X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs2_clnt.c;h=782129cd5d51f334a914f1c2647970641b8992c5;hb=a0f6e0c1e770dabaaa12d11bb4e9248e42544ed4;hp=1d24dedc918b261552f0b9376079dbd124fa2c43;hpb=8ec16ce7110a9b60bb6a616c4f0ad2df6cb08894;p=oweals%2Fopenssl.git

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 1d24dedc91..782129cd5d 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -116,7 +116,6 @@
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
@@ -138,32 +137,14 @@ static SSL_METHOD *ssl2_get_client_method(int ver)
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv2_client_method(void)
-	{
-	static int init=1;
-	static SSL_METHOD SSLv2_client_data;
-
-	if (init)
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
-
-		if (init)
-			{
-			memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
-				sizeof(SSL_METHOD));
-			SSLv2_client_data.ssl_connect=ssl2_connect;
-			SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
-			init=0;
-			}
-
-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
-		}
-	return(&SSLv2_client_data);
-	}
+IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
+			ssl_undefined_function,
+			ssl2_connect,
+			ssl2_get_client_method)
 
 int ssl2_connect(SSL *s)
 	{
-	unsigned long l=time(NULL);
+	unsigned long l=(unsigned long)time(NULL);
 	BUF_MEM *buf=NULL;
 	int ret= -1;
 	void (*cb)(const SSL *ssl,int type,int val)=NULL;
@@ -485,11 +466,11 @@ static int get_server_hello(SSL *s)
 			return(-1);
 			}
 
-		sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
+		(void)sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
 
 		/* get the array of ciphers we will accept */
 		cl=SSL_get_ciphers(s);
-		sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp);
+		(void)sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp);
 
 		/*
 		 * If server preference flag set, choose the first
@@ -539,7 +520,8 @@ static int get_server_hello(SSL *s)
 		CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
 		}
 
-	if (s->session->peer != s->session->sess_cert->peer_key->x509)
+	if (s->session->sess_cert == NULL 
+      || s->session->peer != s->session->sess_cert->peer_key->x509)
 		/* can't happen */
 		{
 		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
@@ -585,7 +567,7 @@ static int client_hello(SSL *s)
 		s2n(SSL2_VERSION,p);			/* version */
 		n=j=0;
 
-		n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
+		n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0);
 		d+=n;
 
 		if (n == 0)
@@ -613,7 +595,8 @@ static int client_hello(SSL *s)
 		s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
 		s2n(SSL2_CHALLENGE_LENGTH,p);		/* challenge length */
 		/*challenge id data*/
-		RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
+		if (RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0)
+			return -1;
 		memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
 		d+=SSL2_CHALLENGE_LENGTH;
 
@@ -661,14 +644,16 @@ static int client_master_key(SSL *s)
 			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
 			return -1;
 			}
-		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
+		if (i > 0)
+			if (RAND_pseudo_bytes(sess->key_arg,i) <= 0)
+				return -1;
 
 		/* make a master key */
 		i=EVP_CIPHER_key_length(c);
 		sess->master_key_length=i;
 		if (i > 0)
 			{
-			if (i > sizeof sess->master_key)
+			if (i > (int)sizeof(sess->master_key))
 				{
 				ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
 				SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
@@ -688,7 +673,7 @@ static int client_master_key(SSL *s)
 		else
 			enc=i;
 
-		if (i < enc)
+		if ((int)i < enc)
 			{
 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);
@@ -717,7 +702,7 @@ static int client_master_key(SSL *s)
 		d+=enc;
 		karg=sess->key_arg_length;	
 		s2n(karg,p); /* key arg size */
-		if (karg > sizeof sess->key_arg)
+		if (karg > (int)sizeof(sess->key_arg))
 			{
 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
@@ -1035,7 +1020,7 @@ static int get_server_finished(SSL *s)
 	}
 
 /* loads in the certificate from the server */
-int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
+int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
 	{
 	STACK_OF(X509) *sk=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -1059,7 +1044,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
 
 	i=ssl_verify_cert_chain(s,sk);
 		
-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
 		{
 		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
 		goto err;