unsigned char *buf;
unsigned char *p,*d;
int i;
- unsigned long Time,l;
+ unsigned long l;
#ifndef OPENSSL_NO_COMP
int j;
SSL_COMP *comp;
i = 1;
if (i)
- {
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
-
- }
+ ssl_fill_hello_random(s, 0, p,
+ sizeof(s->s3->client_random));
/* Do the message type and length last */
d=p= ssl_handshake_start(s);
/* Hello verify request and/or server hello version may not
* match so set first packet if we're negotiating version.
*/
- if (s->method->version == DTLS_ANY_VERSION)
+ if (SSL_IS_DTLS(s))
s->first_packet = 1;
n=s->method->ssl_get_message(s,
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
goto f_err;
}
+ /* Set version disabled mask now we know version */
+ if (!SSL_USE_TLS1_2_CIPHERS(s))
+ ct->mask_ssl = SSL_TLSV1_2;
+ else
+ ct->mask_ssl = 0;
/* If it is a disabled cipher we didn't send it in client hello,
* so return an error.
*/
;
#endif
#ifndef OPENSSL_NO_DH
- else if (alg_k & SSL_kEDH)
+ else if (alg_k & SSL_kDHE)
{
if ((dh=DH_new()) == NULL)
{
#endif /* !OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
- else if (alg_k & SSL_kEECDH)
+ else if (alg_k & SSL_kECDHE)
{
EC_GROUP *ngroup;
const EC_GROUP *group;
}
#endif
#ifndef OPENSSL_NO_DH
- else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
{
DH *dh_srvr,*dh_clnt;
SESS_CERT *scert = s->session->sess_cert;
#endif
#ifndef OPENSSL_NO_ECDH
- else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+ else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe))
{
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
if (s->state == SSL3_ST_CW_CERT_A)
{
/* Let cert callback update client certificates if required */
- if (s->cert->cert_cb
- && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
+ if (s->cert->cert_cb)
{
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
- return 0;
+ i = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+ if (i < 0)
+ {
+ s->rwstate=SSL_X509_LOOKUP;
+ return -1;
+ }
+ if (i == 0)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+ return 0;
+ }
+ s->rwstate=SSL_NOTHING;
}
if (ssl3_check_client_certificate(s))
s->state=SSL3_ST_CW_CERT_C;
}
#endif
#ifndef OPENSSL_NO_DH
- if ((alg_k & SSL_kEDH) &&
+ if ((alg_k & SSL_kDHE) &&
!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
else
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
{
if (dh == NULL
|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
{
int ok;
long n;
-/* Read the message to see if it is supplemental data, regardless if there is a session ticket
- this function is called when we really expect a Certificate
- message, so permit appropriate message length */
+
+ /* Read the message to see if it is supplemental data,
+ * regardless if there is a session ticket this function is
+ * called when we really expect a Certificate message, so
+ * permit appropriate message length */
n=s->method->ssl_get_message(s,
SSL3_ST_CR_CERT_A,
SSL3_ST_CR_CERT_B,
s->s3->tmp.reuse_message = 1;
if (s->s3->tmp.message_type == SSL3_MT_SUPPLEMENTAL_DATA)
- {
return 3;
- }
/* If we have no ticket it cannot be a resumed session. */
if (!s->session->tlsext_tick)
return 1;
SSLerr(SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA,ERR_R_BUF_LIB);
return 0;
}
- //if first entry, write handshake message type
+ /* if first entry, write handshake message type */
if (length == 0)
{
if (!BUF_MEM_grow_clean(s->init_buf, 4))
}
p = (unsigned char *)s->init_buf->data;
*(p++) = SSL3_MT_SUPPLEMENTAL_DATA;
- //update message length when all callbacks complete
+ /* update message length when all
+ * callbacks complete */
size_loc = p;
- //skip over handshake length field (3 bytes) and supp_data length field (3 bytes)
+ /* skip over handshake length field (3
+ * bytes) and supp_data length field
+ * (3 bytes) */
p += 3 + 3;
length += 1 +3 +3;
}
}
if (length > 0)
{
- //write handshake length
+ /* write handshake length */
l2n3(length - 4, size_loc);
- //supp_data length
+ /* supp_data length */
l2n3(length - 7, size_loc);
s->state = SSL3_ST_CW_SUPPLEMENTAL_DATA_B;
s->init_num = length;
}
}
- //no supp data message sent
+ /* no supp data message sent */
*skip = 1;
s->init_num = 0;
s->init_off = 0;
goto f_err;
}
n2l3(p, supp_data_len);
- while (p<d+supp_data_len)
+ while (p < d+supp_data_len)
{
n2s(p, supp_data_entry_type);
n2s(p, supp_data_entry_len);
- //if there is a callback for this supp data type, send it
+ /* if there is a callback for this supp data type, send it */
for (i=0; i < s->ctx->cli_supp_data_records_count; i++)
{
if (s->ctx->cli_supp_data_records[i].supp_data_type == supp_data_entry_type && s->ctx->cli_supp_data_records[i].fn1)
}
}
}
- p+=supp_data_entry_len;
+ p += supp_data_entry_len;
}
return 1;
f_err:
projects / openssl.git / blobdiff