Fix compilation with no-nextprotoneg.

[openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 81ed88f6b20435b36ba8b1269a44d9e7e538057b..8b7cce65f308963191cb582294b3458e4093587c 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -590,14 +590,12 @@ static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
        {
        int is_prime, id;
        const EC_GROUP *grp;
-       const EC_POINT *pt;
        const EC_METHOD *meth;
        if (!ec)
                return 0;
        /* Determine if it is a prime field */
        grp = EC_KEY_get0_group(ec);
-        pt = EC_KEY_get0_public_key(ec);
-       if (!grp || !pt)
+       if (!grp)
                return 0;
         meth = EC_GROUP_method_of(grp);
        if (!meth)
@@ -625,6 +623,8 @@ static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
                }
        if (comp_id)
                {
+               if (EC_KEY_get0_public_key(ec) == NULL)
+                       return 0;
                if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED)
                        {
                        if (is_prime)
@@ -876,9 +876,6 @@ static unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_SHA
        tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
-#ifndef OPENSSL_NO_MD5
-       tlsext_sigalg_rsa(TLSEXT_hash_md5)
-#endif
 };
 #ifndef OPENSSL_NO_ECDSA
 static unsigned char suiteb_sigalgs[] = {
@@ -921,13 +918,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
        else
                {
                *psigs = tls12_sigalgs;
-#ifdef OPENSSL_FIPS
-               /* If FIPS mode don't include MD5 which is last */
-               if (FIPS_mode())
-                       return sizeof(tls12_sigalgs) - 2;
-               else
-#endif
-                       return sizeof(tls12_sigalgs);
+               return sizeof(tls12_sigalgs);
                }
        }
 /* Check signature algorithm is consistent with sent supported signature
@@ -1481,6 +1472,22 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
        s2n(TLSEXT_TYPE_encrypt_then_mac,ret);
        s2n(0,ret);
 #endif
+#ifdef TLSEXT_TYPE_wtf
+       {
+       /* Work out length which would be used in the TLS record:
+        * NB this should ALWAYS appear after all other extensions.
+        */
+       int hlen = ret - (unsigned char *)s->init_buf->data - 3;
+       if (hlen > 0xff && hlen < 0x200)
+               {
+               hlen = 0x200 - hlen;
+               s2n(TLSEXT_TYPE_wtf,ret);
+               s2n(hlen,ret);
+               memset(ret, 0, hlen);
+               ret += hlen;
+               }
+       }
+#endif
 
        if ((extdatalen = ret-p-2) == 0)
                return p;
@@ -2429,8 +2436,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
                        {
                        if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
                                return 0;
+#ifndef OPENSSL_NO_NEXTPROTONEG
                        /* ALPN takes precedence over NPN. */
                        s->s3->next_proto_neg_seen = 0;
+#endif
                        }
 
                /* session ticket processed earlier */