summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_lib.c
diff options
context:
space:
mode:
authordjm <>2011-11-03 02:34:33 +0000
committerdjm <>2011-11-03 02:34:33 +0000
commit6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e (patch)
treea8fc08e33aecdd21cb07aa47c8a3a9db715f2ef3 /src/lib/libssl/t1_lib.c
parent509e4c3041a1e04b41603ac8dd4dbc72152b416e (diff)
downloadopenbsd-6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e.tar.gz
openbsd-6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e.tar.bz2
openbsd-6d0fb3b3bc3c11f7d4831f061e59a06f29d0ec8e.zip
openssl-1.0.0e: resolve conflicts
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/t1_lib.c20
1 files changed, 11 insertions, 9 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 0baa70663a..85371c87b8 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1013,9 +1013,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
1013 1013
1014int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 1014int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
1015 { 1015 {
1016 unsigned short length;
1016 unsigned short type; 1017 unsigned short type;
1017 unsigned short size; 1018 unsigned short size;
1018 unsigned short len;
1019 unsigned char *data = *p; 1019 unsigned char *data = *p;
1020 int tlsext_servername = 0; 1020 int tlsext_servername = 0;
1021 int renegotiate_seen = 0; 1021 int renegotiate_seen = 0;
@@ -1023,7 +1023,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
1023 if (data >= (d+n-2)) 1023 if (data >= (d+n-2))
1024 goto ri_check; 1024 goto ri_check;
1025 1025
1026 n2s(data,len); 1026 n2s(data,length);
1027 if (data+length != d+n)
1028 {
1029 *al = SSL_AD_DECODE_ERROR;
1030 return 0;
1031 }
1027 1032
1028 while(data <= (d+n-4)) 1033 while(data <= (d+n-4))
1029 { 1034 {
@@ -1453,23 +1458,20 @@ int ssl_check_serverhello_tlsext(SSL *s)
1453 int al = SSL_AD_UNRECOGNIZED_NAME; 1458 int al = SSL_AD_UNRECOGNIZED_NAME;
1454 1459
1455#ifndef OPENSSL_NO_EC 1460#ifndef OPENSSL_NO_EC
1456 /* If we are client and using an elliptic curve cryptography cipher suite, then server 1461 /* If we are client and using an elliptic curve cryptography cipher
1457 * must return a an EC point formats lists containing uncompressed. 1462 * suite, then if server returns an EC point formats lists extension
1463 * it must contain uncompressed.
1458 */ 1464 */
1459 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 1465 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1460 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1466 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1461 if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 1467 if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
1468 (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) &&
1462 ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) 1469 ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
1463 { 1470 {
1464 /* we are using an ECC cipher */ 1471 /* we are using an ECC cipher */
1465 size_t i; 1472 size_t i;
1466 unsigned char *list; 1473 unsigned char *list;
1467 int found_uncompressed = 0; 1474 int found_uncompressed = 0;
1468 if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0))
1469 {
1470 SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
1471 return -1;
1472 }
1473 list = s->session->tlsext_ecpointformatlist; 1475 list = s->session->tlsext_ecpointformatlist;
1474 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) 1476 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1475 { 1477 {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 21:04:55 +0000