projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Set security level to zero is ssltest
[openssl.git]
/
ssl
/
s3_both.c
diff --git
a/ssl/s3_both.c
b/ssl/s3_both.c
index 153b2bfc78c0b5c9f92bd454a250ad02bf46bb50..beef06f96b9f377c13150ecdcebe4d29de41c29c 100644
(file)
--- a/
ssl/s3_both.c
+++ b/
ssl/s3_both.c
@@
-150,20
+150,20
@@
int ssl3_do_write(SSL *s, int type)
int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
{
int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
{
- unsigned char *p
,*d
;
+ unsigned char *p;
int i;
unsigned long l;
if (s->state == a)
{
int i;
unsigned long l;
if (s->state == a)
{
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
+ p = ssl_handshake_start(s);
i=s->method->ssl3_enc->final_finish_mac(s,
sender,slen,s->s3->tmp.finish_md);
i=s->method->ssl3_enc->final_finish_mac(s,
sender,slen,s->s3->tmp.finish_md);
+ if (i == 0)
+ return 0;
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
- p+=i;
l=i;
/* Copy the finished so we can use it for
l=i;
/* Copy the finished so we can use it for
@@
-189,17
+189,12
@@
int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
*/
l&=0xffff;
#endif
*/
l&=0xffff;
#endif
-
- *(d++)=SSL3_MT_FINISHED;
- l2n3(l,d);
- s->init_num=(int)l+4;
- s->init_off=0;
-
+ ssl_set_handshake_header(s, SSL3_MT_FINISHED, l);
s->state=b;
}
/* SSL3_ST_SEND_xxxxxx_HELLO_B */
s->state=b;
}
/* SSL3_ST_SEND_xxxxxx_HELLO_B */
- return
(ssl3_do_write(s,SSL3_RT_HANDSHAKE)
);
+ return
ssl_do_write(s
);
}
#ifndef OPENSSL_NO_NEXTPROTONEG
}
#ifndef OPENSSL_NO_NEXTPROTONEG
@@
-208,7
+203,11
@@
static void ssl3_take_mac(SSL *s)
{
const char *sender;
int slen;
{
const char *sender;
int slen;
-
+ /* If no new cipher setup return immediately: other functions will
+ * set the appropriate error.
+ */
+ if (s->s3->tmp.new_cipher == NULL)
+ return;
if (s->state & SSL_ST_CONNECT)
{
sender=s->method->ssl3_enc->server_finished_label;
if (s->state & SSL_ST_CONNECT)
{
sender=s->method->ssl3_enc->server_finished_label;
@@
-265,7
+264,7
@@
int ssl3_get_finished(SSL *s, int a, int b)
goto f_err;
}
goto f_err;
}
- if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+ if (
CRYPTO_
memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
{
al=SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
{
al=SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
@@
-321,24
+320,20
@@
int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
}
return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
}
-unsigned long ssl3_output_cert_chain(SSL *s,
X509 *x
)
+unsigned long ssl3_output_cert_chain(SSL *s,
CERT_PKEY *cpk
)
{
unsigned char *p;
{
unsigned char *p;
- unsigned long l=7;
- BUF_MEM *buf = s->init_buf;
+ unsigned long l = 3 + SSL_HM_HEADER_LENGTH(s);
- if (!ssl_add_cert_chain(s,
x
, &l))
+ if (!ssl_add_cert_chain(s,
cpk
, &l))
return 0;
return 0;
- l
-=7
;
- p
=(unsigned char *)&(buf->data[4]
);
+ l
-= 3 + SSL_HM_HEADER_LENGTH(s)
;
+ p
= ssl_handshake_start(s
);
l2n3(l,p);
l2n3(l,p);
- l+=3;
- p=(unsigned char *)&(buf->data[0]);
- *(p++)=SSL3_MT_CERTIFICATE;
- l2n3(l,p);
- l+=4;
- return(l);
+ l += 3;
+ ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE, l);
+ return l + SSL_HM_HEADER_LENGTH(s);
}
/* Obtain handshake message of message type 'mt' (any if mt == -1),
}
/* Obtain handshake message of message type 'mt' (any if mt == -1),
@@
-524,7
+519,7
@@
int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
{
ret = SSL_PKEY_GOST01;
}
{
ret = SSL_PKEY_GOST01;
}
- else if (x &&
i == EVP_PKEY_DH
)
+ else if (x &&
(i == EVP_PKEY_DH || i == EVP_PKEY_DHX)
)
{
/* For DH two cases: DH certificate signed with RSA and
* DH certificate signed with DSA.
{
/* For DH two cases: DH certificate signed with RSA and
* DH certificate signed with DSA.
@@
-700,7
+695,7
@@
int ssl3_setup_read_buffer(SSL *s)
len += SSL3_RT_MAX_EXTRA;
}
#ifndef OPENSSL_NO_COMP
len += SSL3_RT_MAX_EXTRA;
}
#ifndef OPENSSL_NO_COMP
- if (
!(s->options & SSL_OP_NO_COMPRESSION
))
+ if (
ssl_allow_compression(s
))
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
if ((p=freelist_extract(s->ctx, 1, len)) == NULL)
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
if ((p=freelist_extract(s->ctx, 1, len)) == NULL)
@@
-737,7
+732,7
@@
int ssl3_setup_write_buffer(SSL *s)
+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+ headerlen + align;
#ifndef OPENSSL_NO_COMP
+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+ headerlen + align;
#ifndef OPENSSL_NO_COMP
- if (
!(s->options & SSL_OP_NO_COMPRESSION
))
+ if (
ssl_allow_compression(s
))
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
@@
-787,3
+782,10
@@
int ssl3_release_read_buffer(SSL *s)
return 1;
}
return 1;
}
+int ssl_allow_compression(SSL *s)
+ {
+ if (s->options & SSL_OP_NO_COMPRESSION)
+ return 0;
+ return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
+ }
+