ret = ssl3_send_server_hello(s);
if (ret <= 0)
goto end;
-#ifndef OPENSSL_NO_TLSEXT
+
if (s->hit) {
if (s->tlsext_ticket_expected)
s->state = SSL3_ST_SW_SESSION_TICKET_A;
else
s->state = SSL3_ST_SW_CHANGE_A;
- }
-#else
- if (s->hit)
- s->state = SSL3_ST_SW_CHANGE_A;
-#endif
- else
+ } else {
s->state = SSL3_ST_SW_CERT_A;
+ }
s->init_num = 0;
break;
ret = ssl3_send_server_certificate(s);
if (ret <= 0)
goto end;
-#ifndef OPENSSL_NO_TLSEXT
+
if (s->tlsext_status_expected)
s->state = SSL3_ST_SW_CERT_STATUS_A;
else
skip = 1;
s->state = SSL3_ST_SW_KEY_EXCH_A;
}
-#else
- } else
- skip = 1;
-
- s->state = SSL3_ST_SW_KEY_EXCH_A;
-#endif
s->init_num = 0;
break;
* not sent. Also for GOST ciphersuites when the client uses
* its key from the certificate for key exchange.
*/
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+#if defined(OPENSSL_NO_NEXTPROTONEG)
s->state = SSL3_ST_SR_FINISHED_A;
#else
if (s->s3->next_proto_neg_seen)
if (ret <= 0)
goto end;
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+#if defined(OPENSSL_NO_NEXTPROTONEG)
s->state = SSL3_ST_SR_FINISHED_A;
#else
if (s->s3->next_proto_neg_seen)
s->init_num = 0;
break;
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
case SSL3_ST_SR_NEXT_PROTO_A:
case SSL3_ST_SR_NEXT_PROTO_B:
/*
goto end;
if (s->hit)
s->state = SSL_ST_OK;
-#ifndef OPENSSL_NO_TLSEXT
else if (s->tlsext_ticket_expected)
s->state = SSL3_ST_SW_SESSION_TICKET_A;
-#endif
else
s->state = SSL3_ST_SW_CHANGE_A;
s->init_num = 0;
break;
-#ifndef OPENSSL_NO_TLSEXT
case SSL3_ST_SW_SESSION_TICKET_A:
case SSL3_ST_SW_SESSION_TICKET_B:
ret = ssl3_send_newsession_ticket(s);
s->init_num = 0;
break;
-#endif
-
case SSL3_ST_SW_CHANGE_A:
case SSL3_ST_SW_CHANGE_B:
goto end;
s->state = SSL3_ST_SW_FLUSH;
if (s->hit) {
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+#if defined(OPENSSL_NO_NEXTPROTONEG)
s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
#else
if (s->s3->next_proto_neg_seen) {
}
}
-#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions */
if (s->version >= SSL3_VERSION) {
if (!ssl_parse_clienthello_tlsext(s, &p, d, n)) {
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
}
}
-#endif
/*
* Worst case, we will use the NULL compression, but if we have other
if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
buf = (unsigned char *)s->init_buf->data;
-#ifdef OPENSSL_NO_TLSEXT
+
p = s->s3->server_random;
if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) {
s->state = SSL_ST_ERR;
return -1;
}
-#endif
+
/* Do the message type and length last */
d = p = ssl_handshake_start(s);
else
*(p++) = s->s3->tmp.new_compression->id;
#endif
-#ifndef OPENSSL_NO_TLSEXT
+
if (ssl_prepare_serverhello_tlsext(s) <= 0) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
s->state = SSL_ST_ERR;
s->state = SSL_ST_ERR;
return -1;
}
-#endif
+
/* do the header */
l = (p - d);
if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l)) {
BIGNUM *pub = NULL;
DH *dh_srvr, *dh_clnt = NULL;
#endif
-
#ifndef OPENSSL_NO_EC
EC_KEY *srvr_ecdh = NULL;
EVP_PKEY *clnt_pub_pkey = NULL;
psk_len = s->psk_server_callback(s, tmp_id,
psk_or_pre_ms,
sizeof(psk_or_pre_ms));
- OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN + 1);
+ OPENSSL_cleanse(tmp_id, sizeof(tmp_id));
if (psk_len > PSK_MAX_PSK_LEN) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
s->
session->master_key,
premaster_secret, 32);
+ OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret));
if (s->session->master_key_length < 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
return ssl_do_write(s);
}
-#ifndef OPENSSL_NO_TLSEXT
/* send a new session ticket (not necessarily for a new session) */
int ssl3_send_newsession_ticket(SSL *s)
{
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#ifndef OPENSSL_NO_NEXTPROTONEG
/*
* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
* It sets the next_proto member in s if found
return 1;
}
-# endif
-
#endif
#define SSLV2_CIPHER_LEN 3