diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_cert.c | 5 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_ciphers.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 32 |
3 files changed, 20 insertions, 29 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 4641ac92d0..af8ef329b4 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_cert.c,v 1.75 2019/04/13 18:04:05 tb Exp $ */ | 1 | /* $OpenBSD: ssl_cert.c,v 1.76 2019/05/15 09:13:16 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -508,8 +508,7 @@ SSL_get_client_CA_list(const SSL *s) | |||
| 508 | { | 508 | { |
| 509 | if (s->internal->type == SSL_ST_CONNECT) { | 509 | if (s->internal->type == SSL_ST_CONNECT) { |
| 510 | /* We are in the client. */ | 510 | /* We are in the client. */ |
| 511 | if (((s->version >> 8) == SSL3_VERSION_MAJOR) && | 511 | if ((s->version >> 8) == SSL3_VERSION_MAJOR) |
| 512 | (s->s3 != NULL)) | ||
| 513 | return (S3I(s)->tmp.ca_names); | 512 | return (S3I(s)->tmp.ca_names); |
| 514 | else | 513 | else |
| 515 | return (NULL); | 514 | return (NULL); |
diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c index 374cb6684e..3abed60b5b 100644 --- a/src/lib/libssl/ssl_ciphers.c +++ b/src/lib/libssl/ssl_ciphers.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciphers.c,v 1.2 2019/01/21 14:12:13 tb Exp $ */ | 1 | /* $OpenBSD: ssl_ciphers.c,v 1.3 2019/05/15 09:13:16 bcook Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> | 3 | * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> |
| 4 | * Copyright (c) 2015-2018 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2015-2018 Joel Sing <jsing@openbsd.org> |
| @@ -95,8 +95,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) | |||
| 95 | uint16_t cipher_value, max_version; | 95 | uint16_t cipher_value, max_version; |
| 96 | unsigned long cipher_id; | 96 | unsigned long cipher_id; |
| 97 | 97 | ||
| 98 | if (s->s3 != NULL) | 98 | S3I(s)->send_connection_binding = 0; |
| 99 | S3I(s)->send_connection_binding = 0; | ||
| 100 | 99 | ||
| 101 | if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) { | 100 | if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) { |
| 102 | SSLerror(s, ERR_R_MALLOC_FAILURE); | 101 | SSLerror(s, ERR_R_MALLOC_FAILURE); |
| @@ -111,7 +110,7 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) | |||
| 111 | 110 | ||
| 112 | cipher_id = SSL3_CK_ID | cipher_value; | 111 | cipher_id = SSL3_CK_ID | cipher_value; |
| 113 | 112 | ||
| 114 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { | 113 | if (cipher_id == SSL3_CK_SCSV) { |
| 115 | /* | 114 | /* |
| 116 | * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if | 115 | * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if |
| 117 | * renegotiating. | 116 | * renegotiating. |
| @@ -137,9 +136,8 @@ ssl_bytes_to_cipher_list(SSL *s, CBS *cbs) | |||
| 137 | max_version = ssl_max_server_version(s); | 136 | max_version = ssl_max_server_version(s); |
| 138 | if (max_version == 0 || s->version < max_version) { | 137 | if (max_version == 0 || s->version < max_version) { |
| 139 | SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); | 138 | SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK); |
| 140 | if (s->s3 != NULL) | 139 | ssl3_send_alert(s, SSL3_AL_FATAL, |
| 141 | ssl3_send_alert(s, SSL3_AL_FATAL, | 140 | SSL_AD_INAPPROPRIATE_FALLBACK); |
| 142 | SSL_AD_INAPPROPRIATE_FALLBACK); | ||
| 143 | goto err; | 141 | goto err; |
| 144 | } | 142 | } |
| 145 | continue; | 143 | continue; |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index adcaa1b3cc..bf370cbfb2 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.204 2019/03/25 17:33:26 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.205 2019/05/15 09:13:16 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -696,14 +696,12 @@ err: | |||
| 696 | size_t | 696 | size_t |
| 697 | SSL_get_finished(const SSL *s, void *buf, size_t count) | 697 | SSL_get_finished(const SSL *s, void *buf, size_t count) |
| 698 | { | 698 | { |
| 699 | size_t ret = 0; | 699 | size_t ret; |
| 700 | 700 | ||
| 701 | if (s->s3 != NULL) { | 701 | ret = S3I(s)->tmp.finish_md_len; |
| 702 | ret = S3I(s)->tmp.finish_md_len; | 702 | if (count > ret) |
| 703 | if (count > ret) | 703 | count = ret; |
| 704 | count = ret; | 704 | memcpy(buf, S3I(s)->tmp.finish_md, count); |
| 705 | memcpy(buf, S3I(s)->tmp.finish_md, count); | ||
| 706 | } | ||
| 707 | return (ret); | 705 | return (ret); |
| 708 | } | 706 | } |
| 709 | 707 | ||
| @@ -711,14 +709,12 @@ SSL_get_finished(const SSL *s, void *buf, size_t count) | |||
| 711 | size_t | 709 | size_t |
| 712 | SSL_get_peer_finished(const SSL *s, void *buf, size_t count) | 710 | SSL_get_peer_finished(const SSL *s, void *buf, size_t count) |
| 713 | { | 711 | { |
| 714 | size_t ret = 0; | 712 | size_t ret; |
| 715 | 713 | ||
| 716 | if (s->s3 != NULL) { | 714 | ret = S3I(s)->tmp.peer_finish_md_len; |
| 717 | ret = S3I(s)->tmp.peer_finish_md_len; | 715 | if (count > ret) |
| 718 | if (count > ret) | 716 | count = ret; |
| 719 | count = ret; | 717 | memcpy(buf, S3I(s)->tmp.peer_finish_md, count); |
| 720 | memcpy(buf, S3I(s)->tmp.peer_finish_md, count); | ||
| 721 | } | ||
| 722 | return (ret); | 718 | return (ret); |
| 723 | } | 719 | } |
| 724 | 720 | ||
| @@ -1637,10 +1633,8 @@ SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, | |||
| 1637 | *data = NULL; | 1633 | *data = NULL; |
| 1638 | *len = 0; | 1634 | *len = 0; |
| 1639 | 1635 | ||
| 1640 | if (ssl->s3 != NULL) { | 1636 | *data = ssl->s3->internal->alpn_selected; |
| 1641 | *data = ssl->s3->internal->alpn_selected; | 1637 | *len = ssl->s3->internal->alpn_selected_len; |
| 1642 | *len = ssl->s3->internal->alpn_selected_len; | ||
| 1643 | } | ||
| 1644 | } | 1638 | } |
| 1645 | 1639 | ||
| 1646 | int | 1640 | int |