*hash = NULL;
}
+/* Retrieve handshake hashes */
+int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen)
+{
+ unsigned char *p = out;
+ int idx, ret = 0;
+ long mask;
+ EVP_MD_CTX ctx;
+ const EVP_MD *md;
+ EVP_MD_CTX_init(&ctx);
+ for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
+ if (mask & ssl_get_algorithm2(s)) {
+ int hashsize = EVP_MD_size(md);
+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+ if (!hdgst || hashsize < 0 || hashsize > outlen)
+ goto err;
+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst))
+ goto err;
+ if (!EVP_DigestFinal_ex(&ctx, p, NULL))
+ goto err;
+ p += hashsize;
+ outlen -= hashsize;
+ }
+ }
+ ret = p - out;
+ err:
+ EVP_MD_CTX_cleanup(&ctx);
+ return ret;
+}
+
void SSL_set_debug(SSL *s, int debug)
{
s->debug = debug;
return ((int)ret);
}
-int tls1_final_finish_mac(SSL *s,
- const char *str, int slen, unsigned char *out)
+int tls1_final_finish_mac(SSL *s, const char *str, int slen,
+ unsigned char *out)
{
- unsigned int i;
- EVP_MD_CTX ctx;
- unsigned char buf[2 * EVP_MAX_MD_SIZE];
- unsigned char *q, buf2[12];
- int idx;
- long mask;
- int err = 0;
- const EVP_MD *md;
-
- q = buf;
+ int hashlen;
+ unsigned char hash[2 * EVP_MAX_MD_SIZE];
+ unsigned char buf2[12];
if (s->s3->handshake_buffer)
if (!ssl3_digest_cached_records(s))
return 0;
- EVP_MD_CTX_init(&ctx);
+ hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
- for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
- if (mask & ssl_get_algorithm2(s)) {
- int hashsize = EVP_MD_size(md);
- EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
- if (!hdgst || hashsize < 0
- || hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
- /*
- * internal error: 'buf' is too small for this cipersuite!
- */
- err = 1;
- } else {
- if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
- !EVP_DigestFinal_ex(&ctx, q, &i) ||
- (i != (unsigned int)hashsize))
- err = 1;
- q += hashsize;
- }
- }
- }
+ if (hashlen == 0)
+ return 0;
if (!tls1_PRF(ssl_get_algorithm2(s),
- str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0,
+ str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0,
s->session->master_key, s->session->master_key_length,
out, buf2, sizeof buf2))
- err = 1;
- EVP_MD_CTX_cleanup(&ctx);
-
- if (err)
return 0;
- else
- return sizeof buf2;
+ return sizeof buf2;
}
int tls1_mac(SSL *ssl, unsigned char *md, int send)