int ske_expected;
switch (st->hand_state) {
+ default:
+ break;
+
case TLS_ST_CW_CLNT_HELLO:
if (mt == SSL3_MT_SERVER_HELLO) {
st->hand_state = TLS_ST_CR_SRVR_HELLO;
return 1;
}
break;
-
- default:
- break;
}
err:
OSSL_STATEM *st = &s->statem;
switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ return WRITE_TRAN_ERROR;
+
case TLS_ST_OK:
/* Renegotiation - fall through */
case TLS_ST_BEFORE:
ossl_statem_set_in_init(s, 0);
return WRITE_TRAN_CONTINUE;
}
-
- default:
- /* Shouldn't happen */
- return WRITE_TRAN_ERROR;
}
}
OSSL_STATEM *st = &s->statem;
switch (st->hand_state) {
+ default:
+ /* No pre work to be done */
+ break;
+
case TLS_ST_CW_CLNT_HELLO:
s->shutdown = 0;
if (SSL_IS_DTLS(s)) {
return dtls_wait_for_dry(s);
#endif
}
- return WORK_FINISHED_CONTINUE;
+ break;
case TLS_ST_OK:
return tls_finish_handshake(s, wst);
-
- default:
- /* No pre work to be done */
- break;
}
return WORK_FINISHED_CONTINUE;
s->init_num = 0;
switch (st->hand_state) {
+ default:
+ /* No post work to be done */
+ break;
+
case TLS_ST_CW_CLNT_HELLO:
if (wst == WORK_MORE_A && statem_flush(s) != 1)
return WORK_MORE_A;
if (statem_flush(s) != 1)
return WORK_MORE_B;
break;
-
- default:
- /* No post work to be done */
- break;
}
return WORK_FINISHED_CONTINUE;
OSSL_STATEM *st = &s->statem;
switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ return 0;
+
case TLS_ST_CW_CLNT_HELLO:
return tls_construct_client_hello(s);
ssl3_enc->client_finished_label,
s->method->
ssl3_enc->client_finished_label_len);
-
- default:
- /* Shouldn't happen */
- break;
}
-
- return 0;
}
/*
OSSL_STATEM *st = &s->statem;
switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ return 0;
+
case TLS_ST_CR_SRVR_HELLO:
return SERVER_HELLO_MAX_LENGTH;
case TLS_ST_CR_FINISHED:
return FINISHED_MAX_LENGTH;
-
- default:
- /* Shouldn't happen */
- break;
}
-
- return 0;
}
/*
OSSL_STATEM *st = &s->statem;
switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ return MSG_PROCESS_ERROR;
+
case TLS_ST_CR_SRVR_HELLO:
return tls_process_server_hello(s, pkt);
case TLS_ST_CR_FINISHED:
return tls_process_finished(s, pkt);
-
- default:
- /* Shouldn't happen */
- break;
}
-
- return MSG_PROCESS_ERROR;
}
/*
OSSL_STATEM *st = &s->statem;
switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ return WORK_ERROR;
+
case TLS_ST_CR_CERT_REQ:
return tls_prepare_client_certificate(s, wst);
ossl_statem_set_sctp_read_sock(s, 0);
return WORK_FINISHED_STOP;
#endif
-
- default:
- break;
}
-
- /* Shouldn't happen */
- return WORK_ERROR;
}
int tls_construct_client_hello(SSL *s)
* client_version in client hello and not resetting it to
* the negotiated version.
*/
- if (!WPACKET_put_bytes(&pkt, s->client_version, 2)
+ if (!WPACKET_put_bytes_u16(&pkt, s->client_version)
|| !WPACKET_memcpy(&pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
int compnum = sk_SSL_COMP_num(s->ctx->comp_methods);
for (i = 0; i < compnum; i++) {
comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
- if (!WPACKET_put_bytes(&pkt, comp->id, 1)) {
+ if (!WPACKET_put_bytes_u8(&pkt, comp->id)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
}
}
#endif
/* Add the NULL method */
- if (!WPACKET_put_bytes(&pkt, 0, 1) || !WPACKET_close(&pkt)) {
+ if (!WPACKET_put_bytes_u8(&pkt, 0) || !WPACKET_close(&pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
goto err;
}
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err;
};
- /*
- * If we have client certificate, use its secret as peer key
- */
- if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
- if (EVP_PKEY_derive_set_peer(pkey_ctx, s->cert->key->privatekey) <= 0) {
- /*
- * If there was an error - just ignore it. Ephemeral key
- * * would be used
- */
- ERR_clear_error();
- }
- }
/*
* Compute shared IV and store it in algorithm-specific context
* data
goto err;
}
- if (!WPACKET_put_bytes(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED, 1)
- || (msglen >= 0x80 && !WPACKET_put_bytes(pkt, 0x81, 1))
+ if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)
+ || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81))
|| !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
goto err;
}
- /* Check if pubkey from client certificate was used */
- if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
- NULL) > 0) {
- /* Set flag "skip certificate verify" */
- s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
- }
EVP_PKEY_CTX_free(pkey_ctx);
s->s3->tmp.pms = pms;
s->s3->tmp.pmslen = pmslen;
} else if (alg_k & SSL_kSRP) {
if (!tls_construct_cke_srp(s, &pkt, &al))
goto err;
- } else {
+ } else if (!(alg_k & SSL_kPSK)) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
{
EVP_PKEY *pkey;
const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
- EVP_MD_CTX *mctx;
+ EVP_MD_CTX *mctx = NULL;
unsigned u = 0;
long hdatalen = 0;
void *hdata;
unsigned char *sig = NULL;
WPACKET pkt;
-
if (!WPACKET_init(&pkt, s->init_buf)) {
/* Should not happen */
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
projects / openssl.git / blobdiff