Use less complicated arrangement for data strutures related to Finished

messages.

ssl/s3_both.c

@@ -70,19 +70,6 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 	unsigned char *p,*d;
 	int i;
 	unsigned long l;
-	unsigned char *finish_md;
-	int *finish_md_len;
-
-	if (s->state & SSL_ST_ACCEPT)
-		{
-		finish_md = s->s3->tmp.server_finish_md;
-		finish_md_len = &s->s3->tmp.server_finish_md_len;
-		}
-	else
-		{
-		finish_md = s->s3->tmp.client_finish_md;
-		finish_md_len = &s->s3->tmp.client_finish_md_len;
-		}
 
 	if (s->state == a)
 		{
@@ -92,9 +79,9 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 		i=s->method->ssl3_enc->final_finish_mac(s,
 			&(s->s3->finish_dgst1),
 			&(s->s3->finish_dgst2),
-			sender,slen,finish_md);
-		*finish_md_len = i;
-		memcpy(p, finish_md, i);
+			sender,slen,s->s3->tmp.finish_md);
+		s->s3->tmp.finish_md_len = i;
+		memcpy(p, s->s3->tmp.finish_md, i);
 		p+=i;
 		l=i;
 
@@ -122,22 +109,9 @@ int ssl3_get_finished(SSL *s, int a, int b)
 	int al,i,ok;
 	long n;
 	unsigned char *p;
-	unsigned char *finish_md;
-	int *finish_md_len;
-
-	if (s->state & SSL_ST_ACCEPT)
-		{
-		finish_md = s->s3->tmp.client_finish_md;
-		finish_md_len = &s->s3->tmp.client_finish_md_len;
-		}
-	else
-		{
-		finish_md = s->s3->tmp.server_finish_md;
-		finish_md_len = &s->s3->tmp.server_finish_md_len;
-		}
 
 	/* the mac has already been generated when we received the
-	 * change cipher spec message and is in finish_md
+	 * change cipher spec message and is in s->s3->tmp.peer_finish_md
 	 */ 
 
 	n=ssl3_get_message(s,
@@ -158,9 +132,8 @@ int ssl3_get_finished(SSL *s, int a, int b)
 		}
 	s->s3->change_cipher_spec=0;
 
-	p=(unsigned char *)s->init_buf->data;
-
-	i=*finish_md_len;
+	p = (unsigned char *)s->init_buf->data;
+	i = s->s3->tmp.peer_finish_md_len;
 
 	if (i != n)
 		{
@@ -169,7 +142,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
 		goto f_err;
 		}
 
-	if (memcmp(p, finish_md, i) != 0)
+	if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
 		{
 		al=SSL_AD_DECRYPT_ERROR;
 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);

ssl/s3_pkt.c

@@ -937,8 +937,6 @@ static int do_change_cipher_spec(SSL *s)
 	int i;
 	const char *sender;
 	int slen;
-	unsigned char *finish_md;
-	int *finish_md_len;
 
 	if (s->state & SSL_ST_ACCEPT)
 		i=SSL3_CHANGE_CIPHER_SERVER_READ;
@@ -961,21 +959,17 @@ static int do_change_cipher_spec(SSL *s)
 		{
 		sender=s->method->ssl3_enc->server_finished_label;
 		slen=s->method->ssl3_enc->server_finished_label_len;
-		finish_md = s->s3->tmp.server_finish_md;
-		finish_md_len = &s->s3->tmp.server_finish_md_len;
 		}
 	else
 		{
 		sender=s->method->ssl3_enc->client_finished_label;
 		slen=s->method->ssl3_enc->client_finished_label_len;
-		finish_md = s->s3->tmp.client_finish_md;
-		finish_md_len = &s->s3->tmp.client_finish_md_len;
 		}
 
-	*finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
 		&(s->s3->finish_dgst1),
 		&(s->s3->finish_dgst2),
-		sender,slen,finish_md);
+		sender,slen,s->s3->tmp.peer_finish_md);
 
 	return(1);
 	}

ssl/ssl3.h

@@ -318,10 +318,10 @@ typedef struct ssl3_ctx_st
 		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
 
 		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
-		unsigned char server_finish_md[EVP_MAX_MD_SIZE*2];
-		int server_finish_md_len;
-		unsigned char client_finish_md[EVP_MAX_MD_SIZE*2];
-		int client_finish_md_len;
+		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+		int finish_md_len;
+		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
+		int peer_finish_md_len;
 		
 		unsigned long message_size;
 		int message_type;