2 files changed, 34 insertions, 38 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 17368f1107..6d108c295b 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.29 2014/09/22 12:36:06 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.30 2014/09/22 13:18:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -153,34 +153,32 @@ int
 ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 {
        unsigned char *p, *d;
-        int i;
        unsigned long l;
+        int md_len;
        if (s->state == a) {
                d = (unsigned char *)s->init_buf->data;
                p = &(d[4]);
-                i = s->method->ssl3_enc->final_finish_mac(s,
+                md_len = s->method->ssl3_enc->finish_mac_length;
-                sender, slen, s->s3->tmp.finish_md);
+                if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,
-                if (i == 0)
+                    s->s3->tmp.finish_md) != md_len)
-                        return 0;
+                        return (0);
-                s->s3->tmp.finish_md_len = i;
+                s->s3->tmp.finish_md_len = md_len;
-                memcpy(p, s->s3->tmp.finish_md, i);
+                memcpy(p, s->s3->tmp.finish_md, md_len);
-                p += i;
+                p += md_len;
-                l = i;
+                l = md_len;
-                /* Copy the finished so we can use it for
+                /* Copy finished so we can use it for renegotiation checks. */
-                   renegotiation checks */
+                OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
                if (s->type == SSL_ST_CONNECT) {
-                        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
                        memcpy(s->s3->previous_client_finished,
-                        s->s3->tmp.finish_md, i);
+                            s->s3->tmp.finish_md, md_len);
-                        s->s3->previous_client_finished_len = i;
+                        s->s3->previous_client_finished_len = md_len;
                } else {
-                        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
                        memcpy(s->s3->previous_server_finished,
-                        s->s3->tmp.finish_md, i);
+                            s->s3->tmp.finish_md, md_len);
-                        s->s3->previous_server_finished_len = i;
+                        s->s3->previous_server_finished_len = md_len;
                }
                *(d++) = SSL3_MT_FINISHED;
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 17368f1107..6d108c295b 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.29 2014/09/22 12:36:06 jsing Exp $ */
+/* $OpenBSD: s3_both.c,v 1.30 2014/09/22 13:18:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -153,34 +153,32 @@ int
 ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 {
        unsigned char *p, *d;
-        int i;
        unsigned long l;
+        int md_len;
        if (s->state == a) {
                d = (unsigned char *)s->init_buf->data;
                p = &(d[4]);
-                i = s->method->ssl3_enc->final_finish_mac(s,
+                md_len = s->method->ssl3_enc->finish_mac_length;
-                sender, slen, s->s3->tmp.finish_md);
+                if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,
-                if (i == 0)
+                    s->s3->tmp.finish_md) != md_len)
-                        return 0;
+                        return (0);
-                s->s3->tmp.finish_md_len = i;
+                s->s3->tmp.finish_md_len = md_len;
-                memcpy(p, s->s3->tmp.finish_md, i);
+                memcpy(p, s->s3->tmp.finish_md, md_len);
-                p += i;
+                p += md_len;
-                l = i;
+                l = md_len;
-                /* Copy the finished so we can use it for
+                /* Copy finished so we can use it for renegotiation checks. */
-                   renegotiation checks */
+                OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
                if (s->type == SSL_ST_CONNECT) {
-                        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
                        memcpy(s->s3->previous_client_finished,
-                        s->s3->tmp.finish_md, i);
+                            s->s3->tmp.finish_md, md_len);
-                        s->s3->previous_client_finished_len = i;
+                        s->s3->previous_client_finished_len = md_len;
                } else {
-                        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
                        memcpy(s->s3->previous_server_finished,
-                        s->s3->tmp.finish_md, i);
+                            s->s3->tmp.finish_md, md_len);
-                        s->s3->previous_server_finished_len = i;
+                        s->s3->previous_server_finished_len = md_len;
                }
                *(d++) = SSL3_MT_FINISHED;

diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 17368f1107..6d108c295b 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_both.c,v 1.29 2014/09/22 12:36:06 jsing Exp $ */	1	/* $OpenBSD: s3_both.c,v 1.30 2014/09/22 13:18:50 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -153,34 +153,32 @@ int
153	ssl3_send_finished(SSL s, int a, int b, const char sender, int slen)	153	ssl3_send_finished(SSL s, int a, int b, const char sender, int slen)
154	{	154	{
155	unsigned char p, d;	155	unsigned char p, d;
156	int i;
157	unsigned long l;	156	unsigned long l;
		157	int md_len;
158		158
159	if (s->state == a) {	159	if (s->state == a) {
160	d = (unsigned char *)s->init_buf->data;	160	d = (unsigned char *)s->init_buf->data;
161	p = &(d[4]);	161	p = &(d[4]);
162		162
163	i = s->method->ssl3_enc->final_finish_mac(s,	163	md_len = s->method->ssl3_enc->finish_mac_length;
164	sender, slen, s->s3->tmp.finish_md);	164	if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,
165	if (i == 0)	165	s->s3->tmp.finish_md) != md_len)
166	return 0;	166	return (0);
167	s->s3->tmp.finish_md_len = i;	167	s->s3->tmp.finish_md_len = md_len;
168	memcpy(p, s->s3->tmp.finish_md, i);	168	memcpy(p, s->s3->tmp.finish_md, md_len);
169	p += i;	169	p += md_len;
170	l = i;	170	l = md_len;
171		171
172	/* Copy the finished so we can use it for	172	/* Copy finished so we can use it for renegotiation checks. */
173	renegotiation checks */	173	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
174	if (s->type == SSL_ST_CONNECT) {	174	if (s->type == SSL_ST_CONNECT) {
175	OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
176	memcpy(s->s3->previous_client_finished,	175	memcpy(s->s3->previous_client_finished,
177	s->s3->tmp.finish_md, i);	176	s->s3->tmp.finish_md, md_len);
178	s->s3->previous_client_finished_len = i;	177	s->s3->previous_client_finished_len = md_len;
179	} else {	178	} else {
180	OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
181	memcpy(s->s3->previous_server_finished,	179	memcpy(s->s3->previous_server_finished,
182	s->s3->tmp.finish_md, i);	180	s->s3->tmp.finish_md, md_len);
183	s->s3->previous_server_finished_len = i;	181	s->s3->previous_server_finished_len = md_len;
184	}	182	}
185		183
186	*(d++) = SSL3_MT_FINISHED;	184	*(d++) = SSL3_MT_FINISHED;


diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c index 17368f1107..6d108c295b 100644 --- a/src/lib/libssl/src/ssl/s3_both.c +++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_both.c,v 1.29 2014/09/22 12:36:06 jsing Exp $ */	1	/* $OpenBSD: s3_both.c,v 1.30 2014/09/22 13:18:50 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -153,34 +153,32 @@ int
153	ssl3_send_finished(SSL s, int a, int b, const char sender, int slen)	153	ssl3_send_finished(SSL s, int a, int b, const char sender, int slen)
154	{	154	{
155	unsigned char p, d;	155	unsigned char p, d;
156	int i;
157	unsigned long l;	156	unsigned long l;
		157	int md_len;
158		158
159	if (s->state == a) {	159	if (s->state == a) {
160	d = (unsigned char *)s->init_buf->data;	160	d = (unsigned char *)s->init_buf->data;
161	p = &(d[4]);	161	p = &(d[4]);
162		162
163	i = s->method->ssl3_enc->final_finish_mac(s,	163	md_len = s->method->ssl3_enc->finish_mac_length;
164	sender, slen, s->s3->tmp.finish_md);	164	if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,
165	if (i == 0)	165	s->s3->tmp.finish_md) != md_len)
166	return 0;	166	return (0);
167	s->s3->tmp.finish_md_len = i;	167	s->s3->tmp.finish_md_len = md_len;
168	memcpy(p, s->s3->tmp.finish_md, i);	168	memcpy(p, s->s3->tmp.finish_md, md_len);
169	p += i;	169	p += md_len;
170	l = i;	170	l = md_len;
171		171
172	/* Copy the finished so we can use it for	172	/* Copy finished so we can use it for renegotiation checks. */
173	renegotiation checks */	173	OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
174	if (s->type == SSL_ST_CONNECT) {	174	if (s->type == SSL_ST_CONNECT) {
175	OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
176	memcpy(s->s3->previous_client_finished,	175	memcpy(s->s3->previous_client_finished,
177	s->s3->tmp.finish_md, i);	176	s->s3->tmp.finish_md, md_len);
178	s->s3->previous_client_finished_len = i;	177	s->s3->previous_client_finished_len = md_len;
179	} else {	178	} else {
180	OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
181	memcpy(s->s3->previous_server_finished,	179	memcpy(s->s3->previous_server_finished,
182	s->s3->tmp.finish_md, i);	180	s->s3->tmp.finish_md, md_len);
183	s->s3->previous_server_finished_len = i;	181	s->s3->previous_server_finished_len = md_len;
184	}	182	}
185		183
186	*(d++) = SSL3_MT_FINISHED;	184	*(d++) = SSL3_MT_FINISHED;