projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Mention more GCC bugs in ./PROBLEMS.
[oweals/openssl.git]
/
ssl
/
s2_srvr.c
diff --git
a/ssl/s2_srvr.c
b/ssl/s2_srvr.c
index 2efc14bc1a2d6b54f87dcb68ee75b39807dceece..546feb5174d56e238b68de9b206b75b254bdfe41 100644
(file)
--- a/
ssl/s2_srvr.c
+++ b/
ssl/s2_srvr.c
@@
-116,7
+116,6
@@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
-#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);
@@
-499,7
+498,8
@@
static int get_client_master_key(SSL *s)
i=ek;
else
i=EVP_CIPHER_key_length(c);
i=ek;
else
i=EVP_CIPHER_key_length(c);
- RAND_pseudo_bytes(p,i);
+ if (RAND_pseudo_bytes(p,i) <= 0)
+ return 0;
}
#else
if (i < 0)
}
#else
if (i < 0)
@@
-797,7
+797,7
@@
static int server_hello(SSL *s)
/* lets send out the ciphers we like in the
* prefered order */
sk= s->session->ciphers;
/* lets send out the ciphers we like in the
* prefered order */
sk= s->session->ciphers;
- n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d);
+ n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d
,0
);
d+=n;
s2n(n,p); /* add cipher length */
}
d+=n;
s2n(n,p); /* add cipher length */
}
@@
-805,7
+805,8
@@
static int server_hello(SSL *s)
/* make and send conn_id */
s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
/* make and send conn_id */
s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
- RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
+ if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0)
+ return -1;
memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
d+=SSL2_CONNECTION_ID_LENGTH;
memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
d+=SSL2_CONNECTION_ID_LENGTH;
@@
-876,7
+877,7
@@
static int get_client_finished(SSL *s)
if (s->msg_callback)
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
p += 1;
if (s->msg_callback)
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
p += 1;
- if (memcmp(p,s->s2->conn_id,
(unsigned int)
s->s2->conn_id_length) != 0)
+ if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
@@
-937,6
+938,7
@@
static int server_finish(SSL *s)
/* send the request and check the response */
static int request_certificate(SSL *s)
{
/* send the request and check the response */
static int request_certificate(SSL *s)
{
+ const unsigned char *cp;
unsigned char *p,*p2,*buf2;
unsigned char *ccd;
int i,j,ctype,ret= -1;
unsigned char *p,*p2,*buf2;
unsigned char *ccd;
int i,j,ctype,ret= -1;
@@
-950,7
+952,8
@@
static int request_certificate(SSL *s)
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
- RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+ if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
+ return -1;
memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
@@
-1053,7
+1056,8
@@
static int request_certificate(SSL *s)
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
p += 6;
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
p += 6;
- x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
+ cp = p;
+ x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen);
if (x509 == NULL)
{
SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);
if (x509 == NULL)
{
SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);
@@
-1076,7
+1080,7
@@
static int request_certificate(SSL *s)
EVP_MD_CTX_init(&ctx);
EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
EVP_VerifyUpdate(&ctx,s->s2->key_material,
EVP_MD_CTX_init(&ctx);
EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
EVP_VerifyUpdate(&ctx,s->s2->key_material,
-
(unsigned int)
s->s2->key_material_length);
+
s->s2->key_material_length);
EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
@@
-1093,7
+1097,7
@@
static int request_certificate(SSL *s)
pkey=X509_get_pubkey(x509);
if (pkey == NULL) goto end;
pkey=X509_get_pubkey(x509);
if (pkey == NULL) goto end;
- i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
+ i=EVP_VerifyFinal(&ctx,
c
p,s->s2->tmp.rlen,pkey);
EVP_PKEY_free(pkey);
EVP_MD_CTX_cleanup(&ctx);
EVP_PKEY_free(pkey);
EVP_MD_CTX_cleanup(&ctx);