X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_both.c;h=bbe9aa74236e9d500fcbff842da1be208f164c1d;hp=251bcedd7d5931a6eb444385c9435c2ddbdf3ad2;hb=b058a08085af113a6b82f9d7a2066bba1491c244;hpb=31b8d8684441e6cd5138832bb1b2ddb10acd6ba6

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 251bcedd7d..bbe9aa7423 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -56,25 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
+#include <string.h>
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 #include "ssl_locl.h"
 
-#define BREAK	break
-
-/* SSL3err(SSL_F_SSL3_GET_FINISHED,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- */
-
-int ssl3_send_finished(s,a,b,sender,slen)
-SSL *s;
-int a;
-int b;
-unsigned char *sender;
-int slen;
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 	{
 	unsigned char *p,*d;
 	int i;
@@ -88,7 +79,9 @@ int slen;
 		i=s->method->ssl3_enc->final_finish_mac(s,
 			&(s->s3->finish_dgst1),
 			&(s->s3->finish_dgst2),
-			sender,slen,p);
+			sender,slen,s->s3->tmp.finish_md);
+		s->s3->tmp.finish_md_len = i;
+		memcpy(p, s->s3->tmp.finish_md, i);
 		p+=i;
 		l=i;
 
@@ -111,17 +104,14 @@ int slen;
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
-int ssl3_get_finished(s,a,b)
-SSL *s;
-int a;
-int b;
+int ssl3_get_finished(SSL *s, int a, int b)
 	{
 	int al,i,ok;
 	long n;
 	unsigned char *p;
 
 	/* the mac has already been generated when we received the
-	 * change cipher spec message and is in s->s3->tmp.in_dgst[12]
+	 * change cipher spec message and is in s->s3->tmp.peer_finish_md
 	 */ 
 
 	n=ssl3_get_message(s,
@@ -142,9 +132,8 @@ int b;
 		}
 	s->s3->change_cipher_spec=0;
 
-	p=(unsigned char *)s->init_buf->data;
-
-	i=s->method->ssl3_enc->finish_mac_length;
+	p = (unsigned char *)s->init_buf->data;
+	i = s->s3->tmp.peer_finish_md_len;
 
 	if (i != n)
 		{
@@ -153,7 +142,7 @@ int b;
 		goto f_err;
 		}
 
-	if (memcmp(  p,    (char *)&(s->s3->tmp.finish_md[0]),i) != 0)
+	if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
 		{
 		al=SSL_AD_DECRYPT_ERROR;
 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
@@ -174,9 +163,7 @@ f_err:
  * ssl->session->read_compression	assign
  * ssl->session->read_hash		assign
  */
-int ssl3_send_change_cipher_spec(s,a,b)
-SSL *s;
-int a,b;
+int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
 	{ 
 	unsigned char *p;
 
@@ -194,9 +181,7 @@ int a,b;
 	return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
 	}
 
-unsigned long ssl3_output_cert_chain(s,x)
-SSL *s;
-X509 *x;
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
 	{
 	unsigned char *p;
 	int n,i;
@@ -243,11 +228,11 @@ X509 *x;
 		X509_STORE_CTX_cleanup(&xs_ctx);
 		}
 
-	/* Thwate special :-) */
+	/* Thawte special :-) */
 	if (s->ctx->extra_certs != NULL)
-	for (i=0; i<sk_num(s->ctx->extra_certs); i++)
+	for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
 		{
-		x=(X509 *)sk_value(s->ctx->extra_certs,i);
+		x=sk_X509_value(s->ctx->extra_certs,i);
 		n=i2d_X509(x,NULL);
 		if (!BUF_MEM_grow(buf,(int)(n+l+3)))
 			{
@@ -271,11 +256,7 @@ X509 *x;
 	return(l);
 	}
 
-long ssl3_get_message(s,st1,stn,mt,max,ok)
-SSL *s;
-int st1,stn,mt;
-long max;
-int *ok;
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 	{
 	unsigned char *p;
 	unsigned long l;
@@ -299,9 +280,8 @@ int *ok;
 
 	if (s->state == st1)
 		{
-		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,
-			(char *)&(p[s->init_num]),
-			4-s->init_num);
+		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
+				  4-s->init_num);
 		if (i < (4-s->init_num))
 			{
 			*ok=0;
@@ -314,6 +294,18 @@ int *ok;
 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
 			goto f_err;
 			}
+		if((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
+					(st1 == SSL3_ST_SR_CERT_A) &&
+					(stn == SSL3_ST_SR_CERT_B))
+			{
+			/* At this point we have got an MS SGC second client
+			 * hello. We need to restart the mac and mac the data
+			 * currently received.
+			 */
+			ssl3_init_finished_mac(s);
+			ssl3_finish_mac(s, p + s->init_num, i);
+			}
+			
 		s->s3->tmp.message_type= *(p++);
 
 		n2l3(p,l);
@@ -339,8 +331,7 @@ int *ok;
 	n=s->s3->tmp.message_size;
 	if (n > 0)
 		{
-		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,
-			(char *)&(p[s->init_num]),(int)n);
+		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n);
 		if (i != (int)n)
 			{
 			*ok=0;
@@ -356,9 +347,7 @@ err:
 	return(-1);
 	}
 
-int ssl_cert_type(x,pkey)
-X509 *x;
-EVP_PKEY *pkey;
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 	{
 	EVP_PKEY *pk;
 	int ret= -1,i,j;
@@ -404,11 +393,11 @@ EVP_PKEY *pkey;
 		ret= -1;
 
 err:
+	if(!pkey) EVP_PKEY_free(pk);
 	return(ret);
 	}
 
-int ssl_verify_alarm_type(type)
-long type;
+int ssl_verify_alarm_type(long type)
 	{
 	int al;
 
@@ -460,8 +449,7 @@ long type;
 	return(al);
 	}
 
-int ssl3_setup_buffers(s)
-SSL *s;
+int ssl3_setup_buffers(SSL *s)
 	{
 	unsigned char *p;
 	unsigned int extra;