X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fd1_clnt.c;h=1826226ebe36c64adc651106f95ca7245108e28a;hb=67c8e7f41486934b6809673b6d836d38eaf2383b;hp=f985afdb3eff5a35c978a515b27df31046ec41c7;hpb=09b6c2ef15139aa6ef2cee11676070939dd37817;p=oweals%2Fopenssl.git diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index f985afdb3e..1826226ebe 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -4,7 +4,7 @@ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -144,7 +144,7 @@ IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, int dtls1_connect(SSL *s) { BUF_MEM *buf=NULL; - unsigned long Time=time(NULL),l; + unsigned long Time=(unsigned long)time(NULL); long num1; void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; @@ -274,7 +274,7 @@ int dtls1_connect(SSL *s) case SSL3_ST_CR_CERT_A: case SSL3_ST_CR_CERT_B: /* Check if it is anon DH */ - if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) + if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) { ret=ssl3_get_server_certificate(s); if (ret <= 0) goto end; @@ -335,7 +335,6 @@ int dtls1_connect(SSL *s) case SSL3_ST_CW_KEY_EXCH_B: ret=dtls1_send_client_key_exchange(s); if (ret <= 0) goto end; - l=s->s3->tmp.new_cipher->algorithms; /* EAY EAY EAY need to check for DH fix cert * sent back */ /* For TLS, cert_req is set to 2, so a cert chain @@ -544,7 +543,7 @@ int dtls1_client_hello(SSL *s) /* else use the pre-loaded session */ p=s->s3->client_random; - Time=time(NULL); /* Time */ + Time=(unsigned long)time(NULL); /* Time */ l2n(Time,p); RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); @@ -684,7 +683,7 @@ int dtls1_send_client_key_exchange(SSL *s) { unsigned char *p,*d; int n; - unsigned long l; + unsigned long alg_k; #ifndef OPENSSL_NO_RSA unsigned char *q; EVP_PKEY *pkey=NULL; @@ -697,13 +696,13 @@ int dtls1_send_client_key_exchange(SSL *s) { d=(unsigned char *)s->init_buf->data; p= &(d[DTLS1_HM_HEADER_LENGTH]); - - l=s->s3->tmp.new_cipher->algorithms; + + alg_k=s->s3->tmp.new_cipher->algorithm_mkey; /* Fool emacs indentation */ if (0) {} #ifndef OPENSSL_NO_RSA - else if (l & SSL_kRSA) + else if (alg_k & SSL_kRSA) { RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; @@ -762,7 +761,7 @@ int dtls1_send_client_key_exchange(SSL *s) } #endif #ifndef OPENSSL_NO_KRB5 - else if (l & SSL_kKRB5) + else if (alg_k & SSL_kKRB5) { krb5_error_code krb5rc; KSSL_CTX *kssl_ctx = s->kssl_ctx; @@ -781,7 +780,7 @@ int dtls1_send_client_key_exchange(SSL *s) #ifdef KSSL_DEBUG printf("ssl3_send_client_key_exchange(%lx & %lx)\n", - l, SSL_kKRB5); + alg_k, SSL_kKRB5); #endif /* KSSL_DEBUG */ authp = NULL; @@ -894,7 +893,7 @@ int dtls1_send_client_key_exchange(SSL *s) } #endif #ifndef OPENSSL_NO_DH - else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) + else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { DH *dh_srvr,*dh_clnt; @@ -999,14 +998,16 @@ int dtls1_send_client_verify(SSL *s) p= &(d[DTLS1_HM_HEADER_LENGTH]); pkey=s->cert->key->privatekey; - s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), + s->method->ssl3_enc->cert_verify_mac(s, + NID_sha1, &(data[MD5_DIGEST_LENGTH])); #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { s->method->ssl3_enc->cert_verify_mac(s, - &(s->s3->finish_dgst1),&(data[0])); + NID_md5, + &(data[0])); if (RSA_sign(NID_md5_sha1, data, MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, &(p[2]), &u, pkey->pkey.rsa) <= 0 )