*/
#define REUSE_CIPHER_BUG
+#define NETSCAPE_HANG_BUG
+
#include <stdio.h>
#include <openssl/buffer.h>
int ret= -1;
int new_state,state,skip=0;
- RAND_seed(&Time,sizeof(Time));
+ RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
clear_sys_error();
s->new_session=1;
/* s->state=SSL_ST_ACCEPT; */
- case SSL3_ST_SR_MS_SGC:
case SSL_ST_BEFORE:
case SSL_ST_ACCEPT:
case SSL_ST_BEFORE|SSL_ST_ACCEPT:
if (s->state != SSL_ST_RENEGOTIATE)
{
- if(s->state != SSL3_ST_SR_MS_SGC) ssl3_init_finished_mac(s);
+ ssl3_init_finished_mac(s);
s->state=SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->stats.sess_accept++;
}
|| (l & (SSL_DH|SSL_kFZA))
|| ((l & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- || (SSL_IS_EXPORT(l)
- && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
+ || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
+ && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
)
)
)
s->s3->tmp.cert_request=1;
ret=ssl3_send_certificate_request(s);
if (ret <= 0) goto end;
+#ifndef NETSCAPE_HANG_BUG
s->state=SSL3_ST_SW_SRVR_DONE_A;
+#else
+ s->state=SSL3_ST_SW_FLUSH;
+ s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+#endif
s->init_num=0;
}
break;
case SSL3_ST_SR_CERT_A:
case SSL3_ST_SR_CERT_B:
- /* Check for second client hello if MS SGC */
+ /* Check for second client hello (MS SGC) */
ret = ssl3_check_client_hello(s);
- if(ret <= 0) goto end;
- if(ret == 2) s->state = SSL3_ST_SR_MS_SGC;
+ if (ret <= 0)
+ goto end;
+ if (ret == 2)
+ s->state = SSL3_ST_SR_CLNT_HELLO_C;
else {
/* could be sent for a DH cert, even if we
* have not asked for it :-) */
if (s->state == SSL3_ST_SW_HELLO_REQ_A)
{
p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL3_MT_CLIENT_REQUEST;
+ *(p++)=SSL3_MT_HELLO_REQUEST;
*(p++)=0;
*(p++)=0;
*(p++)=0;
* compression - basically ignored right now
* ssl version is set - sslv3
* s->session - The ssl session has been setup.
- * s->hit - sesson reuse flag
+ * s->hit - session reuse flag
* s->tmp.new_cipher - the new cipher to use.
*/
p=s->s3->server_random;
Time=time(NULL); /* Time */
l2n(Time,p);
- RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+ RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
/* Do the message type and length last */
d=p= &(buf[4]);
int j,num;
RSA *rsa;
unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+ unsigned int u;
#endif
#ifndef NO_DH
- DH *dh,*dhp;
+ DH *dh=NULL,*dhp;
#endif
EVP_PKEY *pkey;
unsigned char *p,*d;
int al,i;
- unsigned int u;
unsigned long type;
int n;
CERT *cert;
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
goto f_err;
}
+
+ if (s->s3->tmp.dh != NULL)
+ {
+ DH_free(dh);
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, SSL_R_INTERNAL_ERROR);
+ goto err;
+ }
+
if ((dh=DHparams_dup(dhp)) == NULL)
{
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
s->init_off=0;
}
- /* SSL3_ST_SW_KEY_EXCH_B */
+ s->state = SSL3_ST_SW_KEY_EXCH_B;
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
s->init_num=n+4;
s->init_off=0;
+#ifdef NETSCAPE_HANG_BUG
+ p=(unsigned char *)s->init_buf->data + s->init_num;
+
+ /* do the header */
+ *(p++)=SSL3_MT_SERVER_DONE;
+ *(p++)=0;
+ *(p++)=0;
+ *(p++)=0;
+ s->init_num += 4;
+#endif
+
}
/* SSL3_ST_SW_CERT_REQ_B */
{
p[0]=(s->version>>8);
p[1]=(s->version & 0xff);
- RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+ RAND_pseudo_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
i=SSL_MAX_MASTER_KEY_LENGTH;
}
/* else, an SSLeay bug, ssl only server, tls client */
projects / openssl.git / blobdiff