From f2d9a32cf47ed8c4e4d025a2258154f3dbe5eca6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Thu, 6 Jan 2000 00:24:24 +0000
Subject: Use separate arrays for certificate verify and for finished hashes.

---
 ssl/s3_both.c | 37 +++++++++++++++++++++++++++++++++----
 1 file changed, 33 insertions(+), 4 deletions(-)

(limited to 'ssl/s3_both.c')

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index a6348b6260..996f05ff48 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <string.h>
 #include <stdio.h>
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
@@ -69,6 +70,19 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 	unsigned char *p,*d;
 	int i;
 	unsigned long l;
+	unsigned char *finish_md;
+	int *finish_md_len;
+
+	if (s->state & SSL_ST_ACCEPT)
+		{
+		finish_md = s->s3->tmp.server_finish_md;
+		finish_md_len = &s->s3->tmp.server_finish_md_len;
+		}
+	else
+		{
+		finish_md = s->s3->tmp.client_finish_md;
+		finish_md_len = &s->s3->tmp.client_finish_md_len;
+		}
 
 	if (s->state == a)
 		{
@@ -78,7 +92,9 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 		i=s->method->ssl3_enc->final_finish_mac(s,
 			&(s->s3->finish_dgst1),
 			&(s->s3->finish_dgst2),
-			sender,slen,p);
+			sender,slen,finish_md);
+		*finish_md_len = i;
+		memcpy(p, finish_md, i);
 		p+=i;
 		l=i;
 
@@ -106,9 +122,22 @@ int ssl3_get_finished(SSL *s, int a, int b)
 	int al,i,ok;
 	long n;
 	unsigned char *p;
+	unsigned char *finish_md;
+	int *finish_md_len;
+
+	if (s->state & SSL_ST_ACCEPT)
+		{
+		finish_md = s->s3->tmp.client_finish_md;
+		finish_md_len = &s->s3->tmp.client_finish_md_len;
+		}
+	else
+		{
+		finish_md = s->s3->tmp.server_finish_md;
+		finish_md_len = &s->s3->tmp.server_finish_md_len;
+		}
 
 	/* the mac has already been generated when we received the
-	 * change cipher spec message and is in s->s3->tmp.finish_md
+	 * change cipher spec message and is in finish_md
 	 */ 
 
 	n=ssl3_get_message(s,
@@ -131,7 +160,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
 
 	p=(unsigned char *)s->init_buf->data;
 
-	i=s->method->ssl3_enc->finish_mac_length;
+	i=*finish_md_len;
 
 	if (i != n)
 		{
@@ -140,7 +169,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
 		goto f_err;
 		}
 
-	if (memcmp(  p,    (char *)&(s->s3->tmp.finish_md[0]),i) != 0)
+	if (memcmp(p, finish_md, i) != 0)
 		{
 		al=SSL_AD_DECRYPT_ERROR;
 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
-- 
cgit v1.2.3