switch (tls1_suiteb(s))
{
case SSL_CERT_FLAG_SUITEB_128_LOS:
- case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
*pcurves = suiteb_curves;
*pcurveslen = sizeof(suiteb_curves);
break;
+ case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+ *pcurves = suiteb_curves;
+ *pcurveslen = 2;
+ break;
+
case SSL_CERT_FLAG_SUITEB_192_LOS:
*pcurves = suiteb_curves + 2;
*pcurveslen = 2;
c->mask_a = 0;
c->mask_k = 0;
/* If less than TLS 1.2 don't allow TLS 1.2 only ciphers */
- if (TLS1_get_version(s) < TLS1_2_VERSION)
+ if (TLS1_get_client_version(s) < TLS1_2_VERSION)
c->mask_ssl = SSL_TLSV1_2;
else
c->mask_ssl = 0;
/* 1 byte for the list (we only support audit proofs) */
if (s->ctx->tlsext_authz_server_audit_proof_cb != NULL)
{
- size_t lenmax;
const unsigned short ext_len = 2;
const unsigned char list_len = 1;
- if ((lenmax = limit - ret - 6) < 0) return NULL;
+ if (limit < ret + 6)
+ return NULL;
s2n(TLSEXT_TYPE_server_authz, ret);
/* Extension length: 2 bytes */
unsigned char selected_len;
/* We must have requested it. */
- if ((s->ctx->next_proto_select_cb == NULL))
+ if (s->ctx->next_proto_select_cb == NULL)
{
*al = TLS1_AD_UNSUPPORTED_EXTENSION;
return 0;
HMAC_Update(&hctx, etick, eticklen);
HMAC_Final(&hctx, tick_hmac, NULL);
HMAC_CTX_cleanup(&hctx);
- if (memcmp(tick_hmac, etick + eticklen, mlen))
+ if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
return 2;
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
projects / openssl.git / blobdiff