projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Support for certificate status TLS extension.
[oweals/openssl.git]
/
ssl
/
d1_clnt.c
diff --git
a/ssl/d1_clnt.c
b/ssl/d1_clnt.c
index f985afdb3eff5a35c978a515b27df31046ec41c7..1826226ebe36c64adc651106f95ca7245108e28a 100644
(file)
--- a/
ssl/d1_clnt.c
+++ b/
ssl/d1_clnt.c
@@
-4,7
+4,7
@@
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
- * Copyright (c) 1999-200
5
The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-200
7
The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@
-144,7
+144,7
@@
IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
int dtls1_connect(SSL *s)
{
BUF_MEM *buf=NULL;
int dtls1_connect(SSL *s)
{
BUF_MEM *buf=NULL;
- unsigned long Time=
time(NULL),l
;
+ unsigned long Time=
(unsigned long)time(NULL)
;
long num1;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
long num1;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
@@
-274,7
+274,7
@@
int dtls1_connect(SSL *s)
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
/* Check if it is anon DH */
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
/* Check if it is anon DH */
- if (!(s->s3->tmp.new_cipher->algorithm
s
& SSL_aNULL))
+ if (!(s->s3->tmp.new_cipher->algorithm
_auth
& SSL_aNULL))
{
ret=ssl3_get_server_certificate(s);
if (ret <= 0) goto end;
{
ret=ssl3_get_server_certificate(s);
if (ret <= 0) goto end;
@@
-335,7
+335,6
@@
int dtls1_connect(SSL *s)
case SSL3_ST_CW_KEY_EXCH_B:
ret=dtls1_send_client_key_exchange(s);
if (ret <= 0) goto end;
case SSL3_ST_CW_KEY_EXCH_B:
ret=dtls1_send_client_key_exchange(s);
if (ret <= 0) goto end;
- l=s->s3->tmp.new_cipher->algorithms;
/* EAY EAY EAY need to check for DH fix cert
* sent back */
/* For TLS, cert_req is set to 2, so a cert chain
/* EAY EAY EAY need to check for DH fix cert
* sent back */
/* For TLS, cert_req is set to 2, so a cert chain
@@
-544,7
+543,7
@@
int dtls1_client_hello(SSL *s)
/* else use the pre-loaded session */
p=s->s3->client_random;
/* else use the pre-loaded session */
p=s->s3->client_random;
- Time=
time(NULL);
/* Time */
+ Time=
(unsigned long)time(NULL);
/* Time */
l2n(Time,p);
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
l2n(Time,p);
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
@@
-684,7
+683,7
@@
int dtls1_send_client_key_exchange(SSL *s)
{
unsigned char *p,*d;
int n;
{
unsigned char *p,*d;
int n;
- unsigned long
l
;
+ unsigned long
alg_k
;
#ifndef OPENSSL_NO_RSA
unsigned char *q;
EVP_PKEY *pkey=NULL;
#ifndef OPENSSL_NO_RSA
unsigned char *q;
EVP_PKEY *pkey=NULL;
@@
-697,13
+696,13
@@
int dtls1_send_client_key_exchange(SSL *s)
{
d=(unsigned char *)s->init_buf->data;
p= &(d[DTLS1_HM_HEADER_LENGTH]);
{
d=(unsigned char *)s->init_buf->data;
p= &(d[DTLS1_HM_HEADER_LENGTH]);
-
-
l=s->s3->tmp.new_cipher->algorithms
;
+
+
alg_k=s->s3->tmp.new_cipher->algorithm_mkey
;
/* Fool emacs indentation */
if (0) {}
#ifndef OPENSSL_NO_RSA
/* Fool emacs indentation */
if (0) {}
#ifndef OPENSSL_NO_RSA
- else if (
l
& SSL_kRSA)
+ else if (
alg_k
& SSL_kRSA)
{
RSA *rsa;
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
{
RSA *rsa;
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@
-762,7
+761,7
@@
int dtls1_send_client_key_exchange(SSL *s)
}
#endif
#ifndef OPENSSL_NO_KRB5
}
#endif
#ifndef OPENSSL_NO_KRB5
- else if (
l
& SSL_kKRB5)
+ else if (
alg_k
& SSL_kKRB5)
{
krb5_error_code krb5rc;
KSSL_CTX *kssl_ctx = s->kssl_ctx;
{
krb5_error_code krb5rc;
KSSL_CTX *kssl_ctx = s->kssl_ctx;
@@
-781,7
+780,7
@@
int dtls1_send_client_key_exchange(SSL *s)
#ifdef KSSL_DEBUG
printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
#ifdef KSSL_DEBUG
printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
-
l
, SSL_kKRB5);
+
alg_k
, SSL_kKRB5);
#endif /* KSSL_DEBUG */
authp = NULL;
#endif /* KSSL_DEBUG */
authp = NULL;
@@
-894,7
+893,7
@@
int dtls1_send_client_key_exchange(SSL *s)
}
#endif
#ifndef OPENSSL_NO_DH
}
#endif
#ifndef OPENSSL_NO_DH
- else if (
l
& (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ else if (
alg_k
& (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
DH *dh_srvr,*dh_clnt;
{
DH *dh_srvr,*dh_clnt;
@@
-999,14
+998,16
@@
int dtls1_send_client_verify(SSL *s)
p= &(d[DTLS1_HM_HEADER_LENGTH]);
pkey=s->cert->key->privatekey;
p= &(d[DTLS1_HM_HEADER_LENGTH]);
pkey=s->cert->key->privatekey;
- s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
+ s->method->ssl3_enc->cert_verify_mac(s,
+ NID_sha1,
&(data[MD5_DIGEST_LENGTH]));
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
s->method->ssl3_enc->cert_verify_mac(s,
&(data[MD5_DIGEST_LENGTH]));
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),&(data[0]));
+ NID_md5,
+ &(data[0]));
if (RSA_sign(NID_md5_sha1, data,
MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
&(p[2]), &u, pkey->pkey.rsa) <= 0 )
if (RSA_sign(NID_md5_sha1, data,
MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
&(p[2]), &u, pkey->pkey.rsa) <= 0 )