* [including the GNU Public Licence.]
*/
-#ifndef NO_RSA
+#include "ssl_locl.h"
+#ifndef NO_SSL2
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
-#include "ssl_locl.h"
#include <openssl/evp.h>
static SSL_METHOD *ssl2_get_server_method(int ver);
void (*cb)()=NULL;
int new_state,state;
- RAND_seed(&l,sizeof(l));
+ RAND_add(&l,sizeof(l),0);
ERR_clear_error();
clear_sys_error();
static int get_client_master_key(SSL *s)
{
- int export,i,n,keya,ek;
+ int is_export,i,n,keya,ek;
unsigned char *p;
SSL_CIPHER *cp;
const EVP_CIPHER *c;
&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
- export=SSL_C_IS_EXPORT(s->session->cipher);
+ is_export=SSL_C_IS_EXPORT(s->session->cipher);
if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{
if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
{
- export=1;
+ is_export=1;
ek=8;
}
else
/* If a bad decrypt, continue with protocol but with a
* dud master secret */
if ((i < 0) ||
- ((!export && (i != EVP_CIPHER_key_length(c)))
- || ( export && ((i != ek) || (s->s2->tmp.clear+i !=
+ ((!is_export && (i != EVP_CIPHER_key_length(c)))
+ || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
EVP_CIPHER_key_length(c))))))
{
- if (export)
+ if (is_export)
i=ek;
else
i=EVP_CIPHER_key_length(c);
- RAND_bytes(p,i);
+ RAND_pseudo_bytes(p,i);
}
#else
if (i < 0)
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);
}
/* incorrect number of key bytes for non export cipher */
- else if ((!export && (i != EVP_CIPHER_key_length(c)))
- || ( export && ((i != ek) || (s->s2->tmp.clear+i !=
+ else if ((!is_export && (i != EVP_CIPHER_key_length(c)))
+ || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
EVP_CIPHER_key_length(c)))))
{
error=1;
}
#endif
- if (export) i+=s->s2->tmp.clear;
+ if (is_export) i+=s->s2->tmp.clear;
s->session->master_key_length=i;
memcpy(s->session->master_key,p,(unsigned int)i);
return(1);
/* make and send conn_id */
s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
- RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
+ RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
d+=SSL2_CONNECTION_ID_LENGTH;
s->init_off=0;
}
/* SSL2_ST_SEND_SERVER_HELLO_B */
- /* If we are using TCP/IP, the performace is bad if we do 2
+ /* If we are using TCP/IP, the performance is bad if we do 2
* writes without a read between them. This occurs when
* Session-id reuse is used, so I will put in a buffering module
*/
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
- RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+ RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
- buf2=(unsigned char *)Malloc((unsigned int)i);
+ buf2=OPENSSL_malloc((unsigned int)i);
if (buf2 == NULL)
{
SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
p2=buf2;
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
- Free(buf2);
+ OPENSSL_free(buf2);
pkey=X509_get_pubkey(x509);
if (pkey == NULL) goto end;
X509_free(s->session->peer);
s->session->peer=x509;
CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+ s->session->verify_result = s->verify_result;
ret=1;
goto end;
}
SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
return(i);
}
+#else /* !NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
#endif