ccm128.c: minor optimization and bugfix in CRYPTO_ccm128_[en|de]crypt.

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9dfa3aa7118ff74eb75921d220282249066bf2f3..7fb4bdf1598b1b8159f432c7fcf6ce7bde391513 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -146,6 +146,7 @@
 #  include <assert.h>
 #endif
 #include <stdio.h>
+#include <openssl/crypto.h>
 #include "ssl_locl.h"
 #include "kssl_lcl.h"
 #include <openssl/objects.h>
@@ -354,7 +355,7 @@ SSL *SSL_new(SSL_CTX *ctx)
        s->tlsext_ocsp_resplen = -1;
        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
        s->initial_ctx=ctx;
-# ifndef OPENSSL_NO_NPN
+# ifndef OPENSSL_NO_NEXTPROTONEG
        s->next_proto_negotiated = NULL;
 # endif
 #endif
@@ -590,7 +591,7 @@ void SSL_free(SSL *s)
                kssl_ctx_free(s->kssl_ctx);
 #endif /* OPENSSL_NO_KRB5 */
 
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NPN)
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
        if (s->next_proto_negotiated)
                OPENSSL_free(s->next_proto_negotiated);
 #endif
@@ -1392,7 +1393,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
        /* If p == q, no ciphers and caller indicates an error. Otherwise
         * add SCSV if not renegotiating.
         */
-       if (p != q && !s->new_session)
+       if (p != q && !s->renegotiate)
                {
                static SSL_CIPHER scsv =
                        {
@@ -1439,7 +1440,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                        (p[n-1] == (SSL3_CK_SCSV & 0xff)))
                        {
                        /* SCSV fatal if renegotiating */
-                       if (s->new_session)
+                       if (s->renegotiate)
                                {
                                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 
@@ -1497,7 +1498,7 @@ int SSL_get_servername_type(const SSL *s)
        return -1;
        }
 
-# ifndef OPENSSL_NO_NPN
+# ifndef OPENSSL_NO_NEXTPROTONEG
 /* SSL_select_next_proto implements the standard protocol selection. It is
  * expected that this function is called from the callback set by
  * SSL_CTX_set_next_proto_select_cb.
@@ -1778,7 +1779,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
        ret->tlsext_status_cb = 0;
        ret->tlsext_status_arg = NULL;
 
-# ifndef OPENSSL_NO_NPN
+# ifndef OPENSSL_NO_NEXTPROTONEG
        ret->next_protos_advertised_cb = 0;
        ret->next_proto_select_cb = 0;
 # endif
@@ -1788,6 +1789,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
        ret->psk_client_callback=NULL;
        ret->psk_server_callback=NULL;
 #endif
+#ifndef OPENSSL_NO_SRP
+       SSL_CTX_SRP_CTX_init(ret);
+#endif
 #ifndef OPENSSL_NO_BUF_FREELISTS
        ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
        ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
@@ -1920,6 +1924,9 @@ void SSL_CTX_free(SSL_CTX *a)
        if (a->psk_identity_hint)
                OPENSSL_free(a->psk_identity_hint);
 #endif
+#ifndef OPENSSL_NO_SRP
+       SSL_CTX_SRP_CTX_free(a);
+#endif
 #ifndef OPENSSL_NO_ENGINE
        if (a->client_cert_engine)
                ENGINE_finish(a->client_cert_engine);
@@ -2567,8 +2574,8 @@ const char *SSL_get_version(const SSL *s)
        {
        if (s->version == TLS1_1_VERSION)
                return("TLSv1.1");
-       else if (s->version == SSL3_VERSION)
-               return("SSLv3");
+       else if (s->version == TLS1_VERSION)
+               return("TLSv1");
        else if (s->version == SSL3_VERSION)
                return("SSLv3");
        else if (s->version == SSL2_VERSION)