(oops) Apologies all, that last header-cleanup commit was from the wrong
[openssl.git] / ssl / s3_clnt.c
index b27a1de..8feb24a 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-#include "cryptlib.h"
+#include <openssl/dh.h>
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -582,7 +582,7 @@ static int ssl3_client_hello(SSL *s)
                *(p++)=i;
                if (i != 0)
                        {
-                       if (i > sizeof s->session->session_id)
+                       if (i > (int)sizeof(s->session->session_id))
                                {
                                SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
                                goto err;
@@ -781,7 +781,8 @@ static int ssl3_get_server_certificate(SSL *s)
        int al,i,ok,ret= -1;
        unsigned long n,nc,llen,l;
        X509 *x=NULL;
-       unsigned char *p,*d,*q;
+       const unsigned char *q,*p;
+       unsigned char *d;
        STACK_OF(X509) *sk=NULL;
        SESS_CERT *sc;
        EVP_PKEY *pkey=NULL;
@@ -808,7 +809,7 @@ static int ssl3_get_server_certificate(SSL *s)
                SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
                goto f_err;
                }
-       d=p=(unsigned char *)s->init_msg;
+       p=d=(unsigned char *)s->init_msg;
 
        if ((sk=sk_X509_new_null()) == NULL)
                {
@@ -1409,7 +1410,8 @@ static int ssl3_get_certificate_request(SSL *s)
        unsigned long n,nc,l;
        unsigned int llen,ctype_num,i;
        X509_NAME *xn=NULL;
-       unsigned char *p,*d,*q;
+       const unsigned char *p,*q;
+       unsigned char *d;
        STACK_OF(X509_NAME) *ca_sk=NULL;
 
        n=ssl3_get_message(s,
@@ -1448,7 +1450,7 @@ static int ssl3_get_certificate_request(SSL *s)
                        }
                }
 
-       d=p=(unsigned char *)s->init_msg;
+       p=d=(unsigned char *)s->init_msg;
 
        if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
                {
@@ -2354,7 +2356,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
                if (algs & SSL_kRSA)
                        {
                        if (rsa == NULL
-                           || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+                           || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
                                {
                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
                                goto f_err;
@@ -2366,7 +2368,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
                        if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
                            {
                            if (dh == NULL
-                               || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
+                               || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
                                {
                                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
                                goto f_err;