diff options
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 41 | 
1 files changed, 25 insertions, 16 deletions
| diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index abebaa0fc4..ad627d10d8 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.155 2017/08/10 17:18:38 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.156 2017/08/11 17:54:41 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -2438,36 +2438,45 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 2438 | } | 2438 | } | 
| 2439 | 2439 | ||
| 2440 | int | 2440 | int | 
| 2441 | ssl3_get_req_cert_type(SSL *s, unsigned char *p) | 2441 | ssl3_get_req_cert_types(SSL *s, CBB *cbb) | 
| 2442 | { | 2442 | { | 
| 2443 | int ret = 0; | 2443 | unsigned long alg_k; | 
| 2444 | unsigned long alg_k; | ||
| 2445 | 2444 | ||
| 2446 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; | 2445 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; | 
| 2447 | 2446 | ||
| 2448 | #ifndef OPENSSL_NO_GOST | 2447 | #ifndef OPENSSL_NO_GOST | 
| 2449 | if ((alg_k & SSL_kGOST)) { | 2448 | if ((alg_k & SSL_kGOST) != 0) { | 
| 2450 | p[ret++] = TLS_CT_GOST94_SIGN; | 2449 | if (!CBB_add_u8(cbb, TLS_CT_GOST94_SIGN)) | 
| 2451 | p[ret++] = TLS_CT_GOST01_SIGN; | 2450 | return 0; | 
| 2452 | p[ret++] = TLS_CT_GOST12_256_SIGN; | 2451 | if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN)) | 
| 2453 | p[ret++] = TLS_CT_GOST12_512_SIGN; | 2452 | return 0; | 
| 2453 | if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN)) | ||
| 2454 | return 0; | ||
| 2455 | if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN)) | ||
| 2456 | return 0; | ||
| 2454 | } | 2457 | } | 
| 2455 | #endif | 2458 | #endif | 
| 2456 | 2459 | ||
| 2457 | if (alg_k & SSL_kDHE) { | 2460 | if ((alg_k & SSL_kDHE) != 0) { | 
| 2458 | p[ret++] = SSL3_CT_RSA_FIXED_DH; | 2461 | if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH)) | 
| 2459 | p[ret++] = SSL3_CT_DSS_FIXED_DH; | 2462 | return 0; | 
| 2463 | if (!CBB_add_u8(cbb, SSL3_CT_DSS_FIXED_DH)) | ||
| 2464 | return 0; | ||
| 2460 | } | 2465 | } | 
| 2461 | p[ret++] = SSL3_CT_RSA_SIGN; | 2466 | |
| 2462 | p[ret++] = SSL3_CT_DSS_SIGN; | 2467 | if (!CBB_add_u8(cbb, SSL3_CT_RSA_SIGN)) | 
| 2468 | return 0; | ||
| 2469 | if (!CBB_add_u8(cbb, SSL3_CT_DSS_SIGN)) | ||
| 2470 | return 0; | ||
| 2463 | 2471 | ||
| 2464 | /* | 2472 | /* | 
| 2465 | * ECDSA certs can be used with RSA cipher suites as well | 2473 | * ECDSA certs can be used with RSA cipher suites as well | 
| 2466 | * so we don't need to check for SSL_kECDH or SSL_kECDHE. | 2474 | * so we don't need to check for SSL_kECDH or SSL_kECDHE. | 
| 2467 | */ | 2475 | */ | 
| 2468 | p[ret++] = TLS_CT_ECDSA_SIGN; | 2476 | if (!CBB_add_u8(cbb, TLS_CT_ECDSA_SIGN)) | 
| 2477 | return 0; | ||
| 2469 | 2478 | ||
| 2470 | return (ret); | 2479 | return 1; | 
| 2471 | } | 2480 | } | 
| 2472 | 2481 | ||
| 2473 | int | 2482 | int | 
