summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/t1_lib.c')
-rw-r--r--src/lib/libssl/t1_lib.c52
1 files changed, 29 insertions, 23 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 958c105dd9..55624a2d24 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.97 2017/01/22 05:14:42 beck Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.98 2017/01/22 06:36:49 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -862,7 +862,8 @@ skip_ext:
862 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); 862 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
863 } 863 }
864 864
865 if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { 865 if (s->ctx->internal->next_proto_select_cb &&
866 !s->s3->tmp.finish_md_len) {
866 /* The client advertises an emtpy extension to indicate its 867 /* The client advertises an emtpy extension to indicate its
867 * support for Next Protocol Negotiation */ 868 * support for Next Protocol Negotiation */
868 if ((size_t)(limit - ret) < 4) 869 if ((size_t)(limit - ret) < 4)
@@ -871,16 +872,17 @@ skip_ext:
871 s2n(0, ret); 872 s2n(0, ret);
872 } 873 }
873 874
874 if (s->alpn_client_proto_list != NULL && 875 if (s->internal->alpn_client_proto_list != NULL &&
875 s->s3->tmp.finish_md_len == 0) { 876 s->s3->tmp.finish_md_len == 0) {
876 if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len) 877 if ((size_t)(limit - ret) <
878 6 + s->internal->alpn_client_proto_list_len)
877 return (NULL); 879 return (NULL);
878 s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret); 880 s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
879 s2n(2 + s->alpn_client_proto_list_len, ret); 881 s2n(2 + s->internal->alpn_client_proto_list_len, ret);
880 s2n(s->alpn_client_proto_list_len, ret); 882 s2n(s->internal->alpn_client_proto_list_len, ret);
881 memcpy(ret, s->alpn_client_proto_list, 883 memcpy(ret, s->internal->alpn_client_proto_list,
882 s->alpn_client_proto_list_len); 884 s->internal->alpn_client_proto_list_len);
883 ret += s->alpn_client_proto_list_len; 885 ret += s->internal->alpn_client_proto_list_len;
884 } 886 }
885 887
886#ifndef OPENSSL_NO_SRTP 888#ifndef OPENSSL_NO_SRTP
@@ -1085,13 +1087,13 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
1085 1087
1086 next_proto_neg_seen = s->s3->next_proto_neg_seen; 1088 next_proto_neg_seen = s->s3->next_proto_neg_seen;
1087 s->s3->next_proto_neg_seen = 0; 1089 s->s3->next_proto_neg_seen = 0;
1088 if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) { 1090 if (next_proto_neg_seen && s->ctx->internal->next_protos_advertised_cb) {
1089 const unsigned char *npa; 1091 const unsigned char *npa;
1090 unsigned int npalen; 1092 unsigned int npalen;
1091 int r; 1093 int r;
1092 1094
1093 r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, 1095 r = s->ctx->internal->next_protos_advertised_cb(s, &npa, &npalen,
1094 s->ctx->next_protos_advertised_cb_arg); 1096 s->ctx->internal->next_protos_advertised_cb_arg);
1095 if (r == SSL_TLSEXT_ERR_OK) { 1097 if (r == SSL_TLSEXT_ERR_OK) {
1096 if ((size_t)(limit - ret) < 4 + npalen) 1098 if ((size_t)(limit - ret) < 4 + npalen)
1097 return NULL; 1099 return NULL;
@@ -1142,7 +1144,7 @@ tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
1142 unsigned char selected_len; 1144 unsigned char selected_len;
1143 int r; 1145 int r;
1144 1146
1145 if (s->ctx->alpn_select_cb == NULL) 1147 if (s->ctx->internal->alpn_select_cb == NULL)
1146 return (1); 1148 return (1);
1147 1149
1148 if (data_len < 2) 1150 if (data_len < 2)
@@ -1169,8 +1171,9 @@ tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
1169 goto parse_error; 1171 goto parse_error;
1170 } 1172 }
1171 1173
1172 r = s->ctx->alpn_select_cb(s, &selected, &selected_len, 1174 r = s->ctx->internal->alpn_select_cb(s, &selected, &selected_len,
1173 CBS_data(&alpn), CBS_len(&alpn), s->ctx->alpn_select_cb_arg); 1175 CBS_data(&alpn), CBS_len(&alpn),
1176 s->ctx->internal->alpn_select_cb_arg);
1174 if (r == SSL_TLSEXT_ERR_OK) { 1177 if (r == SSL_TLSEXT_ERR_OK) {
1175 free(s->s3->alpn_selected); 1178 free(s->s3->alpn_selected);
1176 if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { 1179 if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) {
@@ -1547,7 +1550,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1547 } 1550 }
1548 else if (type == 1551 else if (type ==
1549 TLSEXT_TYPE_application_layer_protocol_negotiation && 1552 TLSEXT_TYPE_application_layer_protocol_negotiation &&
1550 s->ctx->alpn_select_cb != NULL && 1553 s->ctx->internal->alpn_select_cb != NULL &&
1551 s->s3->tmp.finish_md_len == 0) { 1554 s->s3->tmp.finish_md_len == 0) {
1552 if (tls1_alpn_handle_client_hello(s, data, 1555 if (tls1_alpn_handle_client_hello(s, data,
1553 size, al) != 1) 1556 size, al) != 1)
@@ -1716,7 +1719,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1716 unsigned char selected_len; 1719 unsigned char selected_len;
1717 1720
1718 /* We must have requested it. */ 1721 /* We must have requested it. */
1719 if (s->ctx->next_proto_select_cb == NULL) { 1722 if (s->ctx->internal->next_proto_select_cb == NULL) {
1720 *al = TLS1_AD_UNSUPPORTED_EXTENSION; 1723 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1721 return 0; 1724 return 0;
1722 } 1725 }
@@ -1725,17 +1728,20 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1725 *al = TLS1_AD_DECODE_ERROR; 1728 *al = TLS1_AD_DECODE_ERROR;
1726 return 0; 1729 return 0;
1727 } 1730 }
1728 if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) { 1731 if (s->ctx->internal->next_proto_select_cb(s, &selected,
1732 &selected_len, data, size,
1733 s->ctx->internal->next_proto_select_cb_arg) !=
1734 SSL_TLSEXT_ERR_OK) {
1729 *al = TLS1_AD_INTERNAL_ERROR; 1735 *al = TLS1_AD_INTERNAL_ERROR;
1730 return 0; 1736 return 0;
1731 } 1737 }
1732 s->next_proto_negotiated = malloc(selected_len); 1738 s->internal->next_proto_negotiated = malloc(selected_len);
1733 if (!s->next_proto_negotiated) { 1739 if (!s->internal->next_proto_negotiated) {
1734 *al = TLS1_AD_INTERNAL_ERROR; 1740 *al = TLS1_AD_INTERNAL_ERROR;
1735 return 0; 1741 return 0;
1736 } 1742 }
1737 memcpy(s->next_proto_negotiated, selected, selected_len); 1743 memcpy(s->internal->next_proto_negotiated, selected, selected_len);
1738 s->next_proto_negotiated_len = selected_len; 1744 s->internal->next_proto_negotiated_len = selected_len;
1739 s->s3->next_proto_neg_seen = 1; 1745 s->s3->next_proto_neg_seen = 1;
1740 } 1746 }
1741 else if (type == 1747 else if (type ==
@@ -1743,7 +1749,7 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, size_t n, int *al)
1743 unsigned int len; 1749 unsigned int len;
1744 1750
1745 /* We must have requested it. */ 1751 /* We must have requested it. */
1746 if (s->alpn_client_proto_list == NULL) { 1752 if (s->internal->alpn_client_proto_list == NULL) {
1747 *al = TLS1_AD_UNSUPPORTED_EXTENSION; 1753 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1748 return 0; 1754 return 0;
1749 } 1755 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 19:34:51 +0000