#include <openssl/x509.h>
#include <openssl/krb5_asn.h>
#include "ssl_locl.h"
-#ifndef OPENSSL_NO_KRB5
#include "kssl_lcl.h"
-#endif /* OPENSSL_NO_KRB5 */
#include <openssl/md5.h>
static SSL_METHOD *ssl3_get_server_method(int ver);
long num1;
int ret= -1;
int new_state,state,skip=0;
+ int got_new_session=0;
RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
case SSL3_ST_SW_HELLO_REQ_C:
s->state=SSL_ST_OK;
- ret=1;
- goto end;
- /* break; */
+ break;
case SSL3_ST_SR_CLNT_HELLO_A:
case SSL3_ST_SR_CLNT_HELLO_B:
s->shutdown=0;
ret=ssl3_get_client_hello(s);
if (ret <= 0) goto end;
+ got_new_session=1;
s->state=SSL3_ST_SW_SRVR_HELLO_A;
s->init_num=0;
break;
/* remove buffering on output */
ssl_free_wbio_buffer(s);
- s->new_session=0;
s->init_num=0;
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
- /* s->server=1; */
- s->handshake_func=ssl3_accept;
- ret=1;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+ if (got_new_session) /* skipped if we just sent a HelloRequest */
+ {
+ /* actually not necessarily a 'new' session unless
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+
+ s->new_session=0;
+
+ ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+
+ s->ctx->stats.sess_accept_good++;
+ /* s->server=1; */
+ s->handshake_func=ssl3_accept;
+ if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+ }
+
+ ret = 1;
goto end;
/* break; */
&ok);
if (!ok) return((int)n);
- d=p=(unsigned char *)s->init_buf->data;
+ d=p=(unsigned char *)s->init_msg;
/* use version from inside client hello, not from record header
* (may differ: see RFC 2246, Appendix E, second paragraph) */
j= *(p++);
s->hit=0;
- if (j == 0)
+ /* Versions before 0.9.7 always allow session reuse during renegotiation
+ * (i.e. when s->new_session is true), option
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
+ * Maybe this optional behaviour should always have been the default,
+ * but we cannot safely change the default behaviour (or new applications
+ * might be written that become totally unsecure when compiled with
+ * an earlier library version)
+ */
+ if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
{
if (!ssl_get_new_session(s,1))
goto err;
j=0;
for (num=2; num > 0; num--)
{
- EVP_DigestInit(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1);
+ EVP_DigestInit_ex(&md_ctx,(num == 2)
+ ?s->ctx->md5:s->ctx->sha1, NULL);
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(d[4]),n);
- EVP_DigestFinal(&md_ctx,q,
+ EVP_DigestFinal_ex(&md_ctx,q,
(unsigned int *)&i);
q+=i;
j+=i;
if (pkey->type == EVP_PKEY_DSA)
{
/* lets do DSS */
- EVP_SignInit(&md_ctx,EVP_dss1());
+ EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_SignUpdate(&md_ctx,&(d[4]),n);
&ok);
if (!ok) return((int)n);
- p=(unsigned char *)s->init_buf->data;
+ p=(unsigned char *)s->init_msg;
l=s->s3->tmp.new_cipher->algorithms;
memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
- if (!EVP_DecryptInit(&ciph_ctx,enc,kssl_ctx->key,iv))
+ if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
- if (!EVP_DecryptFinal(&ciph_ctx,&(pms[outl]),&padl))
+ if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
}
/* we now have a signature that we need to verify */
- p=(unsigned char *)s->init_buf->data;
+ p=(unsigned char *)s->init_msg;
n2s(p,i);
n-=2;
if (i > n)
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
goto f_err;
}
- d=p=(unsigned char *)s->init_buf->data;
+ d=p=(unsigned char *)s->init_msg;
if ((sk=sk_X509_new_null()) == NULL)
{