This time, get it right.

[openssl.git] / ssl / s2_clnt.c
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c

index 67578a45ade8fb0fcc2733156ae3ca3795d202bd..2170e292899912b9fdeaeed0e8a662e37341cf44 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -1,5 +1,5 @@
  /* ssl/s2_clnt.c */
  /* ssl/s2_clnt.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
   * This package is an SSL implementation written
   * All rights reserved.
   *
   * This package is an SSL implementation written
@@ -57,9 +57,6 @@
   */
  
  #include <stdio.h>
   */
  
  #include <stdio.h>
-#ifndef NO_MD5
-#include "md5.h"
-#endif
  #include "rand.h"
  #include "buffer.h"
  #include "objects.h"
  #include "rand.h"
  #include "buffer.h"
  #include "objects.h"
@@ -92,7 +89,7 @@ static int ssl_rsa_public_encrypt();
  static SSL_METHOD *ssl2_get_client_method(ver)
  int ver;
         {
  static SSL_METHOD *ssl2_get_client_method(ver)
  int ver;
         {
-       if (ver == 2)
+       if (ver == SSL2_VERSION)
                 return(SSLv2_client_method());
         else
                 return(NULL);
                 return(SSLv2_client_method());
         else
                 return(NULL);
@@ -125,7 +122,7 @@ SSL *s;
  
         RAND_seed((unsigned char *)&l,sizeof(l));
         ERR_clear_error();
  
         RAND_seed((unsigned char *)&l,sizeof(l));
         ERR_clear_error();
-       errno=0;
+       clear_sys_error();
  
         if (s->info_callback != NULL)
                 cb=s->info_callback;
  
         if (s->info_callback != NULL)
                 cb=s->info_callback;
@@ -149,7 +146,7 @@ SSL *s;
  
                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
  
  
                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
  
-                       s->version=2;
+                       s->version=SSL2_VERSION;
                         s->type=SSL_ST_CONNECT;
  
                         buf=s->init_buf;
                         s->type=SSL_ST_CONNECT;
  
                         buf=s->init_buf;
@@ -262,6 +259,7 @@ SSL *s;
                          */
  
                         ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
                          */
  
                         ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
+                       if (s->hit) s->ctx->sess_hit++;
  
                         ret=1;
                         /* s->server=0; */
  
                         ret=1;
                         /* s->server=0; */
@@ -270,7 +268,7 @@ SSL *s;
                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
  
                         goto end;
                         if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
  
                         goto end;
-                       break;
+                       /* break; */
                 default:
                         SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
                         return(-1);
                 default:
                         SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
                         return(-1);
@@ -298,7 +296,7 @@ SSL *s;
         unsigned char *buf;
         unsigned char *p;
         int i,j;
         unsigned char *buf;
         unsigned char *p;
         int i,j;
-       STACK *sk,*cl;
+       STACK *sk=NULL,*cl;
  
         buf=(unsigned char *)s->init_buf->data;
         p=buf;
  
         buf=(unsigned char *)s->init_buf->data;
         p=buf;
@@ -350,7 +348,7 @@ SSL *s;
                         }
                 if (s->s2->tmp.cert_type != 0)
                         {
                         }
                 if (s->s2->tmp.cert_type != 0)
                         {
-                       if (!(s->ctx->options &
+                       if (!(s->options &
                                 SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
                                 {
                                 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
                                 SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
                                 {
                                 SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
@@ -448,7 +446,7 @@ SSL *s;
          * cert, Free's it before we increment the reference count. */
         CRYPTO_w_lock(CRYPTO_LOCK_X509);
         s->session->peer=s->session->cert->key->x509;
          * cert, Free's it before we increment the reference count. */
         CRYPTO_w_lock(CRYPTO_LOCK_X509);
         s->session->peer=s->session->cert->key->x509;
-       s->session->peer->references++;
+       CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);
         CRYPTO_w_unlock(CRYPTO_LOCK_X509);
  
         s->s2->conn_id_length=s->s2->tmp.conn_id_length;
         CRYPTO_w_unlock(CRYPTO_LOCK_X509);
  
         s->s2->conn_id_length=s->s2->tmp.conn_id_length;
@@ -589,6 +587,11 @@ SSL *s;
                         SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
                         return(-1);
                         }
                         SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
                         return(-1);
                         }
+#ifdef PKCS1_CHECK
+               if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;
+               if (s->options & SSL_OP_PKCS1_CHECK_2)
+                       sess->master_key[clear]++;
+#endif
                 s2n(enc,p);
                 d+=enc;
                 karg=sess->key_arg_length;      
                 s2n(enc,p);
                 d+=enc;
                 karg=sess->key_arg_length;      
@@ -736,7 +739,7 @@ SSL *s;
                 /* ok, now we calculate the checksum
                  * do it first so we can reuse buf :-) */
                 p=buf;
                 /* ok, now we calculate the checksum
                  * do it first so we can reuse buf :-) */
                 p=buf;
-               EVP_SignInit(&ctx,EVP_md5());
+               EVP_SignInit(&ctx,s->ctx->rsa_md5);
                 EVP_SignUpdate(&ctx,s->s2->key_material,
                         (unsigned int)s->s2->key_material_length);
                 EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
                 EVP_SignUpdate(&ctx,s->s2->key_material,
                         (unsigned int)s->s2->key_material_length);
                 EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
@@ -856,12 +859,15 @@ SSL *s;
         if (!s->hit) /* new session */
                 {
                 /* new session-id */
         if (!s->hit) /* new session */
                 {
                 /* new session-id */
+               /* Make sure we were not trying to re-use an old SSL_SESSION
+                * or bad things can happen */
+               /* ZZZZZZZZZZZZZ */
                 s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
                 memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
                 }
         else
                 {
                 s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
                 memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
                 }
         else
                 {
-               if (!(s->ctx->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+               if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
                         {
                         if (memcmp(buf,s->session->session_id,
                                 (unsigned int)s->session->session_id_length) != 0)
                         {
                         if (memcmp(buf,s->session->session_id,
                                 (unsigned int)s->session->session_id_length) != 0)