Use less complicated arrangement for data strutures related to Finished
authorBodo Möller <bodo@openssl.org>
Thu, 6 Jan 2000 00:41:22 +0000 (00:41 +0000)
committerBodo Möller <bodo@openssl.org>
Thu, 6 Jan 2000 00:41:22 +0000 (00:41 +0000)
messages.

ssl/s3_both.c
ssl/s3_pkt.c
ssl/ssl3.h

index 996f05f..bbe9aa7 100644 (file)
@@ -70,19 +70,6 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
        unsigned char *p,*d;
        int i;
        unsigned long l;
-       unsigned char *finish_md;
-       int *finish_md_len;
-
-       if (s->state & SSL_ST_ACCEPT)
-               {
-               finish_md = s->s3->tmp.server_finish_md;
-               finish_md_len = &s->s3->tmp.server_finish_md_len;
-               }
-       else
-               {
-               finish_md = s->s3->tmp.client_finish_md;
-               finish_md_len = &s->s3->tmp.client_finish_md_len;
-               }
 
        if (s->state == a)
                {
@@ -92,9 +79,9 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                i=s->method->ssl3_enc->final_finish_mac(s,
                        &(s->s3->finish_dgst1),
                        &(s->s3->finish_dgst2),
-                       sender,slen,finish_md);
-               *finish_md_len = i;
-               memcpy(p, finish_md, i);
+                       sender,slen,s->s3->tmp.finish_md);
+               s->s3->tmp.finish_md_len = i;
+               memcpy(p, s->s3->tmp.finish_md, i);
                p+=i;
                l=i;
 
@@ -122,22 +109,9 @@ int ssl3_get_finished(SSL *s, int a, int b)
        int al,i,ok;
        long n;
        unsigned char *p;
-       unsigned char *finish_md;
-       int *finish_md_len;
-
-       if (s->state & SSL_ST_ACCEPT)
-               {
-               finish_md = s->s3->tmp.client_finish_md;
-               finish_md_len = &s->s3->tmp.client_finish_md_len;
-               }
-       else
-               {
-               finish_md = s->s3->tmp.server_finish_md;
-               finish_md_len = &s->s3->tmp.server_finish_md_len;
-               }
 
        /* the mac has already been generated when we received the
-        * change cipher spec message and is in finish_md
+        * change cipher spec message and is in s->s3->tmp.peer_finish_md
         */ 
 
        n=ssl3_get_message(s,
@@ -158,9 +132,8 @@ int ssl3_get_finished(SSL *s, int a, int b)
                }
        s->s3->change_cipher_spec=0;
 
-       p=(unsigned char *)s->init_buf->data;
-
-       i=*finish_md_len;
+       p = (unsigned char *)s->init_buf->data;
+       i = s->s3->tmp.peer_finish_md_len;
 
        if (i != n)
                {
@@ -169,7 +142,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
                goto f_err;
                }
 
-       if (memcmp(p, finish_md, i) != 0)
+       if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
                {
                al=SSL_AD_DECRYPT_ERROR;
                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
index 8b8ecdf..1ce30ff 100644 (file)
@@ -937,8 +937,6 @@ static int do_change_cipher_spec(SSL *s)
        int i;
        const char *sender;
        int slen;
-       unsigned char *finish_md;
-       int *finish_md_len;
 
        if (s->state & SSL_ST_ACCEPT)
                i=SSL3_CHANGE_CIPHER_SERVER_READ;
@@ -961,21 +959,17 @@ static int do_change_cipher_spec(SSL *s)
                {
                sender=s->method->ssl3_enc->server_finished_label;
                slen=s->method->ssl3_enc->server_finished_label_len;
-               finish_md = s->s3->tmp.server_finish_md;
-               finish_md_len = &s->s3->tmp.server_finish_md_len;
                }
        else
                {
                sender=s->method->ssl3_enc->client_finished_label;
                slen=s->method->ssl3_enc->client_finished_label_len;
-               finish_md = s->s3->tmp.client_finish_md;
-               finish_md_len = &s->s3->tmp.client_finish_md_len;
                }
 
-       *finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+       s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
                &(s->s3->finish_dgst1),
                &(s->s3->finish_dgst2),
-               sender,slen,finish_md);
+               sender,slen,s->s3->tmp.peer_finish_md);
 
        return(1);
        }
index 60f33de..322acaf 100644 (file)
@@ -318,10 +318,10 @@ typedef struct ssl3_ctx_st
                unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
 
                /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
-               unsigned char server_finish_md[EVP_MAX_MD_SIZE*2];
-               int server_finish_md_len;
-               unsigned char client_finish_md[EVP_MAX_MD_SIZE*2];
-               int client_finish_md_len;
+               unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+               int finish_md_len;
+               unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
+               int peer_finish_md_len;
                
                unsigned long message_size;
                int message_type;