*/
#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
+#ifndef NO_SSL2
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/rand.h>
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */
p += 10;
memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
* random master secret (Bleichenbacher attack) */
if ((i < 0) ||
((!is_export && (i != EVP_CIPHER_key_length(c)))
- || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
- EVP_CIPHER_key_length(c))))))
+ || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+ (unsigned int)EVP_CIPHER_key_length(c))))))
{
ERR_clear_error();
if (is_export)
unsigned char *p;
STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
- STACK_OF(SSL_CIPHER) *prio, *allow;
int z;
/* This is a bit of a hack to check for the correct packet
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO */
p += 9;
/* get session-id before cipher stuff so we can get out session
&s->session->ciphers);
if (cs == NULL) goto mem_err;
- cl=SSL_get_ciphers(s);
+ cl=ssl_get_ciphers_by_id(s);
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
- {
- prio=sk_SSL_CIPHER_dup(cl);
- if (prio == NULL) goto mem_err;
- allow = cs;
- }
- else
- {
- prio = cs;
- allow = cl;
- }
- for (z=0; z<sk_SSL_CIPHER_num(prio); z++)
+ for (z=0; z<sk_SSL_CIPHER_num(cs); z++)
{
- if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)
+ if (sk_SSL_CIPHER_find(cl,sk_SSL_CIPHER_value(cs,z)) < 0)
{
- sk_SSL_CIPHER_delete(prio,z);
+ sk_SSL_CIPHER_delete(cs,z);
z--;
}
}
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
- {
- sk_SSL_CIPHER_free(s->session->ciphers);
- s->session->ciphers = prio;
- }
+
/* s->session->ciphers should now have a list of
* ciphers that are on both the client and server.
* This list is ordered by the order the client sent
- * the ciphers or in the order of the server's preference
- * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
+ * the ciphers.
*/
}
p+=s->s2->tmp.cipher_spec_length;
p=(unsigned char *)s->init_buf->data;
if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
{
- i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
- if (i < 3-s->init_num)
+ i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
+ if (i < 1-s->init_num)
return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
- s->init_num = 3;
+ s->init_num += i;
if (*p != SSL2_MT_CLIENT_FINISHED)
{
{
return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
}
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
p += 1;
if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
{
goto end;
}
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR */
-
/* this is the one place where we can recover from an SSL 2.0 error */
if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
}
if (s->init_num != 6)
{
- SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_INTERNAL_ERROR);
goto end;
}
ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
goto end;
}
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
p += 6;
x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
EVP_MD_CTX ctx;
EVP_PKEY *pkey=NULL;
- EVP_MD_CTX_init(&ctx);
- EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
+ EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
EVP_VerifyUpdate(&ctx,s->s2->key_material,
(unsigned int)s->s2->key_material_length);
EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
if (pkey == NULL) goto end;
i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
EVP_PKEY_free(pkey);
- EVP_MD_CTX_cleanup(&ctx);
+ memset(&ctx,0,sizeof(ctx));
if (i)
{
SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
return(i);
}
-#else /* !OPENSSL_NO_SSL2 */
+#else /* !NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;