/* ssl/s2_clnt.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
*/
#include <stdio.h>
-#ifndef NO_MD5
-#include "md5.h"
-#endif
#include "rand.h"
#include "buffer.h"
#include "objects.h"
#include "evp.h"
#ifndef NOPROTO
+static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
static int get_server_verify(SSL *s);
static int get_server_hello(SSL *s);
static int ssl_rsa_public_encrypt(CERT *c, int len, unsigned char *from,
unsigned char *to,int padding);
#else
+static SSL_METHOD *ssl2_get_client_method();
static int get_server_finished();
static int get_server_verify();
static int get_server_hello();
static SSL_METHOD *ssl2_get_client_method(ver)
int ver;
{
- if (ver == 2)
+ if (ver == SSL2_VERSION)
return(SSLv2_client_method());
else
return(NULL);
void (*cb)()=NULL;
int new_state,state;
- RAND_seed((unsigned char *)&l,sizeof(l));
+ RAND_seed(&l,sizeof(l));
ERR_clear_error();
- errno=0;
+ clear_sys_error();
if (s->info_callback != NULL)
cb=s->info_callback;
case SSL_ST_BEFORE|SSL_ST_CONNECT:
case SSL_ST_OK|SSL_ST_CONNECT:
+ s->server=0;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
- s->version=2;
+ s->version=SSL2_VERSION;
s->type=SSL_ST_CONNECT;
buf=s->init_buf;
s->init_buf=buf;
s->init_num=0;
s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
- s->ctx->sess_connect++;
+ s->ctx->stats.sess_connect++;
s->handshake_func=ssl2_connect;
BREAK;
break;
case SSL_ST_OK:
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
+ if (s->init_buf != NULL)
+ {
+ BUF_MEM_free(s->init_buf);
+ s->init_buf=NULL;
+ }
s->init_num=0;
/* ERR_clear_error();*/
*/
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
+ if (s->hit) s->ctx->stats.sess_hit++;
ret=1;
/* s->server=0; */
- s->ctx->sess_connect_good++;
+ s->ctx->stats.sess_connect_good++;
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
goto end;
- break;
+ /* break; */
default:
SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
return(-1);
unsigned char *buf;
unsigned char *p;
int i,j;
- STACK *sk,*cl;
+ STACK *sk=NULL,*cl;
buf=(unsigned char *)s->init_buf->data;
p=buf;
}
if (s->s2->tmp.cert_type != 0)
{
- if (!(s->ctx->options &
+ if (!(s->options &
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
{
SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
* cert, Free's it before we increment the reference count. */
CRYPTO_w_lock(CRYPTO_LOCK_X509);
s->session->peer=s->session->cert->key->x509;
- s->session->peer->references++;
+ CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
{
- if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+ if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
enc=8;
- else if (sess->cipher->algorithms & SSL_EXP)
+ else if (SSL_C_IS_EXPORT(sess->cipher))
enc=5;
else
enc=i;
SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
return(-1);
}
+#ifdef PKCS1_CHECK
+ if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;
+ if (s->options & SSL_OP_PKCS1_CHECK_2)
+ sess->master_key[clear]++;
+#endif
s2n(enc,p);
d+=enc;
karg=sess->key_arg_length;
/* ok, now we calculate the checksum
* do it first so we can reuse buf :-) */
p=buf;
- EVP_SignInit(&ctx,EVP_md5());
+ EVP_SignInit(&ctx,s->ctx->rsa_md5);
EVP_SignUpdate(&ctx,s->s2->key_material,
(unsigned int)s->s2->key_material_length);
EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
if (!s->hit) /* new session */
{
/* new session-id */
+ /* Make sure we were not trying to re-use an old SSL_SESSION
+ * or bad things can happen */
+ /* ZZZZZZZZZZZZZ */
s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
}
else
{
- if (!(s->ctx->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+ if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
goto err;
ret=1;
err:
- if (sk != NULL) sk_free(sk);
- if (x509 != NULL) X509_free(x509);
+ sk_free(sk);
+ X509_free(x509);
+ EVP_PKEY_free(pkey);
return(ret);
}
if (i < 0)
SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
end:
+ EVP_PKEY_free(pkey);
return(i);
}