Update from stable branch.

[openssl.git] / ssl / ssl_lib.c

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 01c29db0f19a1e28d83afea7e50ef9e525eb7fd8..ccfe399bbe879e4a81580de85e9c1b9a63c99424 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -152,6 +152,7 @@
 #include <openssl/lhash.h>
 #include <openssl/x509v3.h>
 #include <openssl/rand.h>
+#include <openssl/ocsp.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -167,7 +168,7 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
        (int (*)(SSL*, int))ssl_undefined_function,
        (int (*)(SSL *,  const char*, int, unsigned char *))ssl_undefined_function,
        0,      /* finish_mac_length */
-       (int (*)(SSL *, const EVP_MD *, unsigned char *))ssl_undefined_function,
+       (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
        NULL,   /* client_finished_label */
        0,      /* client_finished_label_len */
        NULL,   /* server_finished_label */
@@ -340,6 +341,12 @@ SSL *SSL_new(SSL_CTX *ctx)
        s->tlsext_debug_cb = 0;
        s->tlsext_debug_arg = NULL;
        s->tlsext_ticket_expected = 0;
+       s->tlsext_status_type = -1;
+       s->tlsext_status_expected = 0;
+       s->tlsext_ocsp_ids = NULL;
+       s->tlsext_ocsp_exts = NULL;
+       s->tlsext_ocsp_resp = NULL;
+       s->tlsext_ocsp_resplen = -1;
        CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
        s->initial_ctx=ctx;
 #endif
@@ -542,6 +549,14 @@ void SSL_free(SSL *s)
        if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
        if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
 #endif /* OPENSSL_NO_EC */
+       if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
+       if (s->tlsext_ocsp_exts)
+               sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
+                                               X509_EXTENSION_free);
+       if (s->tlsext_ocsp_ids)
+               sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
+       if (s->tlsext_ocsp_resp)
+               OPENSSL_free(s->tlsext_ocsp_resp);
 #endif
 
        if (s->client_CA != NULL)
@@ -1262,7 +1277,6 @@ int SSL_set_cipher_list(SSL *s,const char *str)
 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
        {
        char *p;
-       const char *cp;
        STACK_OF(SSL_CIPHER) *sk;
        SSL_CIPHER *c;
        int i;
@@ -1275,20 +1289,21 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
        sk=s->session->ciphers;
        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                {
-               /* Decrement for either the ':' or a '\0' */
-               len--;
+               int n;
+
                c=sk_SSL_CIPHER_value(sk,i);
-               for (cp=c->name; *cp; )
+               n=strlen(c->name);
+               if (n+1 > len)
                        {
-                       if (len-- <= 0)
-                               {
-                               *p='\0';
-                               return(buf);
-                               }
-                       else
-                               *(p++)= *(cp++);
+                       if (p != buf)
+                               --p;
+                       *p='\0';
+                       return buf;
                        }
+               strcpy(p,c->name);
+               p+=n;
                *(p++)=':';
+               len-=n+1;
                }
        p[-1]='\0';
        return(buf);
@@ -1555,6 +1570,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
                || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
                ret->options |= SSL_OP_NO_TICKET;
 
+       ret->tlsext_status_cb = 0;
+       ret->tlsext_status_arg = NULL;
+
 #endif
 #ifndef OPENSSL_NO_PSK
        ret->psk_identity_hint=NULL;
@@ -1724,11 +1742,24 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
        emask_k=0;
        emask_a=0;
 
+       
+
 #ifdef CIPHER_DEBUG
        printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
                rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
                rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
 #endif
+       
+       cpk = &(c->pkeys[SSL_PKEY_GOST01]);
+       if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
+               mask_k |= SSL_kGOST;
+               mask_a |= SSL_aGOST01;
+       }
+       cpk = &(c->pkeys[SSL_PKEY_GOST94]);
+       if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
+               mask_k |= SSL_kGOST;
+               mask_a |= SSL_aGOST94;
+       }
 
        if (rsa_enc || (rsa_tmp && rsa_sign))
                mask_k|=SSL_kRSA;
@@ -1997,6 +2028,10 @@ X509 *ssl_get_server_send_cert(SSL *s)
                /* VRS something else here? */
                return(NULL);
                }
+       else if (alg_a & SSL_aGOST94) 
+               i=SSL_PKEY_GOST94;
+       else if (alg_a & SSL_aGOST01)
+               i=SSL_PKEY_GOST01;
        else /* if (alg_a & SSL_aNULL) */
                {
                SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);