Addenum to http://cvs.openssl.org/chngview?cn=13054.

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 7eff4f1d5ef1eb696874d5148d24a5378bb33548..54598f0f8bf4e082a7933dbac2ee2d2f2fbb6dd0 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -130,7 +130,8 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-#include "cryptlib.h"
+#include <openssl/dh.h>
+#include <openssl/bn.h>
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -561,7 +562,7 @@ static int ssl3_client_hello(SSL *s)
                p=s->s3->client_random;
                Time=time(NULL);                        /* Time */
                l2n(Time,p);
-               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
 
                /* Do the message type and length last */
                d=p= &(buf[4]);
@@ -582,7 +583,7 @@ static int ssl3_client_hello(SSL *s)
                *(p++)=i;
                if (i != 0)
                        {
-                       if (i > sizeof s->session->session_id)
+                       if (i > (int)sizeof(s->session->session_id))
                                {
                                SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
                                goto err;
@@ -781,7 +782,8 @@ static int ssl3_get_server_certificate(SSL *s)
        int al,i,ok,ret= -1;
        unsigned long n,nc,llen,l;
        X509 *x=NULL;
-       unsigned char *p,*d,*q;
+       const unsigned char *q,*p;
+       unsigned char *d;
        STACK_OF(X509) *sk=NULL;
        SESS_CERT *sc;
        EVP_PKEY *pkey=NULL;
@@ -808,7 +810,7 @@ static int ssl3_get_server_certificate(SSL *s)
                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
                goto f_err;
                }
-       d=p=(unsigned char *)s->init_msg;
+       p=d=(unsigned char *)s->init_msg;
 
        if ((sk=sk_X509_new_null()) == NULL)
                {
@@ -1409,7 +1411,8 @@ static int ssl3_get_certificate_request(SSL *s)
        unsigned long n,nc,l;
        unsigned int llen,ctype_num,i;
        X509_NAME *xn=NULL;
-       unsigned char *p,*d,*q;
+       const unsigned char *p,*q;
+       unsigned char *d;
        STACK_OF(X509_NAME) *ca_sk=NULL;
 
        n=ssl3_get_message(s,
@@ -1448,7 +1451,7 @@ static int ssl3_get_certificate_request(SSL *s)
                        }
                }
 
-       d=p=(unsigned char *)s->init_msg;
+       p=d=(unsigned char *)s->init_msg;
 
        if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
                {
@@ -2161,6 +2164,7 @@ static int ssl3_send_client_verify(SSL *s)
                *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
                l2n3(n,d);
 
+               s->state=SSL3_ST_CW_CERT_VRFY_B;
                s->init_num=(int)n+4;
                s->init_off=0;
                }
@@ -2353,7 +2357,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
                if (algs & SSL_kRSA)
                        {
                        if (rsa == NULL
-                           || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+                           || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
                                {
                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
                                goto f_err;
@@ -2365,7 +2369,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
                        if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
                            {
                            if (dh == NULL
-                               || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+                               || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
                                {
                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
                                goto f_err;