Including openssl/e_os.h in the OpenSSL 0.9.6 branch is legal, since

[oweals/openssl.git] / ssl / s2_srvr.c

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index ea07852d1aa50e81c64e8e6e845654aa701f58bb..af58b25071f4dcbd399f33db06e1360616fabaef 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -110,7 +110,7 @@
  */
 
 #include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
+#ifndef NO_SSL2
 #include <stdio.h>
 #include <openssl/bio.h>
 #include <openssl/rand.h>
@@ -432,8 +432,6 @@ static int get_client_master_key(SSL *s)
        n = (int)len - s->init_num;
        i = ssl2_read(s,(char *)&(p[s->init_num]),n);
        if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
-       if (s->msg_callback)
-               s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */
        p += 10;
 
        memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
@@ -472,8 +470,8 @@ static int get_client_master_key(SSL *s)
         * random master secret (Bleichenbacher attack) */
        if ((i < 0) ||
                ((!is_export && (i != EVP_CIPHER_key_length(c)))
-               || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
-                       EVP_CIPHER_key_length(c))))))
+               || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+                       (unsigned int)EVP_CIPHER_key_length(c))))))
                {
                ERR_clear_error();
                if (is_export)
@@ -516,7 +514,6 @@ static int get_client_hello(SSL *s)
        unsigned char *p;
        STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
        STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
-       STACK_OF(SSL_CIPHER) *prio, *allow;
        int z;
 
        /* This is a bit of a hack to check for the correct packet
@@ -571,8 +568,6 @@ static int get_client_hello(SSL *s)
        n = (int)len - s->init_num;
        i = ssl2_read(s,(char *)&(p[s->init_num]),n);
        if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
-       if (s->msg_callback)
-               s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO */
        p += 9;
 
        /* get session-id before cipher stuff so we can get out session
@@ -630,37 +625,21 @@ static int get_client_hello(SSL *s)
                        &s->session->ciphers);
                if (cs == NULL) goto mem_err;
 
-               cl=SSL_get_ciphers(s);
+               cl=ssl_get_ciphers_by_id(s);
 
-               if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-                   {
-                   prio=sk_SSL_CIPHER_dup(cl);
-                   if (prio == NULL) goto mem_err;
-                   allow = cs;
-                   }
-               else
-                   {
-                   prio = cs;
-                   allow = cl;
-                   }
-               for (z=0; z<sk_SSL_CIPHER_num(prio); z++)
+               for (z=0; z<sk_SSL_CIPHER_num(cs); z++)
                        {
-                       if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)
+                       if (sk_SSL_CIPHER_find(cl,sk_SSL_CIPHER_value(cs,z)) < 0)
                                {
-                               sk_SSL_CIPHER_delete(prio,z);
+                               sk_SSL_CIPHER_delete(cs,z);
                                z--;
                                }
                        }
-               if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-                   {
-                   sk_SSL_CIPHER_free(s->session->ciphers);
-                   s->session->ciphers = prio;
-                   }
+
                /* s->session->ciphers should now have a list of
                 * ciphers that are on both the client and server.
                 * This list is ordered by the order the client sent
-                * the ciphers or in the order of the server's preference
-                * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
+                * the ciphers.
                 */
                }
        p+=s->s2->tmp.cipher_spec_length;
@@ -801,10 +780,10 @@ static int get_client_finished(SSL *s)
        p=(unsigned char *)s->init_buf->data;
        if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
                {
-               i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
-               if (i < 3-s->init_num)
+               i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
+               if (i < 1-s->init_num)
                        return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
-               s->init_num = 3;
+               s->init_num += i;
 
                if (*p != SSL2_MT_CLIENT_FINISHED)
                        {
@@ -828,8 +807,6 @@ static int get_client_finished(SSL *s)
                {
                return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
                }
-       if (s->msg_callback)
-               s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
        p += 1;
        if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
                {
@@ -940,9 +917,6 @@ static int request_certificate(SSL *s)
                                goto end;
                                }
 
-                       if (s->msg_callback)
-                               s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR */
-
                        /* this is the one place where we can recover from an SSL 2.0 error */
 
                        if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
@@ -962,7 +936,7 @@ static int request_certificate(SSL *s)
                        }
                if (s->init_num != 6)
                        {
-                       SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+                       SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_INTERNAL_ERROR);
                        goto end;
                        }
                
@@ -995,8 +969,6 @@ static int request_certificate(SSL *s)
                ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
                goto end;
                }
-       if (s->msg_callback)
-               s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
        p += 6;
 
        x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
@@ -1019,8 +991,7 @@ static int request_certificate(SSL *s)
                EVP_MD_CTX ctx;
                EVP_PKEY *pkey=NULL;
 
-               EVP_MD_CTX_init(&ctx);
-               EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
+               EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
                EVP_VerifyUpdate(&ctx,s->s2->key_material,
                        (unsigned int)s->s2->key_material_length);
                EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
@@ -1041,7 +1012,7 @@ static int request_certificate(SSL *s)
                if (pkey == NULL) goto end;
                i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
                EVP_PKEY_free(pkey);
-               EVP_MD_CTX_cleanup(&ctx);
+               memset(&ctx,0,sizeof(ctx));
 
                if (i) 
                        {
@@ -1094,7 +1065,7 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
                SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
        return(i);
        }
-#else /* !OPENSSL_NO_SSL2 */
+#else /* !NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;