X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Fs2_lib.c;h=a454cac9f1ca5a0b5948f3dc69cddcb2661b34b9;hb=3ff55e9680cc99f330f25e48cd1422e3459c02de;hp=096e38d316d8948c4731d11433266024b20bf098;hpb=54a656ef081f72a740c550ebd8099b40b8b5cde0;p=openssl.git

diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index 096e38d316..a454cac9f1 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -59,17 +59,15 @@
 #include "ssl_locl.h"
 #ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
-#include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-#include "cryptlib.h"
 
-static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
 
 #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
 
+/* list of available SSLv2 ciphers (sorted by id) */
 OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 /* NULL_WITH_MD5 v3 */
 #if 0
@@ -86,19 +84,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL_ALL_STRENGTHS,
 	},
 #endif
-/* RC4_128_EXPORT40_WITH_MD5 */
-	{
-	1,
-	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
-	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
-	SSL_EXPORT|SSL_EXP40,
-	SSL2_CF_5_BYTE_ENC,
-	40,
-	128,
-	SSL_ALL_CIPHERS,
-	SSL_ALL_STRENGTHS,
-	},
 /* RC4_128_WITH_MD5 */
 	{
 	1,
@@ -112,12 +97,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL_ALL_CIPHERS,
 	SSL_ALL_STRENGTHS,
 	},
-/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+/* RC4_128_EXPORT40_WITH_MD5 */
 	{
 	1,
-	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
-	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
+	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
 	SSL_EXPORT|SSL_EXP40,
 	SSL2_CF_5_BYTE_ENC,
 	40,
@@ -138,7 +123,21 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL_ALL_CIPHERS,
 	SSL_ALL_STRENGTHS,
 	},
+/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+	{
+	1,
+	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
+	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
+	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+	SSL_EXPORT|SSL_EXP40,
+	SSL2_CF_5_BYTE_ENC,
+	40,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
 /* IDEA_128_CBC_WITH_MD5 */
+#ifndef OPENSSL_NO_IDEA
 	{
 	1,
 	SSL2_TXT_IDEA_128_CBC_WITH_MD5,
@@ -151,6 +150,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL_ALL_CIPHERS,
 	SSL_ALL_STRENGTHS,
 	},
+#endif
 /* DES_64_CBC_WITH_MD5 */
 	{
 	1,
@@ -178,7 +178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 	SSL_ALL_STRENGTHS,
 	},
 /* RC4_64_WITH_MD5 */
-#if 1
+#if 0
 	{
 	1,
 	SSL2_TXT_RC4_64_WITH_MD5,
@@ -211,44 +211,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 /* end of list :-) */
 	};
 
-static SSL_METHOD SSLv2_data= {
-	SSL2_VERSION,
-	ssl2_new,	/* local */
-	ssl2_clear,	/* local */
-	ssl2_free,	/* local */
-	ssl_undefined_function,
-	ssl_undefined_function,
-	ssl2_read,
-	ssl2_peek,
-	ssl2_write,
-	ssl2_shutdown,
-	ssl_ok,	/* NULL - renegotiate */
-	ssl_ok,	/* NULL - check renegotiate */
-	ssl2_ctrl,	/* local */
-	ssl2_ctx_ctrl,	/* local */
-	ssl2_get_cipher_by_char,
-	ssl2_put_cipher_by_char,
-	ssl2_pending,
-	ssl2_num_ciphers,
-	ssl2_get_cipher,
-	ssl_bad_method,
-	ssl2_default_timeout,
-	&ssl3_undef_enc_method,
-	ssl_undefined_function,
-	ssl2_callback_ctrl,	/* local */
-	ssl2_ctx_callback_ctrl,	/* local */
-	};
-
-static long ssl2_default_timeout(void)
+long ssl2_default_timeout(void)
 	{
 	return(300);
 	}
 
-SSL_METHOD *sslv2_base_method(void)
-	{
-	return(&SSLv2_data);
-	}
-
 int ssl2_num_ciphers(void)
 	{
 	return(SSL2_NUM_CIPHERS);
@@ -262,7 +229,7 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u)
 		return(NULL);
 	}
 
-int ssl2_pending(SSL *s)
+int ssl2_pending(const SSL *s)
 	{
 	return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
 	}
@@ -308,7 +275,7 @@ void ssl2_free(SSL *s)
 	s2=s->s2;
 	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
 	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
-	memset(s2,0,sizeof *s2);
+	OPENSSL_cleanse(s2,sizeof *s2);
 	OPENSSL_free(s2);
 	s->s2=NULL;
 	}
@@ -348,7 +315,7 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
 	return(ret);
 	}
 
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
+long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
 	{
 	return(0);
 	}
@@ -358,7 +325,7 @@ long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 	return(0);
 	}
 
-long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 	{
 	return(0);
 	}
@@ -367,42 +334,20 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
  * available */
 SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
 	{
-	static int init=1;
-	static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
-	SSL_CIPHER c,*cp= &c,**cpp;
+	SSL_CIPHER c,*cp;
 	unsigned long id;
-	int i;
-
-	if (init)
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-
-		if (init)
-			{
-			for (i=0; i<SSL2_NUM_CIPHERS; i++)
-				sorted[i]= &(ssl2_ciphers[i]);
-
-			qsort((char *)sorted,
-				SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-				FP_ICC ssl_cipher_ptr_id_cmp);
-
-			init=0;
-			}
-			
-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-		}
 
 	id=0x02000000L|((unsigned long)p[0]<<16L)|
 		((unsigned long)p[1]<<8L)|(unsigned long)p[2];
 	c.id=id;
-	cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
-		(char *)sorted,
-		SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-		FP_ICC ssl_cipher_ptr_id_cmp);
-	if ((cpp == NULL) || !(*cpp)->valid)
-		return(NULL);
+	cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
+		(char *)ssl2_ciphers,
+		SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
+		FP_ICC ssl_cipher_id_cmp);
+	if ((cp == NULL) || (cp->valid == 0))
+		return NULL;
 	else
-		return(*cpp);
+		return cp;
 	}
 
 int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
@@ -437,7 +382,8 @@ int ssl2_generate_key_material(SSL *s)
 	EVP_MD_CTX_init(&ctx);
 	km=s->s2->key_material;
 
- 	if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
+ 	if (s->session->master_key_length < 0 ||
+			s->session->master_key_length > (int)sizeof(s->session->master_key))
  		{
  		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
  		return 0;
@@ -445,7 +391,8 @@ int ssl2_generate_key_material(SSL *s)
 
 	for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
 		{
-		if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material)
+		if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
+				(int)sizeof(s->s2->key_material))
 			{
 			/* EVP_DigestFinal_ex() below would write beyond buffer */
 			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
@@ -456,7 +403,7 @@ int ssl2_generate_key_material(SSL *s)
 
 		OPENSSL_assert(s->session->master_key_length >= 0
 		    && s->session->master_key_length
-		    < sizeof s->session->master_key);
+		    < (int)sizeof(s->session->master_key));
 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
 		EVP_DigestUpdate(&ctx,&c,1);
 		c++;
@@ -495,7 +442,7 @@ void ssl2_write_error(SSL *s)
 
 	error=s->error; /* number of bytes left to write */
 	s->error=0;
-	OPENSSL_assert(error >= 0 && error <= sizeof buf);
+	OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
 	i=ssl2_write(s,&(buf[3-error]),error);
 
 /*	if (i == error) s->rwstate=state; */