Consistency with s2_... and s23_... variants (no real functional

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 001b37bf1cb2555b48fd97bd1b053657e0feba74..72a73cd9d0a5c802067a4d609bdd23c6b84bff40 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -180,8 +180,8 @@ int ssl3_accept(SSL *s)
                cb=s->ctx->info_callback;
 
        /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
        s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
        if (s->cert == NULL)
                {
@@ -573,9 +573,9 @@ int ssl3_accept(SSL *s)
 end:
        /* BIO_flush(s->wbio); */
 
+       s->in_handshake--;
        if (cb != NULL)
                cb(s,SSL_CB_ACCEPT_EXIT,ret);
-       s->in_handshake--;
        return(ret);
        }
 
@@ -663,13 +663,25 @@ static int ssl3_get_client_hello(SSL *s)
                &ok);
 
        if (!ok) return((int)n);
-       d=p=(unsigned char *)s->init_buf->data;
+       d=p=(unsigned char *)s->init_msg;
 
        /* use version from inside client hello, not from record header
         * (may differ: see RFC 2246, Appendix E, second paragraph) */
        s->client_version=(((int)p[0])<<8)|(int)p[1];
        p+=2;
 
+       if (s->client_version < s->version)
+               {
+               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+               if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 
+                       {
+                       /* similar to ssl3_get_record, send alert using remote version number */
+                       s->version = s->client_version;
+                       }
+               al = SSL_AD_PROTOCOL_VERSION;
+               goto f_err;
+               }
+
        /* load the client random */
        memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
        p+=SSL3_RANDOM_SIZE;
@@ -1174,12 +1186,12 @@ static int ssl3_send_server_key_exchange(SSL *s)
                                j=0;
                                for (num=2; num > 0; num--)
                                        {
-                                       EVP_DigestInit(&md_ctx,(num == 2)
-                                               ?s->ctx->md5:s->ctx->sha1);
+                                       EVP_DigestInit_ex(&md_ctx,(num == 2)
+                                               ?s->ctx->md5:s->ctx->sha1, NULL);
                                        EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
                                        EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
                                        EVP_DigestUpdate(&md_ctx,&(d[4]),n);
-                                       EVP_DigestFinal(&md_ctx,q,
+                                       EVP_DigestFinal_ex(&md_ctx,q,
                                                (unsigned int *)&i);
                                        q+=i;
                                        j+=i;
@@ -1199,7 +1211,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
                                if (pkey->type == EVP_PKEY_DSA)
                                {
                                /* lets do DSS */
-                               EVP_SignInit(&md_ctx,EVP_dss1());
+                               EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
                                EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
                                EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
                                EVP_SignUpdate(&md_ctx,&(d[4]),n);
@@ -1355,7 +1367,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                &ok);
 
        if (!ok) return((int)n);
-       p=(unsigned char *)s->init_buf->data;
+       p=(unsigned char *)s->init_msg;
 
        l=s->s3->tmp.new_cipher->algorithms;
 
@@ -1618,7 +1630,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 
                memset(iv, 0, EVP_MAX_IV_LENGTH);       /* per RFC 1510 */
 
-               if (!EVP_DecryptInit(&ciph_ctx,enc,kssl_ctx->key,iv))
+               if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                SSL_R_DECRYPTION_FAILED);
@@ -1637,7 +1649,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                                SSL_R_DATA_LENGTH_TOO_LONG);
                        goto err;
                        }
-               if (!EVP_DecryptFinal(&ciph_ctx,&(pms[outl]),&padl))
+               if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                SSL_R_DECRYPTION_FAILED);
@@ -1756,7 +1768,7 @@ static int ssl3_get_cert_verify(SSL *s)
                }
 
        /* we now have a signature that we need to verify */
-       p=(unsigned char *)s->init_buf->data;
+       p=(unsigned char *)s->init_msg;
        n2s(p,i);
        n-=2;
        if (i > n)
@@ -1872,7 +1884,7 @@ static int ssl3_get_client_certificate(SSL *s)
                SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
                goto f_err;
                }
-       d=p=(unsigned char *)s->init_buf->data;
+       d=p=(unsigned char *)s->init_msg;
 
        if ((sk=sk_X509_new_null()) == NULL)
                {