From f2d9a32cf47ed8c4e4d025a2258154f3dbe5eca6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Thu, 6 Jan 2000 00:24:24 +0000
Subject: [PATCH] Use separate arrays for certificate verify and for finished
 hashes.

---
 CHANGES        |  3 +++
 ssl/s3_both.c  | 37 +++++++++++++++++++++++++++++++++----
 ssl/s3_enc.c   |  4 ++--
 ssl/s3_pkt.c   | 10 ++++++++--
 ssl/s3_srvr.c  |  8 ++++----
 ssl/ssl3.h     | 10 ++++++++--
 ssl/ssl_locl.h |  2 +-
 7 files changed, 59 insertions(+), 15 deletions(-)

diff --git a/CHANGES b/CHANGES
index 073e7f92f5..5572e1fd31 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Clean up 'Finished' handling.
+     [Bodo Moeller]
+
   *) Enhanced support for Alpha Linux is added. Now ./config checks if
      the host supports BWX extension and if Compaq C is present on the
      $PATH. Just exploiting of the BWX extention results in 20-30%
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index a6348b6260..996f05ff48 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <string.h>
 #include <stdio.h>
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
@@ -69,6 +70,19 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 	unsigned char *p,*d;
 	int i;
 	unsigned long l;
+	unsigned char *finish_md;
+	int *finish_md_len;
+
+	if (s->state & SSL_ST_ACCEPT)
+		{
+		finish_md = s->s3->tmp.server_finish_md;
+		finish_md_len = &s->s3->tmp.server_finish_md_len;
+		}
+	else
+		{
+		finish_md = s->s3->tmp.client_finish_md;
+		finish_md_len = &s->s3->tmp.client_finish_md_len;
+		}
 
 	if (s->state == a)
 		{
@@ -78,7 +92,9 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 		i=s->method->ssl3_enc->final_finish_mac(s,
 			&(s->s3->finish_dgst1),
 			&(s->s3->finish_dgst2),
-			sender,slen,p);
+			sender,slen,finish_md);
+		*finish_md_len = i;
+		memcpy(p, finish_md, i);
 		p+=i;
 		l=i;
 
@@ -106,9 +122,22 @@ int ssl3_get_finished(SSL *s, int a, int b)
 	int al,i,ok;
 	long n;
 	unsigned char *p;
+	unsigned char *finish_md;
+	int *finish_md_len;
+
+	if (s->state & SSL_ST_ACCEPT)
+		{
+		finish_md = s->s3->tmp.client_finish_md;
+		finish_md_len = &s->s3->tmp.client_finish_md_len;
+		}
+	else
+		{
+		finish_md = s->s3->tmp.server_finish_md;
+		finish_md_len = &s->s3->tmp.server_finish_md_len;
+		}
 
 	/* the mac has already been generated when we received the
-	 * change cipher spec message and is in s->s3->tmp.finish_md
+	 * change cipher spec message and is in finish_md
 	 */ 
 
 	n=ssl3_get_message(s,
@@ -131,7 +160,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
 
 	p=(unsigned char *)s->init_buf->data;
 
-	i=s->method->ssl3_enc->finish_mac_length;
+	i=*finish_md_len;
 
 	if (i != n)
 		{
@@ -140,7 +169,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
 		goto f_err;
 		}
 
-	if (memcmp(  p,    (char *)&(s->s3->tmp.finish_md[0]),i) != 0)
+	if (memcmp(p, finish_md, i) != 0)
 		{
 		al=SSL_AD_DECRYPT_ERROR;
 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 1ce1c161ec..4caf70878d 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -79,7 +79,7 @@ static unsigned char ssl3_pad_2[48]={
 	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
 
 static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
-	unsigned char *sender, int len, unsigned char *p);
+	const char *sender, int len, unsigned char *p);
 
 static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	{
@@ -423,7 +423,7 @@ int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
 	}
 
 static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
-	     unsigned char *sender, int len, unsigned char *p)
+	     const char *sender, int len, unsigned char *p)
 	{
 	unsigned int ret;
 	int npad,n;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 85b929cb9c..8b8ecdf8df 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -937,6 +937,8 @@ static int do_change_cipher_spec(SSL *s)
 	int i;
 	const char *sender;
 	int slen;
+	unsigned char *finish_md;
+	int *finish_md_len;
 
 	if (s->state & SSL_ST_ACCEPT)
 		i=SSL3_CHANGE_CIPHER_SERVER_READ;
@@ -959,17 +961,21 @@ static int do_change_cipher_spec(SSL *s)
 		{
 		sender=s->method->ssl3_enc->server_finished_label;
 		slen=s->method->ssl3_enc->server_finished_label_len;
+		finish_md = s->s3->tmp.server_finish_md;
+		finish_md_len = &s->s3->tmp.server_finish_md_len;
 		}
 	else
 		{
 		sender=s->method->ssl3_enc->client_finished_label;
 		slen=s->method->ssl3_enc->client_finished_label_len;
+		finish_md = s->s3->tmp.client_finish_md;
+		finish_md_len = &s->s3->tmp.client_finish_md_len;
 		}
 
-	s->method->ssl3_enc->final_finish_mac(s,
+	*finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
 		&(s->s3->finish_dgst1),
 		&(s->s3->finish_dgst2),
-		sender,slen,&(s->s3->tmp.finish_md[0]));
+		sender,slen,finish_md);
 
 	return(1);
 	}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 1a4a98bbd7..9e08b75ee3 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -368,10 +368,10 @@ int ssl3_accept(SSL *s)
 			 * a client cert, it can be verified */ 
 			s->method->ssl3_enc->cert_verify_mac(s,
 				&(s->s3->finish_dgst1),
-				&(s->s3->tmp.finish_md[0]));
+				&(s->s3->tmp.cert_verify_md[0]));
 			s->method->ssl3_enc->cert_verify_mac(s,
 				&(s->s3->finish_dgst2),
-				&(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]));
+				&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
 
 			break;
 
@@ -1484,7 +1484,7 @@ static int ssl3_get_cert_verify(SSL *s)
 #ifndef NO_RSA 
 	if (pkey->type == EVP_PKEY_RSA)
 		{
-		i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md,
+		i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
 			MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, 
 							pkey->pkey.rsa);
 		if (i < 0)
@@ -1506,7 +1506,7 @@ static int ssl3_get_cert_verify(SSL *s)
 		if (pkey->type == EVP_PKEY_DSA)
 		{
 		j=DSA_verify(pkey->save_type,
-			&(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]),
+			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
 			SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
 		if (j <= 0)
 			{
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 41a621bffc..60f33de3a1 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -314,8 +314,14 @@ typedef struct ssl3_ctx_st
 	int in_read_app_data;
 
 	struct	{
-		/* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
-		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+		/* actually only needs to be 16+20 */
+		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
+
+		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+		unsigned char server_finish_md[EVP_MAX_MD_SIZE*2];
+		int server_finish_md_len;
+		unsigned char client_finish_md[EVP_MAX_MD_SIZE*2];
+		int client_finish_md_len;
 		
 		unsigned long message_size;
 		int message_type;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index fbf91054d5..b8f43c20e0 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -442,7 +442,7 @@ int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len);
 int ssl3_part_read(SSL *s, int i);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1,EVP_MD_CTX *ctx2,
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
 	const char *sender, int slen,unsigned char *p);
 int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-- 
GitLab