diff options
author | markm <markm@FreeBSD.org> | 2003-01-28 22:34:21 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2003-01-28 22:34:21 +0000 |
commit | 3f245d6325bc967e32ea631b54fb87569ded160b (patch) | |
tree | a8ee3102ea01b359830fb8c094c644e39ce479ba /crypto/openssl/ssl/s2_lib.c | |
parent | ad7148cc98d85da1fe9f1dde3e946c8c62e2df65 (diff) | |
download | FreeBSD-src-3f245d6325bc967e32ea631b54fb87569ded160b.zip FreeBSD-src-3f245d6325bc967e32ea631b54fb87569ded160b.tar.gz |
Merge conflicts.
This is cunning doublespeak for "use vendor code".
Diffstat (limited to 'crypto/openssl/ssl/s2_lib.c')
-rw-r--r-- | crypto/openssl/ssl/s2_lib.c | 84 |
1 files changed, 49 insertions, 35 deletions
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c index 64c6575..910b9fe 100644 --- a/crypto/openssl/ssl/s2_lib.c +++ b/crypto/openssl/ssl/s2_lib.c @@ -54,15 +54,14 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ #include "ssl_locl.h" -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 #include <stdio.h> #include <openssl/rsa.h> #include <openssl/objects.h> +#include <openssl/evp.h> #include <openssl/md5.h> #include "cryptlib.h" @@ -309,7 +308,7 @@ void ssl2_free(SSL *s) s2=s->s2; if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); - memset(s2,0,sizeof *s2); + OPENSSL_cleanse(s2,sizeof *s2); OPENSSL_free(s2); s->s2=NULL; } @@ -334,7 +333,7 @@ void ssl2_clear(SSL *s) s->packet_length=0; } -long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg) +long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret=0; @@ -354,7 +353,7 @@ long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)()) return(0); } -long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg) +long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { return(0); } @@ -378,15 +377,19 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) { CRYPTO_w_lock(CRYPTO_LOCK_SSL); - for (i=0; i<SSL2_NUM_CIPHERS; i++) - sorted[i]= &(ssl2_ciphers[i]); + if (init) + { + for (i=0; i<SSL2_NUM_CIPHERS; i++) + sorted[i]= &(ssl2_ciphers[i]); - qsort( (char *)sorted, - SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *), - FP_ICC ssl_cipher_ptr_id_cmp); + qsort((char *)sorted, + SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *), + FP_ICC ssl_cipher_ptr_id_cmp); + init=0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - init=0; } id=0x02000000L|((unsigned long)p[0]<<16L)| @@ -420,43 +423,50 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) int ssl2_generate_key_material(SSL *s) { unsigned int i; - MD5_CTX ctx; + EVP_MD_CTX ctx; unsigned char *km; unsigned char c='0'; + const EVP_MD *md5; + + md5 = EVP_md5(); #ifdef CHARSET_EBCDIC c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', see SSLv2 docu */ #endif - + EVP_MD_CTX_init(&ctx); km=s->s2->key_material; - if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) - { - SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR); - return 0; - } + if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) + { + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); + return 0; + } - for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) + for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5)) { - if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material) + if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material) { - /* MD5_Final() below would write beyond buffer */ - SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR); + /* EVP_DigestFinal_ex() below would write beyond buffer */ + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); return 0; } - MD5_Init(&ctx); + EVP_DigestInit_ex(&ctx, md5, NULL); - MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); - MD5_Update(&ctx,&c,1); + OPENSSL_assert(s->session->master_key_length >= 0 + && s->session->master_key_length + < sizeof s->session->master_key); + EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); + EVP_DigestUpdate(&ctx,&c,1); c++; - MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length); - MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length); - MD5_Final(km,&ctx); - km+=MD5_DIGEST_LENGTH; + EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); + EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); + EVP_DigestFinal_ex(&ctx,km,NULL); + km += EVP_MD_size(md5); } + EVP_MD_CTX_cleanup(&ctx); return 1; } @@ -485,17 +495,21 @@ void ssl2_write_error(SSL *s) error=s->error; /* number of bytes left to write */ s->error=0; - if (error < 0 || error > sizeof buf) /* can't happen */ - return; - + OPENSSL_assert(error >= 0 && error <= sizeof buf); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ if (i < 0) s->error=error; - else if (i != s->error) + else + { s->error=error-i; + + if (s->error == 0) + if (s->msg_callback) + s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */ + } } int ssl2_shutdown(SSL *s) @@ -503,7 +517,7 @@ int ssl2_shutdown(SSL *s) s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return(1); } -#else /* !NO_SSL2 */ +#else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; |