diff options
Diffstat (limited to 'src/lib/libssl/s3_both.c')
| -rw-r--r-- | src/lib/libssl/s3_both.c | 22 | 
1 files changed, 16 insertions, 6 deletions
| diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index b63460a56d..53b9390fdd 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c | |||
| @@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) | |||
| 161 | 161 | ||
| 162 | i=s->method->ssl3_enc->final_finish_mac(s, | 162 | i=s->method->ssl3_enc->final_finish_mac(s, | 
| 163 | sender,slen,s->s3->tmp.finish_md); | 163 | sender,slen,s->s3->tmp.finish_md); | 
| 164 | if (i == 0) | ||
| 165 | return 0; | ||
| 164 | s->s3->tmp.finish_md_len = i; | 166 | s->s3->tmp.finish_md_len = i; | 
| 165 | memcpy(p, s->s3->tmp.finish_md, i); | 167 | memcpy(p, s->s3->tmp.finish_md, i); | 
| 166 | p+=i; | 168 | p+=i; | 
| @@ -204,10 +206,15 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) | |||
| 204 | 206 | ||
| 205 | #ifndef OPENSSL_NO_NEXTPROTONEG | 207 | #ifndef OPENSSL_NO_NEXTPROTONEG | 
| 206 | /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ | 208 | /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ | 
| 207 | static void ssl3_take_mac(SSL *s) { | 209 | static void ssl3_take_mac(SSL *s) | 
| 210 | { | ||
| 208 | const char *sender; | 211 | const char *sender; | 
| 209 | int slen; | 212 | int slen; | 
| 210 | 213 | /* If no new cipher setup return immediately: other functions will | |
| 214 | * set the appropriate error. | ||
| 215 | */ | ||
| 216 | if (s->s3->tmp.new_cipher == NULL) | ||
| 217 | return; | ||
| 211 | if (s->state & SSL_ST_CONNECT) | 218 | if (s->state & SSL_ST_CONNECT) | 
| 212 | { | 219 | { | 
| 213 | sender=s->method->ssl3_enc->server_finished_label; | 220 | sender=s->method->ssl3_enc->server_finished_label; | 
| @@ -221,7 +228,7 @@ static void ssl3_take_mac(SSL *s) { | |||
| 221 | 228 | ||
| 222 | s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, | 229 | s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, | 
| 223 | sender,slen,s->s3->tmp.peer_finish_md); | 230 | sender,slen,s->s3->tmp.peer_finish_md); | 
| 224 | } | 231 | } | 
| 225 | #endif | 232 | #endif | 
| 226 | 233 | ||
| 227 | int ssl3_get_finished(SSL *s, int a, int b) | 234 | int ssl3_get_finished(SSL *s, int a, int b) | 
| @@ -231,8 +238,9 @@ int ssl3_get_finished(SSL *s, int a, int b) | |||
| 231 | unsigned char *p; | 238 | unsigned char *p; | 
| 232 | 239 | ||
| 233 | #ifdef OPENSSL_NO_NEXTPROTONEG | 240 | #ifdef OPENSSL_NO_NEXTPROTONEG | 
| 234 | /* the mac has already been generated when we received the change | 241 | /* the mac has already been generated when we received the | 
| 235 | * cipher spec message and is in s->s3->tmp.peer_finish_md. */ | 242 | * change cipher spec message and is in s->s3->tmp.peer_finish_md. | 
| 243 | */ | ||
| 236 | #endif | 244 | #endif | 
| 237 | 245 | ||
| 238 | n=s->method->ssl_get_message(s, | 246 | n=s->method->ssl_get_message(s, | 
| @@ -263,7 +271,7 @@ int ssl3_get_finished(SSL *s, int a, int b) | |||
| 263 | goto f_err; | 271 | goto f_err; | 
| 264 | } | 272 | } | 
| 265 | 273 | ||
| 266 | if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) | 274 | if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) | 
| 267 | { | 275 | { | 
| 268 | al=SSL_AD_DECRYPT_ERROR; | 276 | al=SSL_AD_DECRYPT_ERROR; | 
| 269 | SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); | 277 | SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); | 
| @@ -537,12 +545,14 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 537 | s->init_num += i; | 545 | s->init_num += i; | 
| 538 | n -= i; | 546 | n -= i; | 
| 539 | } | 547 | } | 
| 548 | |||
| 540 | #ifndef OPENSSL_NO_NEXTPROTONEG | 549 | #ifndef OPENSSL_NO_NEXTPROTONEG | 
| 541 | /* If receiving Finished, record MAC of prior handshake messages for | 550 | /* If receiving Finished, record MAC of prior handshake messages for | 
| 542 | * Finished verification. */ | 551 | * Finished verification. */ | 
| 543 | if (*s->init_buf->data == SSL3_MT_FINISHED) | 552 | if (*s->init_buf->data == SSL3_MT_FINISHED) | 
| 544 | ssl3_take_mac(s); | 553 | ssl3_take_mac(s); | 
| 545 | #endif | 554 | #endif | 
| 555 | |||
| 546 | /* Feed this message into MAC computation. */ | 556 | /* Feed this message into MAC computation. */ | 
| 547 | ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); | 557 | ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); | 
| 548 | if (s->msg_callback) | 558 | if (s->msg_callback) | 
