diff options
| author | jsing <> | 2015-09-11 16:41:05 +0000 |
|---|---|---|
| committer | jsing <> | 2015-09-11 16:41:05 +0000 |
| commit | 0e484323b7b4c032f0d2bd82e5fa5f2b306b11ff (patch) | |
| tree | b85b6772a80e12bdb3b2ddcca426276143d9b1e4 /src/lib | |
| parent | 396c0de2b029bf62cad52ca0c26f6652679681ad (diff) | |
| download | openbsd-0e484323b7b4c032f0d2bd82e5fa5f2b306b11ff.tar.gz openbsd-0e484323b7b4c032f0d2bd82e5fa5f2b306b11ff.tar.bz2 openbsd-0e484323b7b4c032f0d2bd82e5fa5f2b306b11ff.zip | |
Shuffle the code in ssl3_send_finished() to make it more logical/readable.
ok beck@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/s3_both.c | 16 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_both.c | 16 |
2 files changed, 14 insertions, 18 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 7b5139bbe3..cd8afd1946 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_both.c,v 1.45 2015/09/11 16:27:40 jsing Exp $ */ | 1 | /* $OpenBSD: s3_both.c,v 1.46 2015/09/11 16:41:05 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -140,6 +140,7 @@ ssl3_do_write(SSL *s, int type) | |||
| 140 | s->init_num); | 140 | s->init_num); |
| 141 | if (ret < 0) | 141 | if (ret < 0) |
| 142 | return (-1); | 142 | return (-1); |
| 143 | |||
| 143 | if (type == SSL3_RT_HANDSHAKE) | 144 | if (type == SSL3_RT_HANDSHAKE) |
| 144 | /* | 145 | /* |
| 145 | * Should not be done for 'Hello Request's, but in that case | 146 | * Should not be done for 'Hello Request's, but in that case |
| @@ -166,23 +167,18 @@ int | |||
| 166 | ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) | 167 | ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) |
| 167 | { | 168 | { |
| 168 | unsigned char *p; | 169 | unsigned char *p; |
| 169 | unsigned long l; | ||
| 170 | int md_len; | 170 | int md_len; |
| 171 | 171 | ||
| 172 | if (s->state == a) { | 172 | if (s->state == a) { |
| 173 | p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED); | ||
| 174 | |||
| 175 | md_len = s->method->ssl3_enc->finish_mac_length; | 173 | md_len = s->method->ssl3_enc->finish_mac_length; |
| 174 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); | ||
| 175 | |||
| 176 | if (s->method->ssl3_enc->final_finish_mac(s, sender, slen, | 176 | if (s->method->ssl3_enc->final_finish_mac(s, sender, slen, |
| 177 | s->s3->tmp.finish_md) != md_len) | 177 | s->s3->tmp.finish_md) != md_len) |
| 178 | return (0); | 178 | return (0); |
| 179 | s->s3->tmp.finish_md_len = md_len; | 179 | s->s3->tmp.finish_md_len = md_len; |
| 180 | memcpy(p, s->s3->tmp.finish_md, md_len); | ||
| 181 | p += md_len; | ||
| 182 | l = md_len; | ||
| 183 | 180 | ||
| 184 | /* Copy finished so we can use it for renegotiation checks. */ | 181 | /* Copy finished so we can use it for renegotiation checks. */ |
| 185 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); | ||
| 186 | if (s->type == SSL_ST_CONNECT) { | 182 | if (s->type == SSL_ST_CONNECT) { |
| 187 | memcpy(s->s3->previous_client_finished, | 183 | memcpy(s->s3->previous_client_finished, |
| 188 | s->s3->tmp.finish_md, md_len); | 184 | s->s3->tmp.finish_md, md_len); |
| @@ -193,7 +189,9 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) | |||
| 193 | s->s3->previous_server_finished_len = md_len; | 189 | s->s3->previous_server_finished_len = md_len; |
| 194 | } | 190 | } |
| 195 | 191 | ||
| 196 | ssl3_handshake_msg_finish(s, l); | 192 | p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED); |
| 193 | memcpy(p, s->s3->tmp.finish_md, md_len); | ||
| 194 | ssl3_handshake_msg_finish(s, md_len); | ||
| 197 | 195 | ||
| 198 | s->state = b; | 196 | s->state = b; |
| 199 | } | 197 | } |
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c index 7b5139bbe3..cd8afd1946 100644 --- a/src/lib/libssl/src/ssl/s3_both.c +++ b/src/lib/libssl/src/ssl/s3_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_both.c,v 1.45 2015/09/11 16:27:40 jsing Exp $ */ | 1 | /* $OpenBSD: s3_both.c,v 1.46 2015/09/11 16:41:05 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -140,6 +140,7 @@ ssl3_do_write(SSL *s, int type) | |||
| 140 | s->init_num); | 140 | s->init_num); |
| 141 | if (ret < 0) | 141 | if (ret < 0) |
| 142 | return (-1); | 142 | return (-1); |
| 143 | |||
| 143 | if (type == SSL3_RT_HANDSHAKE) | 144 | if (type == SSL3_RT_HANDSHAKE) |
| 144 | /* | 145 | /* |
| 145 | * Should not be done for 'Hello Request's, but in that case | 146 | * Should not be done for 'Hello Request's, but in that case |
| @@ -166,23 +167,18 @@ int | |||
| 166 | ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) | 167 | ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) |
| 167 | { | 168 | { |
| 168 | unsigned char *p; | 169 | unsigned char *p; |
| 169 | unsigned long l; | ||
| 170 | int md_len; | 170 | int md_len; |
| 171 | 171 | ||
| 172 | if (s->state == a) { | 172 | if (s->state == a) { |
| 173 | p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED); | ||
| 174 | |||
| 175 | md_len = s->method->ssl3_enc->finish_mac_length; | 173 | md_len = s->method->ssl3_enc->finish_mac_length; |
| 174 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); | ||
| 175 | |||
| 176 | if (s->method->ssl3_enc->final_finish_mac(s, sender, slen, | 176 | if (s->method->ssl3_enc->final_finish_mac(s, sender, slen, |
| 177 | s->s3->tmp.finish_md) != md_len) | 177 | s->s3->tmp.finish_md) != md_len) |
| 178 | return (0); | 178 | return (0); |
| 179 | s->s3->tmp.finish_md_len = md_len; | 179 | s->s3->tmp.finish_md_len = md_len; |
| 180 | memcpy(p, s->s3->tmp.finish_md, md_len); | ||
| 181 | p += md_len; | ||
| 182 | l = md_len; | ||
| 183 | 180 | ||
| 184 | /* Copy finished so we can use it for renegotiation checks. */ | 181 | /* Copy finished so we can use it for renegotiation checks. */ |
| 185 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); | ||
| 186 | if (s->type == SSL_ST_CONNECT) { | 182 | if (s->type == SSL_ST_CONNECT) { |
| 187 | memcpy(s->s3->previous_client_finished, | 183 | memcpy(s->s3->previous_client_finished, |
| 188 | s->s3->tmp.finish_md, md_len); | 184 | s->s3->tmp.finish_md, md_len); |
| @@ -193,7 +189,9 @@ ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) | |||
| 193 | s->s3->previous_server_finished_len = md_len; | 189 | s->s3->previous_server_finished_len = md_len; |
| 194 | } | 190 | } |
| 195 | 191 | ||
| 196 | ssl3_handshake_msg_finish(s, l); | 192 | p = ssl3_handshake_msg_start(s, SSL3_MT_FINISHED); |
| 193 | memcpy(p, s->s3->tmp.finish_md, md_len); | ||
| 194 | ssl3_handshake_msg_finish(s, md_len); | ||
| 197 | 195 | ||
| 198 | s->state = b; | 196 | s->state = b; |
| 199 | } | 197 | } |