Loading CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] *) Clean up 'Finished' handling. [Bodo Moeller] *) Enhanced support for Alpha Linux is added. Now ./config checks if the host supports BWX extension and if Compaq C is present on the $PATH. Just exploiting of the BWX extention results in 20-30% Loading ssl/s3_both.c +33 −4 Original line number Diff line number Diff line Loading @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ #include <string.h> #include <stdio.h> #include <openssl/buffer.h> #include <openssl/rand.h> Loading @@ -69,6 +70,19 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) unsigned char *p,*d; int i; unsigned long l; unsigned char *finish_md; int *finish_md_len; if (s->state & SSL_ST_ACCEPT) { finish_md = s->s3->tmp.server_finish_md; finish_md_len = &s->s3->tmp.server_finish_md_len; } else { finish_md = s->s3->tmp.client_finish_md; finish_md_len = &s->s3->tmp.client_finish_md_len; } if (s->state == a) { Loading @@ -78,7 +92,9 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) i=s->method->ssl3_enc->final_finish_mac(s, &(s->s3->finish_dgst1), &(s->s3->finish_dgst2), sender,slen,p); sender,slen,finish_md); *finish_md_len = i; memcpy(p, finish_md, i); p+=i; l=i; Loading Loading @@ -106,9 +122,22 @@ int ssl3_get_finished(SSL *s, int a, int b) int al,i,ok; long n; unsigned char *p; unsigned char *finish_md; int *finish_md_len; if (s->state & SSL_ST_ACCEPT) { finish_md = s->s3->tmp.client_finish_md; finish_md_len = &s->s3->tmp.client_finish_md_len; } else { finish_md = s->s3->tmp.server_finish_md; finish_md_len = &s->s3->tmp.server_finish_md_len; } /* the mac has already been generated when we received the * change cipher spec message and is in s->s3->tmp.finish_md * change cipher spec message and is in finish_md */ n=ssl3_get_message(s, Loading @@ -131,7 +160,7 @@ int ssl3_get_finished(SSL *s, int a, int b) p=(unsigned char *)s->init_buf->data; i=s->method->ssl3_enc->finish_mac_length; i=*finish_md_len; if (i != n) { Loading @@ -140,7 +169,7 @@ int ssl3_get_finished(SSL *s, int a, int b) goto f_err; } if (memcmp( p, (char *)&(s->s3->tmp.finish_md[0]),i) != 0) if (memcmp(p, finish_md, i) != 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); Loading ssl/s3_enc.c +2 −2 Original line number Diff line number Diff line Loading @@ -79,7 +79,7 @@ static unsigned char ssl3_pad_2[48]={ 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *sender, int len, unsigned char *p); const char *sender, int len, unsigned char *p); static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { Loading Loading @@ -423,7 +423,7 @@ int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, } static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *sender, int len, unsigned char *p) const char *sender, int len, unsigned char *p) { unsigned int ret; int npad,n; Loading ssl/s3_pkt.c +8 −2 Original line number Diff line number Diff line Loading @@ -937,6 +937,8 @@ static int do_change_cipher_spec(SSL *s) int i; const char *sender; int slen; unsigned char *finish_md; int *finish_md_len; if (s->state & SSL_ST_ACCEPT) i=SSL3_CHANGE_CIPHER_SERVER_READ; Loading @@ -959,17 +961,21 @@ static int do_change_cipher_spec(SSL *s) { sender=s->method->ssl3_enc->server_finished_label; slen=s->method->ssl3_enc->server_finished_label_len; finish_md = s->s3->tmp.server_finish_md; finish_md_len = &s->s3->tmp.server_finish_md_len; } else { sender=s->method->ssl3_enc->client_finished_label; slen=s->method->ssl3_enc->client_finished_label_len; finish_md = s->s3->tmp.client_finish_md; finish_md_len = &s->s3->tmp.client_finish_md_len; } s->method->ssl3_enc->final_finish_mac(s, *finish_md_len = s->method->ssl3_enc->final_finish_mac(s, &(s->s3->finish_dgst1), &(s->s3->finish_dgst2), sender,slen,&(s->s3->tmp.finish_md[0])); sender,slen,finish_md); return(1); } Loading ssl/s3_srvr.c +4 −4 Original line number Diff line number Diff line Loading @@ -368,10 +368,10 @@ int ssl3_accept(SSL *s) * a client cert, it can be verified */ s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst1), &(s->s3->tmp.finish_md[0])); &(s->s3->tmp.cert_verify_md[0])); s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst2), &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH])); &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); break; Loading Loading @@ -1484,7 +1484,7 @@ static int ssl3_get_cert_verify(SSL *s) #ifndef NO_RSA if (pkey->type == EVP_PKEY_RSA) { i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md, i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, pkey->pkey.rsa); if (i < 0) Loading @@ -1506,7 +1506,7 @@ static int ssl3_get_cert_verify(SSL *s) if (pkey->type == EVP_PKEY_DSA) { j=DSA_verify(pkey->save_type, &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]), &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); if (j <= 0) { Loading Loading
CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] *) Clean up 'Finished' handling. [Bodo Moeller] *) Enhanced support for Alpha Linux is added. Now ./config checks if the host supports BWX extension and if Compaq C is present on the $PATH. Just exploiting of the BWX extention results in 20-30% Loading
ssl/s3_both.c +33 −4 Original line number Diff line number Diff line Loading @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ #include <string.h> #include <stdio.h> #include <openssl/buffer.h> #include <openssl/rand.h> Loading @@ -69,6 +70,19 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) unsigned char *p,*d; int i; unsigned long l; unsigned char *finish_md; int *finish_md_len; if (s->state & SSL_ST_ACCEPT) { finish_md = s->s3->tmp.server_finish_md; finish_md_len = &s->s3->tmp.server_finish_md_len; } else { finish_md = s->s3->tmp.client_finish_md; finish_md_len = &s->s3->tmp.client_finish_md_len; } if (s->state == a) { Loading @@ -78,7 +92,9 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) i=s->method->ssl3_enc->final_finish_mac(s, &(s->s3->finish_dgst1), &(s->s3->finish_dgst2), sender,slen,p); sender,slen,finish_md); *finish_md_len = i; memcpy(p, finish_md, i); p+=i; l=i; Loading Loading @@ -106,9 +122,22 @@ int ssl3_get_finished(SSL *s, int a, int b) int al,i,ok; long n; unsigned char *p; unsigned char *finish_md; int *finish_md_len; if (s->state & SSL_ST_ACCEPT) { finish_md = s->s3->tmp.client_finish_md; finish_md_len = &s->s3->tmp.client_finish_md_len; } else { finish_md = s->s3->tmp.server_finish_md; finish_md_len = &s->s3->tmp.server_finish_md_len; } /* the mac has already been generated when we received the * change cipher spec message and is in s->s3->tmp.finish_md * change cipher spec message and is in finish_md */ n=ssl3_get_message(s, Loading @@ -131,7 +160,7 @@ int ssl3_get_finished(SSL *s, int a, int b) p=(unsigned char *)s->init_buf->data; i=s->method->ssl3_enc->finish_mac_length; i=*finish_md_len; if (i != n) { Loading @@ -140,7 +169,7 @@ int ssl3_get_finished(SSL *s, int a, int b) goto f_err; } if (memcmp( p, (char *)&(s->s3->tmp.finish_md[0]),i) != 0) if (memcmp(p, finish_md, i) != 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); Loading
ssl/s3_enc.c +2 −2 Original line number Diff line number Diff line Loading @@ -79,7 +79,7 @@ static unsigned char ssl3_pad_2[48]={ 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c }; static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *sender, int len, unsigned char *p); const char *sender, int len, unsigned char *p); static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { Loading Loading @@ -423,7 +423,7 @@ int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, } static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *sender, int len, unsigned char *p) const char *sender, int len, unsigned char *p) { unsigned int ret; int npad,n; Loading
ssl/s3_pkt.c +8 −2 Original line number Diff line number Diff line Loading @@ -937,6 +937,8 @@ static int do_change_cipher_spec(SSL *s) int i; const char *sender; int slen; unsigned char *finish_md; int *finish_md_len; if (s->state & SSL_ST_ACCEPT) i=SSL3_CHANGE_CIPHER_SERVER_READ; Loading @@ -959,17 +961,21 @@ static int do_change_cipher_spec(SSL *s) { sender=s->method->ssl3_enc->server_finished_label; slen=s->method->ssl3_enc->server_finished_label_len; finish_md = s->s3->tmp.server_finish_md; finish_md_len = &s->s3->tmp.server_finish_md_len; } else { sender=s->method->ssl3_enc->client_finished_label; slen=s->method->ssl3_enc->client_finished_label_len; finish_md = s->s3->tmp.client_finish_md; finish_md_len = &s->s3->tmp.client_finish_md_len; } s->method->ssl3_enc->final_finish_mac(s, *finish_md_len = s->method->ssl3_enc->final_finish_mac(s, &(s->s3->finish_dgst1), &(s->s3->finish_dgst2), sender,slen,&(s->s3->tmp.finish_md[0])); sender,slen,finish_md); return(1); } Loading
ssl/s3_srvr.c +4 −4 Original line number Diff line number Diff line Loading @@ -368,10 +368,10 @@ int ssl3_accept(SSL *s) * a client cert, it can be verified */ s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst1), &(s->s3->tmp.finish_md[0])); &(s->s3->tmp.cert_verify_md[0])); s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst2), &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH])); &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); break; Loading Loading @@ -1484,7 +1484,7 @@ static int ssl3_get_cert_verify(SSL *s) #ifndef NO_RSA if (pkey->type == EVP_PKEY_RSA) { i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md, i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, pkey->pkey.rsa); if (i < 0) Loading @@ -1506,7 +1506,7 @@ static int ssl3_get_cert_verify(SSL *s) if (pkey->type == EVP_PKEY_DSA) { j=DSA_verify(pkey->save_type, &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]), &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); if (j <= 0) { Loading
