#include <openssl/x509.h>
#include <openssl/krb5_asn.h>
#include "ssl_locl.h"
-
#ifndef OPENSSL_NO_KRB5
#include "kssl_lcl.h"
#endif /* OPENSSL_NO_KRB5 */
+#include <openssl/md5.h>
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
BUF_MEM *buf;
EVP_MD_CTX md_ctx;
+ EVP_MD_CTX_init(&md_ctx);
if (s->state == SSL3_ST_SW_KEY_EXCH_A)
{
type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
}
s->state = SSL3_ST_SW_KEY_EXCH_B;
+ EVP_MD_CTX_cleanup(&md_ctx);
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
+ EVP_MD_CTX_cleanup(&md_ctx);
return(-1);
}
enc_pms.data = p;
p+=enc_pms.length;
- if (n != enc_ticket.length + authenticator.length +
+ if ((unsigned long)n != enc_ticket.length + authenticator.length +
enc_pms.length + 6)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
#endif /* KSSL_DEBUG */
enc = kssl_map_enc(kssl_ctx->enctype);
+ if (enc == NULL)
+ goto err;
+
memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
if (!EVP_DecryptInit(&ciph_ctx,enc,kssl_ctx->key,iv))
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key, pms, outl);
+ if (kssl_ctx->client_princ)
+ {
+ int len = strlen(kssl_ctx->client_princ);
+ if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
+ {
+ s->session->krb5_client_princ_len = len;
+ memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
+ }
+ }
+
+
/* Was doing kssl_ctx_free() here,
** but it caused problems for apache.
** kssl_ctx = kssl_ctx_free(kssl_ctx);