer_finish_md
         */ 
 
        n=ssl3_get_message(s,
@@ -129,9 +132,8 @@ int ssl3_get_finished(SSL *s, int a, int b)
                }
        s->s3->change_cipher_spec=0;
 
-       p=(unsigned char *)s->init_buf->data;
-
-       i=s->method->ssl3_enc->finish_mac_length;
+       p = (unsigned char *)s->init_buf->data;
+       i = s->s3->tmp.peer_finish_md_len;
 
        if (i != n)
                {
@@ -140,7 +142,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
                goto f_err;
                }
 
-       if (memcmp(  p,    (char *)&(s->s3->tmp.finish_md[0]),i) != 0)
+       if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
                {
                al=SSL_AD_DECRYPT_ERROR;
                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);