From aad1d64cb5a8d9b503d9199642363dc1e92d2f9b Mon Sep 17 00:00:00 2001
From: markm <markm@FreeBSD.org>
Date: Tue, 28 Jan 2003 21:43:22 +0000
Subject: Vendor import of OpenSSL release 0.9.7. This release includes support
 for AES and OpenBSD's hardware crypto.

---
 crypto/openssl/ssl/s2_lib.c | 82 +++++++++++++++++++++++++++------------------
 1 file changed, 49 insertions(+), 33 deletions(-)

(limited to 'crypto/openssl/ssl/s2_lib.c')

diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
index 01d1e97..910b9fe 100644
--- a/crypto/openssl/ssl/s2_lib.c
+++ b/crypto/openssl/ssl/s2_lib.c
@@ -57,10 +57,11 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
+#include <openssl/evp.h>
 #include <openssl/md5.h>
 #include "cryptlib.h"
 
@@ -307,7 +308,7 @@ void ssl2_free(SSL *s)
 	s2=s->s2;
 	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
 	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
-	memset(s2,0,sizeof *s2);
+	OPENSSL_cleanse(s2,sizeof *s2);
 	OPENSSL_free(s2);
 	s->s2=NULL;
 	}
@@ -332,7 +333,7 @@ void ssl2_clear(SSL *s)
 	s->packet_length=0;
 	}
 
-long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg)
+long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
 	{
 	int ret=0;
 
@@ -352,7 +353,7 @@ long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
 	return(0);
 	}
 
-long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
+long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 	{
 	return(0);
 	}
@@ -376,15 +377,19 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
 
-		for (i=0; i<SSL2_NUM_CIPHERS; i++)
-			sorted[i]= &(ssl2_ciphers[i]);
+		if (init)
+			{
+			for (i=0; i<SSL2_NUM_CIPHERS; i++)
+				sorted[i]= &(ssl2_ciphers[i]);
 
-		qsort(  (char *)sorted,
-			SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-			FP_ICC ssl_cipher_ptr_id_cmp);
+			qsort((char *)sorted,
+				SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+				FP_ICC ssl_cipher_ptr_id_cmp);
 
+			init=0;
+			}
+			
 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-		init=0;
 		}
 
 	id=0x02000000L|((unsigned long)p[0]<<16L)|
@@ -418,43 +423,50 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 int ssl2_generate_key_material(SSL *s)
 	{
 	unsigned int i;
-	MD5_CTX ctx;
+	EVP_MD_CTX ctx;
 	unsigned char *km;
 	unsigned char c='0';
+	const EVP_MD *md5;
+
+	md5 = EVP_md5();
 
 #ifdef CHARSET_EBCDIC
 	c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
 				see SSLv2 docu */
 #endif
-
+	EVP_MD_CTX_init(&ctx);
 	km=s->s2->key_material;
 
-	if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
-		{
-		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
-		return 0;
-		}
+ 	if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
+ 		{
+ 		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+ 		return 0;
+ 		}
 
-	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
+	for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
 		{
-		if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material)
+		if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material)
 			{
-			/* MD5_Final() below would write beyond buffer */
-			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
+			/* EVP_DigestFinal_ex() below would write beyond buffer */
+			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
 			return 0;
 			}
 
-		MD5_Init(&ctx);
+		EVP_DigestInit_ex(&ctx, md5, NULL);
 
-		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
-		MD5_Update(&ctx,&c,1);
+		OPENSSL_assert(s->session->master_key_length >= 0
+		    && s->session->master_key_length
+		    < sizeof s->session->master_key);
+		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+		EVP_DigestUpdate(&ctx,&c,1);
 		c++;
-		MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
-		MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
-		MD5_Final(km,&ctx);
-		km+=MD5_DIGEST_LENGTH;
+		EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
+		EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
+		EVP_DigestFinal_ex(&ctx,km,NULL);
+		km += EVP_MD_size(md5);
 		}
 
+	EVP_MD_CTX_cleanup(&ctx);
 	return 1;
 	}
 
@@ -483,17 +495,21 @@ void ssl2_write_error(SSL *s)
 
 	error=s->error; /* number of bytes left to write */
 	s->error=0;
-	if (error < 0 || error > sizeof buf) /* can't happen */
-		return;
-	
+	OPENSSL_assert(error >= 0 && error <= sizeof buf);
 	i=ssl2_write(s,&(buf[3-error]),error);
 
 /*	if (i == error) s->rwstate=state; */
 
 	if (i < 0)
 		s->error=error;
-	else if (i != s->error)
+	else
+		{
 		s->error=error-i;
+
+		if (s->error == 0)
+			if (s->msg_callback)
+				s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
+		}
 	}
 
 int ssl2_shutdown(SSL *s)
@@ -501,7 +517,7 @@ int ssl2_shutdown(SSL *s)
 	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 	return(1);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
-- 
cgit v1.1