Fix no-ssl3 configuration option
[openssl.git] / ssl / s2_lib.c
index 0f311c3..41818dc 100644 (file)
@@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
        SSL_SSLV2,
        SSL_NOT_EXP|SSL_HIGH,
        0,
-       168,
+       112,
        168,
        },
 
@@ -391,6 +391,8 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
        case SSL_CTRL_GET_SESSION_REUSED:
                ret=s->hit;
                break;
+       case SSL_CTRL_CHECK_PROTO_VERSION:
+               return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg);
        default:
                break;
                }
@@ -412,9 +414,6 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
        return(0);
        }
 
-IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
-                                   ssl_cipher_id_cmp);
-
 /* This function needs to check if the ciphers required are actually
  * available */
 const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
@@ -426,12 +425,8 @@ const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
        id=0x02000000L|((unsigned long)p[0]<<16L)|
                ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
        c.id=id;
-       cp = OBJ_bsearch(const SSL_CIPHER, &c, const SSL_CIPHER, ssl2_ciphers,
-                        SSL2_NUM_CIPHERS, ssl_cipher_id_cmp);
-       if ((cp == NULL) || (cp->valid == 0))
-               return NULL;
-       else
-               return cp;
+       cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS);
+       return cp;
        }
 
 int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
@@ -441,7 +436,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
        if (p != NULL)
                {
                l=c->id;
-               if ((l & 0xff000000) != 0x02000000) return(0);
+               if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0);
                p[0]=((unsigned char)(l>>16L))&0xFF;
                p[1]=((unsigned char)(l>> 8L))&0xFF;
                p[2]=((unsigned char)(l     ))&0xFF;
@@ -456,6 +451,7 @@ int ssl2_generate_key_material(SSL *s)
        unsigned char *km;
        unsigned char c='0';
        const EVP_MD *md5;
+       int md_size;
 
        md5 = EVP_md5();
 
@@ -472,10 +468,12 @@ int ssl2_generate_key_material(SSL *s)
                SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
                return 0;
                }
-
-       for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
+       md_size = EVP_MD_size(md5);
+       if (md_size < 0)
+           return 0;
+       for (i=0; i<s->s2->key_material_length; i += md_size)
                {
-               if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
+               if (((km - s->s2->key_material) + md_size) >
                                (int)sizeof(s->s2->key_material))
                        {
                        /* EVP_DigestFinal_ex() below would write beyond buffer */
@@ -494,7 +492,7 @@ int ssl2_generate_key_material(SSL *s)
                EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
                EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
                EVP_DigestFinal_ex(&ctx,km,NULL);
-               km += EVP_MD_size(md5);
+               km += md_size;
                }
 
        EVP_MD_CTX_cleanup(&ctx);