X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_lib.c;h=0a66c09cb223129f01ae9f7cadcbdfa14b0b1900;hp=a20e85fb4b0a55442aa28946947f80e4ce1ab570;hb=2e66d3d674d3a54593e0cbb4ff1f6039fd965d66;hpb=0351baae36afe1182237e0bd88ec9d13f5c97f32 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a20e85fb4b..0a66c09cb2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -114,6 +114,8 @@ #include #include #include +#include +#include #include #include #include @@ -767,7 +769,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) # ifndef OPENSSL_NO_EC /* - * tls1_check_ec_tmp_key - Check EC temporary key compatiblity + * tls1_check_ec_tmp_key - Check EC temporary key compatibility * @s: SSL connection * @cid: Cipher ID we're considering using * @@ -1179,7 +1181,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, /*- * check for enough space. - * 4 for the servername type and entension length + * 4 for the servername type and extension length * 2 for servernamelist length * 1 for the hostname type * 2 for hostname length @@ -1217,7 +1219,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, /*- * check for enough space. - * 4 for the srp type type and entension length + * 4 for the srp type type and extension length * 1 for the srp user identity * + srp user identity length */ @@ -1347,6 +1349,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, ret += salglen; } +#ifndef OPENSSL_NO_OCSP if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) { int i; long extlen, idlen, itmp; @@ -1390,6 +1393,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, if (extlen > 0) i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); } +#endif #ifndef OPENSSL_NO_HEARTBEATS if (SSL_IS_DTLS(s)) { /* Add Heartbeat extension */ @@ -1412,7 +1416,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, #ifndef OPENSSL_NO_NEXTPROTONEG if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { /* - * The client advertises an emtpy extension to indicate its support + * The client advertises an empty extension to indicate its support * for Next Protocol Negotiation */ if (limit - ret - 4 < 0) @@ -2002,7 +2006,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) /* * Although the server_name extension was intended to be * extensible to new name types, RFC 4366 defined the - * syntax inextensibly and OpenSSL 1.0.x parses it as + * syntax inextensibility and OpenSSL 1.0.x parses it as * such. * RFC 6066 corrected the mistake but adding new name types * is nevertheless no longer feasible, so act as if no other @@ -2128,14 +2132,14 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) } } } else if (type == TLSEXT_TYPE_status_request) { - const unsigned char *ext_data; - if (!PACKET_get_1(&extension, (unsigned int *)&s->tlsext_status_type)) { return 0; } +#ifndef OPENSSL_NO_OCSP if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) { + const unsigned char *ext_data; PACKET responder_id_list, exts; if (!PACKET_get_length_prefixed_2(&extension, &responder_id_list)) return 0; @@ -2192,10 +2196,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) return 0; } } - /* - * We don't know what to do with any other type * so ignore it. - */ - } else { + } else +#endif + { + /* + * We don't know what to do with any other type so ignore it. + */ s->tlsext_status_type = -1; } } @@ -2231,7 +2237,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) * * s->new_session will be set on renegotiation, but we * probably shouldn't rely that it couldn't be set on - * the initial renegotation too in certain cases (when + * the initial renegotiation too in certain cases (when * there's some other reason to disallow resuming an * earlier session -- the current code won't be doing * anything like that, but this might change). @@ -2733,7 +2739,8 @@ int tls1_set_server_sigalgs(SSL *s) { int al; size_t i; - /* Clear any shared sigtnature algorithms */ + + /* Clear any shared signature algorithms */ OPENSSL_free(s->cert->shared_sigalgs); s->cert->shared_sigalgs = NULL; s->cert->shared_sigalgslen = 0; @@ -3071,7 +3078,7 @@ end: * tls_decrypt_ticket attempts to decrypt a session ticket. * * etick: points to the body of the session ticket extension. - * eticklen: the length of the session tickets extenion. + * eticklen: the length of the session tickets extension. * sess_id: points at the session ID. * sesslen: the length of the session ID. * psess: (output) on return, if a ticket was decrypted, then this is set to @@ -4087,17 +4094,20 @@ DH *ssl_get_auto_dh(SSL *s) if (dh_secbits >= 128) { DH *dhp = DH_new(); + BIGNUM *p, *g; if (dhp == NULL) return NULL; - dhp->g = BN_new(); - if (dhp->g != NULL) - BN_set_word(dhp->g, 2); + g = BN_new(); + if (g != NULL) + BN_set_word(g, 2); if (dh_secbits >= 192) - dhp->p = get_rfc3526_prime_8192(NULL); + p = BN_get_rfc3526_prime_8192(NULL); else - dhp->p = get_rfc3526_prime_3072(NULL); - if (dhp->p == NULL || dhp->g == NULL) { + p = BN_get_rfc3526_prime_3072(NULL); + if (p == NULL || g == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { DH_free(dhp); + BN_free(p); + BN_free(g); return NULL; } return dhp;