projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Remove OPENSSL_NO_SHA guards
[openssl.git]
/
ssl
/
t1_lib.c
diff --git
a/ssl/t1_lib.c
b/ssl/t1_lib.c
index 26c02a0e44e5712bbe9aece9bdd425f1a8c9e577..a4cd23ab3939fcd2ca4e39fa73006b3bb84f734a 100644
(file)
--- a/
ssl/t1_lib.c
+++ b/
ssl/t1_lib.c
@@
-1347,6
+1347,7
@@
unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
ret += salglen;
}
ret += salglen;
}
+#ifndef OPENSSL_NO_OCSP
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
int i;
long extlen, idlen, itmp;
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
int i;
long extlen, idlen, itmp;
@@
-1390,6
+1391,7
@@
unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
if (extlen > 0)
i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
}
if (extlen > 0)
i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
}
+#endif
#ifndef OPENSSL_NO_HEARTBEATS
if (SSL_IS_DTLS(s)) {
/* Add Heartbeat extension */
#ifndef OPENSSL_NO_HEARTBEATS
if (SSL_IS_DTLS(s)) {
/* Add Heartbeat extension */
@@
-1801,6
+1803,10
@@
static int tls1_alpn_handle_client_hello_late(SSL *s, int *ret, int *al)
return 0;
}
s->s3->alpn_selected_len = selected_len;
return 0;
}
s->s3->alpn_selected_len = selected_len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ /* ALPN takes precedence over NPN. */
+ s->s3->next_proto_neg_seen = 0;
+#endif
} else {
*al = SSL_AD_NO_APPLICATION_PROTOCOL;
*ret = SSL_TLSEXT_ERR_ALERT_FATAL;
} else {
*al = SSL_AD_NO_APPLICATION_PROTOCOL;
*ret = SSL_TLSEXT_ERR_ALERT_FATAL;
@@
-1902,6
+1908,10
@@
static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
+ s->s3->alpn_selected_len = 0;
+ OPENSSL_free(s->s3->alpn_proposed);
+ s->s3->alpn_proposed = NULL;
+ s->s3->alpn_proposed_len = 0;
#ifndef OPENSSL_NO_HEARTBEATS
s->tlsext_heartbeat &= ~(SSL_DTLSEXT_HB_ENABLED |
SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
#ifndef OPENSSL_NO_HEARTBEATS
s->tlsext_heartbeat &= ~(SSL_DTLSEXT_HB_ENABLED |
SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
@@
-2120,14
+2130,14
@@
static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
}
}
} else if (type == TLSEXT_TYPE_status_request) {
}
}
} else if (type == TLSEXT_TYPE_status_request) {
- const unsigned char *ext_data;
-
if (!PACKET_get_1(&extension,
(unsigned int *)&s->tlsext_status_type)) {
return 0;
}
if (!PACKET_get_1(&extension,
(unsigned int *)&s->tlsext_status_type)) {
return 0;
}
+#ifndef OPENSSL_NO_OCSP
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
+ const unsigned char *ext_data;
PACKET responder_id_list, exts;
if (!PACKET_get_length_prefixed_2(&extension, &responder_id_list))
return 0;
PACKET responder_id_list, exts;
if (!PACKET_get_length_prefixed_2(&extension, &responder_id_list))
return 0;
@@
-2184,10
+2194,12
@@
static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
return 0;
}
}
return 0;
}
}
- /*
- * We don't know what to do with any other type * so ignore it.
- */
- } else {
+ } else
+#endif
+ {
+ /*
+ * We don't know what to do with any other type so ignore it.
+ */
s->tlsext_status_type = -1;
}
}
s->tlsext_status_type = -1;
}
}
@@
-2216,8
+2228,7
@@
static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
- s->s3->tmp.finish_md_len == 0 &&
- s->s3->alpn_selected == NULL) {
+ s->s3->tmp.finish_md_len == 0) {
/*-
* We shouldn't accept this extension on a
* renegotiation.
/*-
* We shouldn't accept this extension on a
* renegotiation.
@@
-2243,10
+2254,6
@@
static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
s->s3->tmp.finish_md_len == 0) {
if (!tls1_alpn_handle_client_hello(s, &extension, al))
return 0;
s->s3->tmp.finish_md_len == 0) {
if (!tls1_alpn_handle_client_hello(s, &extension, al))
return 0;
-#ifndef OPENSSL_NO_NEXTPROTONEG
- /* ALPN takes precedence over NPN. */
- s->s3->next_proto_neg_seen = 0;
-#endif
}
/* session ticket processed earlier */
}
/* session ticket processed earlier */
@@
-4084,17
+4091,20
@@
DH *ssl_get_auto_dh(SSL *s)
if (dh_secbits >= 128) {
DH *dhp = DH_new();
if (dh_secbits >= 128) {
DH *dhp = DH_new();
+ BIGNUM *p, *g;
if (dhp == NULL)
return NULL;
if (dhp == NULL)
return NULL;
-
dhp->
g = BN_new();
- if (
dhp->
g != NULL)
- BN_set_word(
dhp->
g, 2);
+ g = BN_new();
+ if (g != NULL)
+ BN_set_word(g, 2);
if (dh_secbits >= 192)
if (dh_secbits >= 192)
-
dhp->
p = get_rfc3526_prime_8192(NULL);
+ p = get_rfc3526_prime_8192(NULL);
else
else
-
dhp->
p = get_rfc3526_prime_3072(NULL);
- if (
dhp->p == NULL || dhp->g == NULL
) {
+ p = get_rfc3526_prime_3072(NULL);
+ if (
p == NULL || g == NULL || !DH_set0_pqg(dhp, p, NULL, g)
) {
DH_free(dhp);
DH_free(dhp);
+ BN_free(p);
+ BN_free(g);
return NULL;
}
return dhp;
return NULL;
}
return dhp;