8 files changed, 35 insertions, 27 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 87b43a3521..afc798bedc 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.192 2020/04/18 14:07:56 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.193 2020/05/10 14:17:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1842,16 +1842,30 @@ _SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids)
 static int
 _SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp)
 {
-        *resp = s->internal->tlsext_ocsp_resp;
+        if (s->internal->tlsext_ocsp_resp != NULL &&
-        return s->internal->tlsext_ocsp_resplen;
+            s->internal->tlsext_ocsp_resp_len < INT_MAX) {
+                *resp = s->internal->tlsext_ocsp_resp;
+                return (int)s->internal->tlsext_ocsp_resp_len;
+        }
+        *resp = NULL;
+        return -1;
 }
 static int
 _SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len)
 {
        free(s->internal->tlsext_ocsp_resp);
+        s->internal->tlsext_ocsp_resp = NULL;
+        s->internal->tlsext_ocsp_resp_len = 0;
+        if (resp_len < 0)
+                return 0;
        s->internal->tlsext_ocsp_resp = resp;
-        s->internal->tlsext_ocsp_resplen = resp_len;
+        s->internal->tlsext_ocsp_resp_len = (size_t)resp_len;
        return 1;
 }
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index a83453d39c..6b457569a3 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.65 2020/05/09 13:54:19 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.66 2020/05/10 14:17:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1830,7 +1830,6 @@ int
 ssl3_get_cert_status(SSL *s)
 {
        CBS                      cert_status, response;
-        size_t                   stow_len;
        int                      ok, al;
        long                     n;
        uint8_t                  status_type;
@@ -1871,13 +1870,11 @@ ssl3_get_cert_status(SSL *s)
        }
        if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
-            &stow_len) || stow_len > INT_MAX) {
+            &s->internal->tlsext_ocsp_resp_len)) {
-                s->internal->tlsext_ocsp_resplen = 0;
                al = SSL_AD_INTERNAL_ERROR;
                SSLerror(s, ERR_R_MALLOC_FAILURE);
                goto f_err;
        }
-        s->internal->tlsext_ocsp_resplen = (int)stow_len;
        if (s->ctx->internal->tlsext_status_cb) {
                int ret;
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 0c9b90be85..1c4ab636a1 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.212 2020/03/16 15:25:14 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.213 2020/05/10 14:17:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -299,7 +299,7 @@ SSL_new(SSL_CTX *ctx)
        s->internal->tlsext_ocsp_ids = NULL;
        s->internal->tlsext_ocsp_exts = NULL;
        s->internal->tlsext_ocsp_resp = NULL;
-        s->internal->tlsext_ocsp_resplen = -1;
+        s->internal->tlsext_ocsp_resp_len = 0;
        CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
        s->initial_ctx = ctx;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 0212166678..e222348ea9 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.272 2020/04/18 14:07:56 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.273 2020/05/10 14:17:47 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -747,9 +747,10 @@ typedef struct ssl_internal_st {
        /* OCSP status request only */
        STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
        X509_EXTENSIONS *tlsext_ocsp_exts;
        /* OCSP response received or to be sent */
        unsigned char *tlsext_ocsp_resp;
-        int tlsext_ocsp_resplen;
+        size_t tlsext_ocsp_resp_len;
        /* RFC4507 session ticket expected to be received or sent */
        int tlsext_ticket_expected;
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 72419dcf3a..e78099cdad 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.74 2020/05/09 13:51:44 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.75 2020/05/10 14:17:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2624,7 +2624,7 @@ ssl3_send_cert_status(SSL *s)
                if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp))
                        goto err;
                if (!CBB_add_bytes(&ocspresp, s->internal->tlsext_ocsp_resp,
-                    s->internal->tlsext_ocsp_resplen))
+                    s->internal->tlsext_ocsp_resp_len))
                        goto err;
                if (!ssl3_handshake_msg_finish(s, &cbb))
                        goto err;
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 65e53f93be..1f70cb90e6 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.66 2020/05/10 14:07:01 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.67 2020/05/10 14:17:48 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -922,7 +922,6 @@ int
 tlsext_ocsp_client_parse(SSL *s, CBS *cbs, int *alert)
 {
        CBS response;
-        size_t stow_len;
        uint16_t version = TLS1_get_client_version(s);
        uint8_t status_type;
@@ -944,12 +943,10 @@ tlsext_ocsp_client_parse(SSL *s, CBS *cbs, int *alert)
                        return 0;
                }
                if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
-                    &stow_len)) {
+                    &s->internal->tlsext_ocsp_resp_len)) {
-                        s->internal->tlsext_ocsp_resplen = 0;
                        *alert = SSL_AD_INTERNAL_ERROR;
                        return 0;
                }
-                s->internal->tlsext_ocsp_resplen = (int)stow_len;
        } else {
                if (s->tlsext_status_type == -1) {
                        *alert = TLS1_AD_UNSUPPORTED_EXTENSION;
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b265ea089f..fc828541cd 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.165 2020/03/10 17:02:21 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.166 2020/05/10 14:17:48 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -717,12 +717,11 @@ ssl_check_serverhello_tlsext(SSL *s)
        if ((s->tlsext_status_type != -1) && !(s->internal->tlsext_status_expected) &&
            s->ctx && s->ctx->internal->tlsext_status_cb) {
                int r;
-                /* Set resp to NULL, resplen to -1 so callback knows
-                 * there is no response.
-                 */
                free(s->internal->tlsext_ocsp_resp);
                s->internal->tlsext_ocsp_resp = NULL;
-                s->internal->tlsext_ocsp_resplen = -1;
+                s->internal->tlsext_ocsp_resp_len = 0;
                r = s->ctx->internal->tlsext_status_cb(s,
                    s->ctx->internal->tlsext_status_arg);
                if (r == 0) {
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index ad78d5b597..29c81afba3 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.39 2020/05/10 14:03:14 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.40 2020/05/10 14:17:48 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -170,7 +170,7 @@ tls13_legacy_ocsp_status_recv_cb(void *arg)
        int ret;
        if (s->ctx->internal->tlsext_status_cb == NULL ||
-            s->internal->tlsext_ocsp_resplen == -1)
+            s->internal->tlsext_ocsp_resp == NULL)
                return 1;
        ret = s->ctx->internal->tlsext_status_cb(s,

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 87b43a3521..afc798bedc 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.192 2020/04/18 14:07:56 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.193 2020/05/10 14:17:47 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1842,16 +1842,30 @@ _SSL_set_tlsext_status_ids(SSL s, STACK_OF(OCSP_RESPID) ids)
1842	static int	1842	static int
1843	_SSL_get_tlsext_status_ocsp_resp(SSL s, unsigned char *resp)	1843	_SSL_get_tlsext_status_ocsp_resp(SSL s, unsigned char *resp)
1844	{	1844	{
1845	*resp = s->internal->tlsext_ocsp_resp;	1845	if (s->internal->tlsext_ocsp_resp != NULL &&
1846	return s->internal->tlsext_ocsp_resplen;	1846	s->internal->tlsext_ocsp_resp_len < INT_MAX) {
		1847	*resp = s->internal->tlsext_ocsp_resp;
		1848	return (int)s->internal->tlsext_ocsp_resp_len;
		1849	}
		1850
		1851	*resp = NULL;
		1852
		1853	return -1;
1847	}	1854	}
1848		1855
1849	static int	1856	static int
1850	_SSL_set_tlsext_status_ocsp_resp(SSL s, unsigned char resp, int resp_len)	1857	_SSL_set_tlsext_status_ocsp_resp(SSL s, unsigned char resp, int resp_len)
1851	{	1858	{
1852	free(s->internal->tlsext_ocsp_resp);	1859	free(s->internal->tlsext_ocsp_resp);
		1860	s->internal->tlsext_ocsp_resp = NULL;
		1861	s->internal->tlsext_ocsp_resp_len = 0;
		1862
		1863	if (resp_len < 0)
		1864	return 0;
		1865
1853	s->internal->tlsext_ocsp_resp = resp;	1866	s->internal->tlsext_ocsp_resp = resp;
1854	s->internal->tlsext_ocsp_resplen = resp_len;	1867	s->internal->tlsext_ocsp_resp_len = (size_t)resp_len;
		1868
1855	return 1;	1869	return 1;
1856	}	1870	}
1857		1871


diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index a83453d39c..6b457569a3 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.65 2020/05/09 13:54:19 tb Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.66 2020/05/10 14:17:47 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1830,7 +1830,6 @@ int
1830	ssl3_get_cert_status(SSL *s)	1830	ssl3_get_cert_status(SSL *s)
1831	{	1831	{
1832	CBS cert_status, response;	1832	CBS cert_status, response;
1833	size_t stow_len;
1834	int ok, al;	1833	int ok, al;
1835	long n;	1834	long n;
1836	uint8_t status_type;	1835	uint8_t status_type;
@@ -1871,13 +1870,11 @@ ssl3_get_cert_status(SSL *s)
1871	}	1870	}
1872		1871
1873	if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,	1872	if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
1874	&stow_len) \|\| stow_len > INT_MAX) {	1873	&s->internal->tlsext_ocsp_resp_len)) {
1875	s->internal->tlsext_ocsp_resplen = 0;
1876	al = SSL_AD_INTERNAL_ERROR;	1874	al = SSL_AD_INTERNAL_ERROR;
1877	SSLerror(s, ERR_R_MALLOC_FAILURE);	1875	SSLerror(s, ERR_R_MALLOC_FAILURE);
1878	goto f_err;	1876	goto f_err;
1879	}	1877	}
1880	s->internal->tlsext_ocsp_resplen = (int)stow_len;
1881		1878
1882	if (s->ctx->internal->tlsext_status_cb) {	1879	if (s->ctx->internal->tlsext_status_cb) {
1883	int ret;	1880	int ret;


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 0c9b90be85..1c4ab636a1 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.212 2020/03/16 15:25:14 tb Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.213 2020/05/10 14:17:47 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -299,7 +299,7 @@ SSL_new(SSL_CTX *ctx)
299	s->internal->tlsext_ocsp_ids = NULL;	299	s->internal->tlsext_ocsp_ids = NULL;
300	s->internal->tlsext_ocsp_exts = NULL;	300	s->internal->tlsext_ocsp_exts = NULL;
301	s->internal->tlsext_ocsp_resp = NULL;	301	s->internal->tlsext_ocsp_resp = NULL;
302	s->internal->tlsext_ocsp_resplen = -1;	302	s->internal->tlsext_ocsp_resp_len = 0;
303	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);	303	CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
304	s->initial_ctx = ctx;	304	s->initial_ctx = ctx;
305		305


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 0212166678..e222348ea9 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.272 2020/04/18 14:07:56 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.273 2020/05/10 14:17:47 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -747,9 +747,10 @@ typedef struct ssl_internal_st {
747	/* OCSP status request only */	747	/* OCSP status request only */
748	STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;	748	STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
749	X509_EXTENSIONS *tlsext_ocsp_exts;	749	X509_EXTENSIONS *tlsext_ocsp_exts;
		750
750	/* OCSP response received or to be sent */	751	/* OCSP response received or to be sent */
751	unsigned char *tlsext_ocsp_resp;	752	unsigned char *tlsext_ocsp_resp;
752	int tlsext_ocsp_resplen;	753	size_t tlsext_ocsp_resp_len;
753		754
754	/* RFC4507 session ticket expected to be received or sent */	755	/* RFC4507 session ticket expected to be received or sent */
755	int tlsext_ticket_expected;	756	int tlsext_ticket_expected;


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 72419dcf3a..e78099cdad 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.74 2020/05/09 13:51:44 tb Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.75 2020/05/10 14:17:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2624,7 +2624,7 @@ ssl3_send_cert_status(SSL *s)
2624	if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp))	2624	if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp))
2625	goto err;	2625	goto err;
2626	if (!CBB_add_bytes(&ocspresp, s->internal->tlsext_ocsp_resp,	2626	if (!CBB_add_bytes(&ocspresp, s->internal->tlsext_ocsp_resp,
2627	s->internal->tlsext_ocsp_resplen))	2627	s->internal->tlsext_ocsp_resp_len))
2628	goto err;	2628	goto err;
2629	if (!ssl3_handshake_msg_finish(s, &cbb))	2629	if (!ssl3_handshake_msg_finish(s, &cbb))
2630	goto err;	2630	goto err;


diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 65e53f93be..1f70cb90e6 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.66 2020/05/10 14:07:01 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.67 2020/05/10 14:17:48 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -922,7 +922,6 @@ int
922	tlsext_ocsp_client_parse(SSL s, CBS cbs, int *alert)	922	tlsext_ocsp_client_parse(SSL s, CBS cbs, int *alert)
923	{	923	{
924	CBS response;	924	CBS response;
925	size_t stow_len;
926	uint16_t version = TLS1_get_client_version(s);	925	uint16_t version = TLS1_get_client_version(s);
927	uint8_t status_type;	926	uint8_t status_type;
928		927
@@ -944,12 +943,10 @@ tlsext_ocsp_client_parse(SSL s, CBS cbs, int *alert)
944	return 0;	943	return 0;
945	}	944	}
946	if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,	945	if (!CBS_stow(&response, &s->internal->tlsext_ocsp_resp,
947	&stow_len)) {	946	&s->internal->tlsext_ocsp_resp_len)) {
948	s->internal->tlsext_ocsp_resplen = 0;
949	*alert = SSL_AD_INTERNAL_ERROR;	947	*alert = SSL_AD_INTERNAL_ERROR;
950	return 0;	948	return 0;
951	}	949	}
952	s->internal->tlsext_ocsp_resplen = (int)stow_len;
953	} else {	950	} else {
954	if (s->tlsext_status_type == -1) {	951	if (s->tlsext_status_type == -1) {
955	*alert = TLS1_AD_UNSUPPORTED_EXTENSION;	952	*alert = TLS1_AD_UNSUPPORTED_EXTENSION;


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b265ea089f..fc828541cd 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.165 2020/03/10 17:02:21 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.166 2020/05/10 14:17:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -717,12 +717,11 @@ ssl_check_serverhello_tlsext(SSL *s)
717	if ((s->tlsext_status_type != -1) && !(s->internal->tlsext_status_expected) &&	717	if ((s->tlsext_status_type != -1) && !(s->internal->tlsext_status_expected) &&
718	s->ctx && s->ctx->internal->tlsext_status_cb) {	718	s->ctx && s->ctx->internal->tlsext_status_cb) {
719	int r;	719	int r;
720	/* Set resp to NULL, resplen to -1 so callback knows	720
721	* there is no response.
722	*/
723	free(s->internal->tlsext_ocsp_resp);	721	free(s->internal->tlsext_ocsp_resp);
724	s->internal->tlsext_ocsp_resp = NULL;	722	s->internal->tlsext_ocsp_resp = NULL;
725	s->internal->tlsext_ocsp_resplen = -1;	723	s->internal->tlsext_ocsp_resp_len = 0;
		724
726	r = s->ctx->internal->tlsext_status_cb(s,	725	r = s->ctx->internal->tlsext_status_cb(s,
727	s->ctx->internal->tlsext_status_arg);	726	s->ctx->internal->tlsext_status_arg);
728	if (r == 0) {	727	if (r == 0) {


diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index ad78d5b597..29c81afba3 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_lib.c,v 1.39 2020/05/10 14:03:14 jsing Exp $ */	1	/* $OpenBSD: tls13_lib.c,v 1.40 2020/05/10 14:17:48 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -170,7 +170,7 @@ tls13_legacy_ocsp_status_recv_cb(void *arg)
170	int ret;	170	int ret;
171		171
172	if (s->ctx->internal->tlsext_status_cb == NULL \|\|	172	if (s->ctx->internal->tlsext_status_cb == NULL \|\|
173	s->internal->tlsext_ocsp_resplen == -1)	173	s->internal->tlsext_ocsp_resp == NULL)
174	return 1;	174	return 1;
175		175
176	ret = s->ctx->internal->tlsext_status_cb(s,	176	ret = s->ctx->internal->tlsext_status_cb(s,