Enhance EVP code to generate random symmetric keys of the

[openssl.git] / ssl / s2_srvr.c

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 2d3b667d916d0431c5a36640c4d95abb5f50c2df..6c43f720781db8616c9a161cad7d38964a1caa65 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -116,7 +116,6 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
@@ -145,11 +144,18 @@ SSL_METHOD *SSLv2_server_method(void)
 
        if (init)
                {
-               memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
-                       sizeof(SSL_METHOD));
-               SSLv2_server_data.ssl_accept=ssl2_accept;
-               SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
-               init=0;
+               CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+               if (init)
+                       {
+                       memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+                               sizeof(SSL_METHOD));
+                       SSLv2_server_data.ssl_accept=ssl2_accept;
+                       SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+                       init=0;
+                       }
+
+               CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
                }
        return(&SSLv2_server_data);
        }
@@ -869,7 +875,7 @@ static int get_client_finished(SSL *s)
        if (s->msg_callback)
                s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
        p += 1;
-       if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
+       if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0)
                {
                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
                SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
@@ -930,6 +936,7 @@ static int server_finish(SSL *s)
 /* send the request and check the response */
 static int request_certificate(SSL *s)
        {
+       const unsigned char *cp;
        unsigned char *p,*p2,*buf2;
        unsigned char *ccd;
        int i,j,ctype,ret= -1;
@@ -1032,7 +1039,7 @@ static int request_certificate(SSL *s)
        len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
        if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
                {
-               SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+               SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
                goto end;
                }
        j = (int)len - s->init_num;
@@ -1046,7 +1053,8 @@ static int request_certificate(SSL *s)
                s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
        p += 6;
 
-       x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
+       cp = p;
+       x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen);
        if (x509 == NULL)
                {
                SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);
@@ -1069,7 +1077,7 @@ static int request_certificate(SSL *s)
                EVP_MD_CTX_init(&ctx);
                EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
                EVP_VerifyUpdate(&ctx,s->s2->key_material,
-                       (unsigned int)s->s2->key_material_length);
+                                s->s2->key_material_length);
                EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
                i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
@@ -1086,7 +1094,7 @@ static int request_certificate(SSL *s)
 
                pkey=X509_get_pubkey(x509);
                if (pkey == NULL) goto end;
-               i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
+               i=EVP_VerifyFinal(&ctx,cp,s->s2->tmp.rlen,pkey);
                EVP_PKEY_free(pkey);
                EVP_MD_CTX_cleanup(&ctx);