diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 6fb5eca4b3..f6ca3e7f3c 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.12 2017/04/10 06:09:32 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.13 2017/05/06 22:24:57 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -292,7 +292,7 @@ ssl3_connect(SSL *s) | |||
| 292 | break; | 292 | break; |
| 293 | } | 293 | } |
| 294 | /* Check if it is anon DH/ECDH. */ | 294 | /* Check if it is anon DH/ECDH. */ |
| 295 | if (!(S3I(s)->tmp.new_cipher->algorithm_auth & | 295 | if (!(S3I(s)->hs.new_cipher->algorithm_auth & |
| 296 | SSL_aNULL)) { | 296 | SSL_aNULL)) { |
| 297 | ret = ssl3_get_server_certificate(s); | 297 | ret = ssl3_get_server_certificate(s); |
| 298 | if (ret <= 0) | 298 | if (ret <= 0) |
| @@ -417,7 +417,7 @@ ssl3_connect(SSL *s) | |||
| 417 | s->internal->state = SSL3_ST_CW_FINISHED_A; | 417 | s->internal->state = SSL3_ST_CW_FINISHED_A; |
| 418 | s->internal->init_num = 0; | 418 | s->internal->init_num = 0; |
| 419 | 419 | ||
| 420 | s->session->cipher = S3I(s)->tmp.new_cipher; | 420 | s->session->cipher = S3I(s)->hs.new_cipher; |
| 421 | if (!tls1_setup_key_block(s)) { | 421 | if (!tls1_setup_key_block(s)) { |
| 422 | ret = -1; | 422 | ret = -1; |
| 423 | goto end; | 423 | goto end; |
| @@ -453,7 +453,7 @@ ssl3_connect(SSL *s) | |||
| 453 | /* clear flags */ | 453 | /* clear flags */ |
| 454 | s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; | 454 | s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; |
| 455 | if (s->internal->hit) { | 455 | if (s->internal->hit) { |
| 456 | S3I(s)->tmp.next_state = SSL_ST_OK; | 456 | S3I(s)->hs.next_state = SSL_ST_OK; |
| 457 | if (s->s3->flags & | 457 | if (s->s3->flags & |
| 458 | SSL3_FLAGS_DELAY_CLIENT_FINISHED) { | 458 | SSL3_FLAGS_DELAY_CLIENT_FINISHED) { |
| 459 | s->internal->state = SSL_ST_OK; | 459 | s->internal->state = SSL_ST_OK; |
| @@ -463,11 +463,11 @@ ssl3_connect(SSL *s) | |||
| 463 | } else { | 463 | } else { |
| 464 | /* Allow NewSessionTicket if ticket expected */ | 464 | /* Allow NewSessionTicket if ticket expected */ |
| 465 | if (s->internal->tlsext_ticket_expected) | 465 | if (s->internal->tlsext_ticket_expected) |
| 466 | S3I(s)->tmp.next_state = | 466 | S3I(s)->hs.next_state = |
| 467 | SSL3_ST_CR_SESSION_TICKET_A; | 467 | SSL3_ST_CR_SESSION_TICKET_A; |
| 468 | else | 468 | else |
| 469 | 469 | ||
| 470 | S3I(s)->tmp.next_state = SSL3_ST_CR_FINISHED_A; | 470 | S3I(s)->hs.next_state = SSL3_ST_CR_FINISHED_A; |
| 471 | } | 471 | } |
| 472 | s->internal->init_num = 0; | 472 | s->internal->init_num = 0; |
| 473 | break; | 473 | break; |
| @@ -512,7 +512,7 @@ ssl3_connect(SSL *s) | |||
| 512 | goto end; | 512 | goto end; |
| 513 | } | 513 | } |
| 514 | s->internal->rwstate = SSL_NOTHING; | 514 | s->internal->rwstate = SSL_NOTHING; |
| 515 | s->internal->state = S3I(s)->tmp.next_state; | 515 | s->internal->state = S3I(s)->hs.next_state; |
| 516 | break; | 516 | break; |
| 517 | 517 | ||
| 518 | case SSL_ST_OK: | 518 | case SSL_ST_OK: |
| @@ -899,7 +899,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 899 | SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); | 899 | SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); |
| 900 | goto f_err; | 900 | goto f_err; |
| 901 | } | 901 | } |
| 902 | S3I(s)->tmp.new_cipher = cipher; | 902 | S3I(s)->hs.new_cipher = cipher; |
| 903 | 903 | ||
| 904 | if (!tls1_handshake_hash_init(s)) | 904 | if (!tls1_handshake_hash_init(s)) |
| 905 | goto err; | 905 | goto err; |
| @@ -908,7 +908,7 @@ ssl3_get_server_hello(SSL *s) | |||
| 908 | * Don't digest cached records if no sigalgs: we may need them for | 908 | * Don't digest cached records if no sigalgs: we may need them for |
| 909 | * client authentication. | 909 | * client authentication. |
| 910 | */ | 910 | */ |
| 911 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 911 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; |
| 912 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && | 912 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && |
| 913 | !tls1_digest_cached_records(s)) { | 913 | !tls1_digest_cached_records(s)) { |
| 914 | al = SSL_AD_INTERNAL_ERROR; | 914 | al = SSL_AD_INTERNAL_ERROR; |
| @@ -1116,7 +1116,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) | |||
| 1116 | long alg_a; | 1116 | long alg_a; |
| 1117 | int al; | 1117 | int al; |
| 1118 | 1118 | ||
| 1119 | alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 1119 | alg_a = S3I(s)->hs.new_cipher->algorithm_auth; |
| 1120 | sc = SSI(s)->sess_cert; | 1120 | sc = SSI(s)->sess_cert; |
| 1121 | 1121 | ||
| 1122 | if (*nn < 0) | 1122 | if (*nn < 0) |
| @@ -1283,7 +1283,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) | |||
| 1283 | int nid; | 1283 | int nid; |
| 1284 | int al; | 1284 | int al; |
| 1285 | 1285 | ||
| 1286 | alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 1286 | alg_a = S3I(s)->hs.new_cipher->algorithm_auth; |
| 1287 | sc = SSI(s)->sess_cert; | 1287 | sc = SSI(s)->sess_cert; |
| 1288 | 1288 | ||
| 1289 | if (*nn < 0) | 1289 | if (*nn < 0) |
| @@ -1368,8 +1368,8 @@ ssl3_get_server_key_exchange(SSL *s) | |||
| 1368 | const EVP_MD *md = NULL; | 1368 | const EVP_MD *md = NULL; |
| 1369 | RSA *rsa = NULL; | 1369 | RSA *rsa = NULL; |
| 1370 | 1370 | ||
| 1371 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 1371 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; |
| 1372 | alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 1372 | alg_a = S3I(s)->hs.new_cipher->algorithm_auth; |
| 1373 | 1373 | ||
| 1374 | /* | 1374 | /* |
| 1375 | * Use same message size as in ssl3_get_certificate_request() | 1375 | * Use same message size as in ssl3_get_certificate_request() |
| @@ -1590,7 +1590,7 @@ ssl3_get_certificate_request(SSL *s) | |||
| 1590 | } | 1590 | } |
| 1591 | 1591 | ||
| 1592 | /* TLS does not like anon-DH with client cert */ | 1592 | /* TLS does not like anon-DH with client cert */ |
| 1593 | if (S3I(s)->tmp.new_cipher->algorithm_auth & SSL_aNULL) { | 1593 | if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) { |
| 1594 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); | 1594 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); |
| 1595 | SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); | 1595 | SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); |
| 1596 | goto err; | 1596 | goto err; |
| @@ -2274,7 +2274,7 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2274 | memset(&cbb, 0, sizeof(cbb)); | 2274 | memset(&cbb, 0, sizeof(cbb)); |
| 2275 | 2275 | ||
| 2276 | if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) { | 2276 | if (s->internal->state == SSL3_ST_CW_KEY_EXCH_A) { |
| 2277 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 2277 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; |
| 2278 | 2278 | ||
| 2279 | if ((sess_cert = SSI(s)->sess_cert) == NULL) { | 2279 | if ((sess_cert = SSI(s)->sess_cert) == NULL) { |
| 2280 | ssl3_send_alert(s, SSL3_AL_FATAL, | 2280 | ssl3_send_alert(s, SSL3_AL_FATAL, |
| @@ -2558,8 +2558,8 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2558 | SESS_CERT *sc; | 2558 | SESS_CERT *sc; |
| 2559 | DH *dh; | 2559 | DH *dh; |
| 2560 | 2560 | ||
| 2561 | alg_k = S3I(s)->tmp.new_cipher->algorithm_mkey; | 2561 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; |
| 2562 | alg_a = S3I(s)->tmp.new_cipher->algorithm_auth; | 2562 | alg_a = S3I(s)->hs.new_cipher->algorithm_auth; |
| 2563 | 2563 | ||
| 2564 | /* We don't have a certificate. */ | 2564 | /* We don't have a certificate. */ |
| 2565 | if (alg_a & SSL_aNULL) | 2565 | if (alg_a & SSL_aNULL) |