Makefile clean-ups, crypto/bn/asm/alpha.s compiles on Alpha Linux.

[openssl.git] / ssl / s3_srvr.c
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index e003d88357461aa7c9a0b661b9af3a215430d80a..dd3b149a892d022a6e0ac32c73d7c17b7c5b0eb7 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -531,10 +531,9 @@ static int ssl3_get_client_hello(SSL *s)
         if (!ok) return((int)n);
         d=p=(unsigned char *)s->init_buf->data;
  
-       /* The version number has already been checked in ssl3_get_message.
-        * I a native TLSv1/SSLv3 method, the match must be correct except
-        * perhaps for the first message */
-/*     s->client_version=(((int)p[0])<<8)|(int)p[1]; */
+       /* use version from inside client hello, not from record header
+        * (may differ: see RFC 2246, Appendix E, second paragraph) */
+       s->client_version=(((int)p[0])<<8)|(int)p[1];
         p+=2;
  
         /* load the client random */
@@ -873,6 +872,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
         EVP_PKEY *pkey;
         unsigned char *p,*d;
         int al,i;
+       unsigned int u;
         unsigned long type;
         int n;
         CERT *cert;
@@ -1027,15 +1027,14 @@ static int ssl3_send_server_key_exchange(SSL *s)
                                         q+=i;
                                         j+=i;
                                         }
-                               i=RSA_private_encrypt(j,md_buf,&(p[2]),
-                                       pkey->pkey.rsa,RSA_PKCS1_PADDING);
-                               if (i <= 0)
+                               if (RSA_sign(NID_md5_sha1, md_buf, j,
+                                       &(p[2]), &u, pkey->pkey.rsa) <= 0)
                                         {
                                         SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
                                         goto err;
                                         }
-                               s2n(i,p);
-                               n+=i+2;
+                               s2n(u,p);
+                               n+=u+2;
                                 }
                         else
  #endif
@@ -1239,7 +1238,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
  
                 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
  
-#if 1
+#if 0
                 /* If a bad decrypt, use a random master key */
                 if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
                         ((p[0] != (s->client_version>>8)) ||
@@ -1271,7 +1270,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                         goto f_err;
                         }
  
-               if ((p[0] != (s->version>>8)) || (p[1] != (s->version & 0xff)))
+               if ((p[0] != (s->client_version>>8)) || (p[1] != (s->client_version & 0xff)))
                         {
                         al=SSL_AD_DECODE_ERROR;
                         SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
@@ -1450,16 +1449,16 @@ static int ssl3_get_cert_verify(SSL *s)
  #ifndef NO_RSA 
         if (pkey->type == EVP_PKEY_RSA)
                 {
-               i=RSA_public_decrypt(i,p,p,pkey->pkey.rsa,RSA_PKCS1_PADDING);
+               i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md,
+                       MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, 
+                                                       pkey->pkey.rsa);
                 if (i < 0)
                         {
                         al=SSL_AD_DECRYPT_ERROR;
                         SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
                         goto f_err;
                         }
-               if ((i != (MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) ||
-                       memcmp(&(s->s3->tmp.finish_md[0]),p,
-                               MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH))
+               if (i == 0)
                         {
                         al=SSL_AD_DECRYPT_ERROR;
                         SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
@@ -1628,6 +1627,7 @@ static int ssl3_get_client_certificate(SSL *s)
         if (s->session->peer != NULL) /* This should not be needed */
                 X509_free(s->session->peer);
         s->session->peer=sk_X509_shift(sk);
+       s->session->verify_result = s->verify_result;
  
         /* With the current implementation, sess_cert will always be NULL
          * when we arrive here. */