unsigned char *buf;
unsigned char *p,*d;
int i;
- unsigned long Time,l;
+ unsigned long l;
#ifndef OPENSSL_NO_COMP
int j;
SSL_COMP *comp;
i = 1;
if (i)
- {
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
-
- }
+ ssl_fill_hello_random(s, 0, p,
+ sizeof(s->s3->client_random));
/* Do the message type and length last */
d=p= ssl_handshake_start(s);
/* Hello verify request and/or server hello version may not
* match so set first packet if we're negotiating version.
*/
- if (s->method->version == DTLS_ANY_VERSION)
+ if (SSL_IS_DTLS(s))
s->first_packet = 1;
n=s->method->ssl_get_message(s,
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
goto f_err;
}
+ /* Set version disabled mask now we know version */
+ if (!SSL_USE_TLS1_2_CIPHERS(s))
+ ct->mask_ssl = SSL_TLSV1_2;
+ else
+ ct->mask_ssl = 0;
/* If it is a disabled cipher we didn't send it in client hello,
* so return an error.
*/
;
#endif
#ifndef OPENSSL_NO_DH
- else if (alg_k & SSL_kEDH)
+ else if (alg_k & SSL_kDHE)
{
if ((dh=DH_new()) == NULL)
{
#endif /* !OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
- else if (alg_k & SSL_kEECDH)
+ else if (alg_k & SSL_kECDHE)
{
EC_GROUP *ngroup;
const EC_GROUP *group;
}
#endif
#ifndef OPENSSL_NO_DH
- else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
{
DH *dh_srvr,*dh_clnt;
SESS_CERT *scert = s->session->sess_cert;
#endif
#ifndef OPENSSL_NO_ECDH
- else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+ else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe))
{
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
if (s->state == SSL3_ST_CW_CERT_A)
{
/* Let cert callback update client certificates if required */
- if (s->cert->cert_cb
- && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
+ if (s->cert->cert_cb)
{
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
- return 0;
+ i = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+ if (i < 0)
+ {
+ s->rwstate=SSL_X509_LOOKUP;
+ return -1;
+ }
+ if (i == 0)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+ return 0;
+ }
+ s->rwstate=SSL_NOTHING;
}
if (ssl3_check_client_certificate(s))
s->state=SSL3_ST_CW_CERT_C;
}
#endif
#ifndef OPENSSL_NO_DH
- if ((alg_k & SSL_kEDH) &&
+ if ((alg_k & SSL_kDHE) &&
!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
else
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
{
if (dh == NULL
|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))