diff options
Diffstat (limited to 'src/lib/libssl/t1_lib.c')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 38 | 
1 files changed, 22 insertions, 16 deletions
| diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index d1d20b6bda..08818f4870 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.99 2017/01/22 09:02:07 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.100 2017/01/23 04:15:28 jsing Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -1859,10 +1859,12 @@ ssl_check_clienthello_tlsext_early(SSL *s) | |||
| 1859 | * ssl3_choose_cipher in s3_lib.c. | 1859 | * ssl3_choose_cipher in s3_lib.c. | 
| 1860 | */ | 1860 | */ | 
| 1861 | 1861 | ||
| 1862 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | 1862 | if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0) | 
| 1863 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | 1863 | ret = s->ctx->internal->tlsext_servername_callback(s, &al, | 
| 1864 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | 1864 | s->ctx->internal->tlsext_servername_arg); | 
| 1865 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | 1865 | else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0) | 
| 1866 | ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al, | ||
| 1867 | s->initial_ctx->internal->tlsext_servername_arg); | ||
| 1866 | 1868 | ||
| 1867 | switch (ret) { | 1869 | switch (ret) { | 
| 1868 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 1870 | case SSL_TLSEXT_ERR_ALERT_FATAL: | 
| @@ -1890,7 +1892,7 @@ ssl_check_clienthello_tlsext_late(SSL *s) | |||
| 1890 | * has been chosen because this may influence which certificate is sent | 1892 | * has been chosen because this may influence which certificate is sent | 
| 1891 | */ | 1893 | */ | 
| 1892 | if ((s->tlsext_status_type != -1) && | 1894 | if ((s->tlsext_status_type != -1) && | 
| 1893 | s->ctx && s->ctx->tlsext_status_cb) { | 1895 | s->ctx && s->ctx->internal->tlsext_status_cb) { | 
| 1894 | int r; | 1896 | int r; | 
| 1895 | CERT_PKEY *certpkey; | 1897 | CERT_PKEY *certpkey; | 
| 1896 | certpkey = ssl_get_server_send_pkey(s); | 1898 | certpkey = ssl_get_server_send_pkey(s); | 
| @@ -1903,7 +1905,8 @@ ssl_check_clienthello_tlsext_late(SSL *s) | |||
| 1903 | * SSL_get_certificate et al can pick it up. | 1905 | * SSL_get_certificate et al can pick it up. | 
| 1904 | */ | 1906 | */ | 
| 1905 | s->cert->key = certpkey; | 1907 | s->cert->key = certpkey; | 
| 1906 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | 1908 | r = s->ctx->internal->tlsext_status_cb(s, | 
| 1909 | s->ctx->internal->tlsext_status_arg); | ||
| 1907 | switch (r) { | 1910 | switch (r) { | 
| 1908 | /* We don't want to send a status request response */ | 1911 | /* We don't want to send a status request response */ | 
| 1909 | case SSL_TLSEXT_ERR_NOACK: | 1912 | case SSL_TLSEXT_ERR_NOACK: | 
| @@ -1973,16 +1976,18 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1973 | } | 1976 | } | 
| 1974 | ret = SSL_TLSEXT_ERR_OK; | 1977 | ret = SSL_TLSEXT_ERR_OK; | 
| 1975 | 1978 | ||
| 1976 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | 1979 | if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0) | 
| 1977 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | 1980 | ret = s->ctx->internal->tlsext_servername_callback(s, &al, | 
| 1978 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | 1981 | s->ctx->internal->tlsext_servername_arg); | 
| 1979 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | 1982 | else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0) | 
| 1983 | ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al, | ||
| 1984 | s->initial_ctx->internal->tlsext_servername_arg); | ||
| 1980 | 1985 | ||
| 1981 | /* If we've requested certificate status and we wont get one | 1986 | /* If we've requested certificate status and we wont get one | 
| 1982 | * tell the callback | 1987 | * tell the callback | 
| 1983 | */ | 1988 | */ | 
| 1984 | if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) && | 1989 | if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) && | 
| 1985 | s->ctx && s->ctx->tlsext_status_cb) { | 1990 | s->ctx && s->ctx->internal->tlsext_status_cb) { | 
| 1986 | int r; | 1991 | int r; | 
| 1987 | /* Set resp to NULL, resplen to -1 so callback knows | 1992 | /* Set resp to NULL, resplen to -1 so callback knows | 
| 1988 | * there is no response. | 1993 | * there is no response. | 
| @@ -1990,7 +1995,8 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1990 | free(s->tlsext_ocsp_resp); | 1995 | free(s->tlsext_ocsp_resp); | 
| 1991 | s->tlsext_ocsp_resp = NULL; | 1996 | s->tlsext_ocsp_resp = NULL; | 
| 1992 | s->tlsext_ocsp_resplen = -1; | 1997 | s->tlsext_ocsp_resplen = -1; | 
| 1993 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | 1998 | r = s->ctx->internal->tlsext_status_cb(s, | 
| 1999 | s->ctx->internal->tlsext_status_arg); | ||
| 1994 | if (r == 0) { | 2000 | if (r == 0) { | 
| 1995 | al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; | 2001 | al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; | 
| 1996 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | 2002 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | 
| @@ -2182,10 +2188,10 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | |||
| 2182 | /* Initialize session ticket encryption and HMAC contexts */ | 2188 | /* Initialize session ticket encryption and HMAC contexts */ | 
| 2183 | HMAC_CTX_init(&hctx); | 2189 | HMAC_CTX_init(&hctx); | 
| 2184 | EVP_CIPHER_CTX_init(&ctx); | 2190 | EVP_CIPHER_CTX_init(&ctx); | 
| 2185 | if (tctx->tlsext_ticket_key_cb) { | 2191 | if (tctx->internal->tlsext_ticket_key_cb) { | 
| 2186 | unsigned char *nctick = (unsigned char *)etick; | 2192 | unsigned char *nctick = (unsigned char *)etick; | 
| 2187 | int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, | 2193 | int rv = tctx->internal->tlsext_ticket_key_cb(s, | 
| 2188 | &ctx, &hctx, 0); | 2194 | nctick, nctick + 16, &ctx, &hctx, 0); | 
| 2189 | if (rv < 0) { | 2195 | if (rv < 0) { | 
| 2190 | HMAC_CTX_cleanup(&hctx); | 2196 | HMAC_CTX_cleanup(&hctx); | 
| 2191 | EVP_CIPHER_CTX_cleanup(&ctx); | 2197 | EVP_CIPHER_CTX_cleanup(&ctx); | 
