Commit 380da53c authored by Paul Bakker's avatar Paul Bakker

- Abstracted checksum updating during handshake

parent ca4ab491
......@@ -342,11 +342,10 @@ struct _ssl_context
* Crypto layer
*/
dhm_context dhm_ctx; /*!< DHM key exchange */
md5_context fin_md5; /*!< Finished MD5 checksum */
sha1_context fin_sha1; /*!< Finished SHA-1 checksum */
sha2_context fin_sha2; /*!< Finished SHA-256 checksum */
sha4_context fin_sha4; /*!< Finished SHA-384 checksum */
unsigned char ctx_checksum[500]; /*!< Checksum context(s) */
void (*update_checksum)(ssl_context *, unsigned char *, size_t);
void (*calc_verify)(ssl_context *, unsigned char *);
void (*calc_finished)(ssl_context *, unsigned char *, int);
int (*tls_prf)(unsigned char *, size_t, char *,
unsigned char *, size_t,
......@@ -737,7 +736,6 @@ int ssl_handshake_client( ssl_context *ssl );
int ssl_handshake_server( ssl_context *ssl );
int ssl_derive_keys( ssl_context *ssl );
void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
int ssl_read_record( ssl_context *ssl );
/**
......@@ -758,6 +756,9 @@ int ssl_write_change_cipher_spec( ssl_context *ssl );
int ssl_parse_finished( ssl_context *ssl );
int ssl_write_finished( ssl_context *ssl );
void ssl_kickstart_checksum( ssl_context *ssl, int ciphersuite,
unsigned char *input_buf, size_t len );
#ifdef __cplusplus
}
#endif
......
......@@ -368,6 +368,11 @@ static int ssl_parse_server_hello( ssl_context *ssl )
i = ( buf[39 + n] << 8 ) | buf[40 + n];
/*
* Initialize update checksum functions
*/
ssl_kickstart_checksum( ssl, i, buf, ssl->in_hslen );
SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
......@@ -940,7 +945,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
/*
* Make an RSA signature of the handshake digests
*/
ssl_calc_verify( ssl, hash );
ssl->calc_verify( ssl, hash );
if ( ssl->rsa_key )
n = ssl->rsa_key->len;
......
......@@ -106,10 +106,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
return( ret );
}
md5_update( &ssl->fin_md5 , buf + 2, n );
sha1_update( &ssl->fin_sha1, buf + 2, n );
sha2_update( &ssl->fin_sha2, buf + 2, n );
sha4_update( &ssl->fin_sha4, buf + 2, n );
ssl->update_checksum( ssl, buf + 2, n );
buf = ssl->in_msg;
n = ssl->in_left - 5;
......@@ -228,10 +225,7 @@ static int ssl_parse_client_hello( ssl_context *ssl )
buf = ssl->in_msg;
n = ssl->in_left - 5;
md5_update( &ssl->fin_md5 , buf, n );
sha1_update( &ssl->fin_sha1, buf, n );
sha2_update( &ssl->fin_sha2, buf, n );
sha4_update( &ssl->fin_sha4, buf, n );
ssl->update_checksum( ssl, buf, n );
/*
* SSL layer:
......@@ -352,6 +346,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
have_ciphersuite:
ssl->session->ciphersuite = ssl->ciphersuites[i];
ssl_kickstart_checksum( ssl, ssl->session->ciphersuite, buf, n );
ssl->in_left = 0;
ssl->state++;
......@@ -912,7 +908,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
{
int ret;
size_t n1, n2;
unsigned char hash[36];
unsigned char hash[48];
SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
......@@ -923,7 +919,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
return( 0 );
}
ssl_calc_verify( ssl, hash );
ssl->calc_verify( ssl, hash );
if( ( ret = ssl_read_record( ssl ) ) != 0 )
{
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment