#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/ocsp.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
#include <openssl/rand.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
# ifndef OPENSSL_NO_EC
/*
- * tls1_check_ec_tmp_key - Check EC temporary key compatiblity
+ * tls1_check_ec_tmp_key - Check EC temporary key compatibility
* @s: SSL connection
* @cid: Cipher ID we're considering using
*
/*-
* check for enough space.
- * 4 for the servername type and entension length
+ * 4 for the servername type and extension length
* 2 for servernamelist length
* 1 for the hostname type
* 2 for hostname length
/*-
* check for enough space.
- * 4 for the srp type type and entension length
+ * 4 for the srp type type and extension length
* 1 for the srp user identity
* + srp user identity length
*/
}
skip_ext:
- if (SSL_USE_SIGALGS(s)) {
+ if (SSL_CLIENT_USE_SIGALGS(s)) {
size_t salglen;
const unsigned char *salg;
unsigned char *etmp;
#ifndef OPENSSL_NO_NEXTPROTONEG
if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
/*
- * The client advertises an emtpy extension to indicate its support
+ * The client advertises an empty extension to indicate its support
* for Next Protocol Negotiation
*/
if (limit - ret - 4 < 0)
/*
* Although the server_name extension was intended to be
* extensible to new name types, RFC 4366 defined the
- * syntax inextensibly and OpenSSL 1.0.x parses it as
+ * syntax inextensibility and OpenSSL 1.0.x parses it as
* such.
* RFC 6066 corrected the mistake but adding new name types
* is nevertheless no longer feasible, so act as if no other
*
* s->new_session will be set on renegotiation, but we
* probably shouldn't rely that it couldn't be set on
- * the initial renegotation too in certain cases (when
+ * the initial renegotiation too in certain cases (when
* there's some other reason to disallow resuming an
* earlier session -- the current code won't be doing
* anything like that, but this might change).
*/
static char ssl_next_proto_validate(PACKET *pkt)
{
- unsigned int len;
+ PACKET tmp_protocol;
while (PACKET_remaining(pkt)) {
- if (!PACKET_get_1(pkt, &len)
- || !PACKET_forward(pkt, len))
+ if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol)
+ || PACKET_remaining(&tmp_protocol) == 0)
return 0;
}
{
int al;
size_t i;
- /* Clear any shared sigtnature algorithms */
+
+ /* Clear any shared signature algorithms */
OPENSSL_free(s->cert->shared_sigalgs);
s->cert->shared_sigalgs = NULL;
s->cert->shared_sigalgslen = 0;
* tls_decrypt_ticket attempts to decrypt a session ticket.
*
* etick: points to the body of the session ticket extension.
- * eticklen: the length of the session tickets extenion.
+ * eticklen: the length of the session tickets extension.
* sess_id: points at the session ID.
* sesslen: the length of the session ID.
* psess: (output) on return, if a ticket was decrypted, then this is set to
if (dh_secbits >= 128) {
DH *dhp = DH_new();
+ BIGNUM *p, *g;
if (dhp == NULL)
return NULL;
- dhp->g = BN_new();
- if (dhp->g != NULL)
- BN_set_word(dhp->g, 2);
+ g = BN_new();
+ if (g != NULL)
+ BN_set_word(g, 2);
if (dh_secbits >= 192)
- dhp->p = get_rfc3526_prime_8192(NULL);
+ p = BN_get_rfc3526_prime_8192(NULL);
else
- dhp->p = get_rfc3526_prime_3072(NULL);
- if (dhp->p == NULL || dhp->g == NULL) {
+ p = BN_get_rfc3526_prime_3072(NULL);
+ if (p == NULL || g == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
DH_free(dhp);
+ BN_free(p);
+ BN_free(g);
return NULL;
}
return dhp;
projects / openssl.git / blobdiff