summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/t1_lib.c')
-rw-r--r--src/lib/libssl/t1_lib.c38
1 files changed, 22 insertions, 16 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index d1d20b6bda..08818f4870 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.99 2017/01/22 09:02:07 jsing Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.100 2017/01/23 04:15:28 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1859,10 +1859,12 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1859 * ssl3_choose_cipher in s3_lib.c. 1859 * ssl3_choose_cipher in s3_lib.c.
1860 */ 1860 */
1861 1861
1862 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 1862 if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0)
1863 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); 1863 ret = s->ctx->internal->tlsext_servername_callback(s, &al,
1864 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1864 s->ctx->internal->tlsext_servername_arg);
1865 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1865 else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0)
1866 ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al,
1867 s->initial_ctx->internal->tlsext_servername_arg);
1866 1868
1867 switch (ret) { 1869 switch (ret) {
1868 case SSL_TLSEXT_ERR_ALERT_FATAL: 1870 case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -1890,7 +1892,7 @@ ssl_check_clienthello_tlsext_late(SSL *s)
1890 * has been chosen because this may influence which certificate is sent 1892 * has been chosen because this may influence which certificate is sent
1891 */ 1893 */
1892 if ((s->tlsext_status_type != -1) && 1894 if ((s->tlsext_status_type != -1) &&
1893 s->ctx && s->ctx->tlsext_status_cb) { 1895 s->ctx && s->ctx->internal->tlsext_status_cb) {
1894 int r; 1896 int r;
1895 CERT_PKEY *certpkey; 1897 CERT_PKEY *certpkey;
1896 certpkey = ssl_get_server_send_pkey(s); 1898 certpkey = ssl_get_server_send_pkey(s);
@@ -1903,7 +1905,8 @@ ssl_check_clienthello_tlsext_late(SSL *s)
1903 * SSL_get_certificate et al can pick it up. 1905 * SSL_get_certificate et al can pick it up.
1904 */ 1906 */
1905 s->cert->key = certpkey; 1907 s->cert->key = certpkey;
1906 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1908 r = s->ctx->internal->tlsext_status_cb(s,
1909 s->ctx->internal->tlsext_status_arg);
1907 switch (r) { 1910 switch (r) {
1908 /* We don't want to send a status request response */ 1911 /* We don't want to send a status request response */
1909 case SSL_TLSEXT_ERR_NOACK: 1912 case SSL_TLSEXT_ERR_NOACK:
@@ -1973,16 +1976,18 @@ ssl_check_serverhello_tlsext(SSL *s)
1973 } 1976 }
1974 ret = SSL_TLSEXT_ERR_OK; 1977 ret = SSL_TLSEXT_ERR_OK;
1975 1978
1976 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 1979 if (s->ctx != NULL && s->ctx->internal->tlsext_servername_callback != 0)
1977 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); 1980 ret = s->ctx->internal->tlsext_servername_callback(s, &al,
1978 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1981 s->ctx->internal->tlsext_servername_arg);
1979 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1982 else if (s->initial_ctx != NULL && s->initial_ctx->internal->tlsext_servername_callback != 0)
1983 ret = s->initial_ctx->internal->tlsext_servername_callback(s, &al,
1984 s->initial_ctx->internal->tlsext_servername_arg);
1980 1985
1981 /* If we've requested certificate status and we wont get one 1986 /* If we've requested certificate status and we wont get one
1982 * tell the callback 1987 * tell the callback
1983 */ 1988 */
1984 if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) && 1989 if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) &&
1985 s->ctx && s->ctx->tlsext_status_cb) { 1990 s->ctx && s->ctx->internal->tlsext_status_cb) {
1986 int r; 1991 int r;
1987 /* Set resp to NULL, resplen to -1 so callback knows 1992 /* Set resp to NULL, resplen to -1 so callback knows
1988 * there is no response. 1993 * there is no response.
@@ -1990,7 +1995,8 @@ ssl_check_serverhello_tlsext(SSL *s)
1990 free(s->tlsext_ocsp_resp); 1995 free(s->tlsext_ocsp_resp);
1991 s->tlsext_ocsp_resp = NULL; 1996 s->tlsext_ocsp_resp = NULL;
1992 s->tlsext_ocsp_resplen = -1; 1997 s->tlsext_ocsp_resplen = -1;
1993 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1998 r = s->ctx->internal->tlsext_status_cb(s,
1999 s->ctx->internal->tlsext_status_arg);
1994 if (r == 0) { 2000 if (r == 0) {
1995 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; 2001 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1996 ret = SSL_TLSEXT_ERR_ALERT_FATAL; 2002 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
@@ -2182,10 +2188,10 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
2182 /* Initialize session ticket encryption and HMAC contexts */ 2188 /* Initialize session ticket encryption and HMAC contexts */
2183 HMAC_CTX_init(&hctx); 2189 HMAC_CTX_init(&hctx);
2184 EVP_CIPHER_CTX_init(&ctx); 2190 EVP_CIPHER_CTX_init(&ctx);
2185 if (tctx->tlsext_ticket_key_cb) { 2191 if (tctx->internal->tlsext_ticket_key_cb) {
2186 unsigned char *nctick = (unsigned char *)etick; 2192 unsigned char *nctick = (unsigned char *)etick;
2187 int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, 2193 int rv = tctx->internal->tlsext_ticket_key_cb(s,
2188 &ctx, &hctx, 0); 2194 nctick, nctick + 16, &ctx, &hctx, 0);
2189 if (rv < 0) { 2195 if (rv < 0) {
2190 HMAC_CTX_cleanup(&hctx); 2196 HMAC_CTX_cleanup(&hctx);
2191 EVP_CIPHER_CTX_cleanup(&ctx); 2197 EVP_CIPHER_CTX_cleanup(&ctx);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 12:59:15 +0000