X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs2_srvr.c;h=10de5ec3dbce88c50d1e42e8f087ee0b66e1d868;hb=794103d28517f5f3fd97fd7d1905f5bd8e897148;hp=e219ae5e325f843bc5ff3094eda91f571f9ebbcb;hpb=752d706aaf651ce87368bc826a3035a6a4f31190;p=oweals%2Fopenssl.git diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index e219ae5e32..10de5ec3db 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -56,12 +56,12 @@ * [including the GNU Public Licence.] */ -#ifndef NO_RSA +#include "ssl_locl.h" +#ifndef OPENSSL_NO_SSL2 #include #include #include #include -#include "ssl_locl.h" #include static SSL_METHOD *ssl2_get_server_method(int ver); @@ -109,7 +109,7 @@ int ssl2_accept(SSL *s) void (*cb)()=NULL; int new_state,state; - RAND_seed(&l,sizeof(l)); + RAND_add(&l,sizeof(l),0); ERR_clear_error(); clear_sys_error(); @@ -415,7 +415,7 @@ static int get_client_master_key(SSL *s) i=ek; else i=EVP_CIPHER_key_length(c); - RAND_bytes(p,i); + RAND_pseudo_bytes(p,i); } #else if (i < 0) @@ -450,6 +450,7 @@ static int get_client_hello(SSL *s) unsigned char *p; STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */ STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */ + STACK_OF(SSL_CIPHER) *prio, *allow; int z; /* This is a bit of a hack to check for the correct packet @@ -555,21 +556,37 @@ static int get_client_hello(SSL *s) &s->session->ciphers); if (cs == NULL) goto mem_err; - cl=ssl_get_ciphers_by_id(s); + cl=SSL_get_ciphers(s); - for (z=0; zoptions & SSL_OP_CIPHER_SERVER_PREFERENCE) + { + prio=sk_SSL_CIPHER_dup(cl); + if (prio == NULL) goto mem_err; + allow = cs; + } + else + { + prio = cs; + allow = cl; + } + for (z=0; zoptions & SSL_OP_CIPHER_SERVER_PREFERENCE) + { + sk_SSL_CIPHER_free(s->session->ciphers); + s->session->ciphers = prio; + } /* s->session->ciphers should now have a list of * ciphers that are on both the client and server. * This list is ordered by the order the client sent - * the ciphers. + * the ciphers or in the order of the server's preference + * if SSL_OP_CIPHER_SERVER_PREFERENCE was set. */ } p+=s->s2->tmp.cipher_spec_length; @@ -680,7 +697,7 @@ static int server_hello(SSL *s) /* make and send conn_id */ s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */ s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH; - RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length); + RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length); memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH); d+=SSL2_CONNECTION_ID_LENGTH; @@ -689,7 +706,7 @@ static int server_hello(SSL *s) s->init_off=0; } /* SSL2_ST_SEND_SERVER_HELLO_B */ - /* If we are using TCP/IP, the performace is bad if we do 2 + /* If we are using TCP/IP, the performance is bad if we do 2 * writes without a read between them. This occurs when * Session-id reuse is used, so I will put in a buffering module */ @@ -798,7 +815,7 @@ static int request_certificate(SSL *s) p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_REQUEST_CERTIFICATE; *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION; - RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); + RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B; @@ -898,7 +915,7 @@ static int request_certificate(SSL *s) EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); - buf2=(unsigned char *)Malloc((unsigned int)i); + buf2=OPENSSL_malloc((unsigned int)i); if (buf2 == NULL) { SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE); @@ -907,7 +924,7 @@ static int request_certificate(SSL *s) p2=buf2; i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2); EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i); - Free(buf2); + OPENSSL_free(buf2); pkey=X509_get_pubkey(x509); if (pkey == NULL) goto end; @@ -966,7 +983,7 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from, SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); return(i); } -#else /* !NO_RSA */ +#else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy;