summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
-rw-r--r--src/lib/libssl/ssl_clnt.c36
1 files changed, 12 insertions, 24 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 6b43b565b9..7f69b8ba98 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.91 2021/04/19 16:51:56 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.92 2021/04/21 19:27:56 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -391,7 +391,7 @@ ssl3_connect(SSL *s)
391 goto end; 391 goto end;
392 if (SSL_is_dtls(s)) 392 if (SSL_is_dtls(s))
393 dtls1_stop_timer(s); 393 dtls1_stop_timer(s);
394 if (S3I(s)->tmp.cert_req) 394 if (S3I(s)->hs.tls12.cert_request)
395 S3I(s)->hs.state = SSL3_ST_CW_CERT_A; 395 S3I(s)->hs.state = SSL3_ST_CW_CERT_A;
396 else 396 else
397 S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A; 397 S3I(s)->hs.state = SSL3_ST_CW_KEY_EXCH_A;
@@ -435,7 +435,7 @@ ssl3_connect(SSL *s)
435 * message when client's ECDH public key is sent 435 * message when client's ECDH public key is sent
436 * inside the client certificate. 436 * inside the client certificate.
437 */ 437 */
438 if (S3I(s)->tmp.cert_req == 1) { 438 if (S3I(s)->hs.tls12.cert_request == 1) {
439 S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A; 439 S3I(s)->hs.state = SSL3_ST_CW_CERT_VRFY_A;
440 } else { 440 } else {
441 S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A; 441 S3I(s)->hs.state = SSL3_ST_CW_CHANGE_A;
@@ -1650,8 +1650,7 @@ ssl3_get_certificate_request(SSL *s)
1650{ 1650{
1651 int ok, ret = 0; 1651 int ok, ret = 0;
1652 long n; 1652 long n;
1653 uint8_t ctype_num; 1653 CBS cert_request, cert_types, rdn_list;
1654 CBS cert_request, ctypes, rdn_list;
1655 X509_NAME *xn = NULL; 1654 X509_NAME *xn = NULL;
1656 const unsigned char *q; 1655 const unsigned char *q;
1657 STACK_OF(X509_NAME) *ca_sk = NULL; 1656 STACK_OF(X509_NAME) *ca_sk = NULL;
@@ -1661,7 +1660,7 @@ ssl3_get_certificate_request(SSL *s)
1661 if (!ok) 1660 if (!ok)
1662 return ((int)n); 1661 return ((int)n);
1663 1662
1664 S3I(s)->tmp.cert_req = 0; 1663 S3I(s)->hs.tls12.cert_request = 0;
1665 1664
1666 if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) { 1665 if (S3I(s)->hs.tls12.message_type == SSL3_MT_SERVER_DONE) {
1667 S3I(s)->hs.tls12.reuse_message = 1; 1666 S3I(s)->hs.tls12.reuse_message = 1;
@@ -1695,19 +1694,9 @@ ssl3_get_certificate_request(SSL *s)
1695 goto err; 1694 goto err;
1696 } 1695 }
1697 1696
1698 /* get the certificate types */ 1697 if (!CBS_get_u8_length_prefixed(&cert_request, &cert_types))
1699 if (!CBS_get_u8(&cert_request, &ctype_num))
1700 goto decode_err; 1698 goto decode_err;
1701 1699
1702 if (ctype_num > SSL3_CT_NUMBER)
1703 ctype_num = SSL3_CT_NUMBER;
1704 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) ||
1705 !CBS_write_bytes(&ctypes, (uint8_t *)S3I(s)->tmp.ctype,
1706 sizeof(S3I(s)->tmp.ctype), NULL)) {
1707 SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
1708 goto err;
1709 }
1710
1711 if (SSL_USE_SIGALGS(s)) { 1700 if (SSL_USE_SIGALGS(s)) {
1712 CBS sigalgs; 1701 CBS sigalgs;
1713 1702
@@ -1778,10 +1767,9 @@ ssl3_get_certificate_request(SSL *s)
1778 } 1767 }
1779 1768
1780 /* we should setup a certificate to return.... */ 1769 /* we should setup a certificate to return.... */
1781 S3I(s)->tmp.cert_req = 1; 1770 S3I(s)->hs.tls12.cert_request = 1;
1782 S3I(s)->tmp.ctype_num = ctype_num; 1771 sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
1783 sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); 1772 S3I(s)->hs.tls12.ca_names = ca_sk;
1784 S3I(s)->tmp.ca_names = ca_sk;
1785 ca_sk = NULL; 1773 ca_sk = NULL;
1786 1774
1787 ret = 1; 1775 ret = 1;
@@ -2228,7 +2216,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
2228 /* 2216 /*
2229 * If we have client certificate, use its secret as peer key. 2217 * If we have client certificate, use its secret as peer key.
2230 */ 2218 */
2231 if (S3I(s)->tmp.cert_req && s->cert->key->privatekey) { 2219 if (S3I(s)->hs.tls12.cert_request && s->cert->key->privatekey) {
2232 if (EVP_PKEY_derive_set_peer(pkey_ctx, 2220 if (EVP_PKEY_derive_set_peer(pkey_ctx,
2233 s->cert->key->privatekey) <=0) { 2221 s->cert->key->privatekey) <=0) {
2234 /* 2222 /*
@@ -2681,7 +2669,7 @@ ssl3_send_client_certificate(SSL *s)
2681 X509_free(x509); 2669 X509_free(x509);
2682 EVP_PKEY_free(pkey); 2670 EVP_PKEY_free(pkey);
2683 if (i == 0) { 2671 if (i == 0) {
2684 S3I(s)->tmp.cert_req = 2; 2672 S3I(s)->hs.tls12.cert_request = 2;
2685 2673
2686 /* There is no client certificate to verify. */ 2674 /* There is no client certificate to verify. */
2687 tls1_transcript_free(s); 2675 tls1_transcript_free(s);
@@ -2696,7 +2684,7 @@ ssl3_send_client_certificate(SSL *s)
2696 SSL3_MT_CERTIFICATE)) 2684 SSL3_MT_CERTIFICATE))
2697 goto err; 2685 goto err;
2698 if (!ssl3_output_cert_chain(s, &client_cert, 2686 if (!ssl3_output_cert_chain(s, &client_cert,
2699 (S3I(s)->tmp.cert_req == 2) ? NULL : s->cert->key)) 2687 (S3I(s)->hs.tls12.cert_request == 2) ? NULL : s->cert->key))
2700 goto err; 2688 goto err;
2701 if (!ssl3_handshake_msg_finish(s, &cbb)) 2689 if (!ssl3_handshake_msg_finish(s, &cbb))
2702 goto err; 2690 goto err;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-14 20:00:55 +0000