unsigned int cookie_len;
long n;
unsigned long id;
- unsigned char *p,*d,*q;
+ unsigned char *p,*d;
SSL_CIPHER *c;
#ifndef OPENSSL_NO_COMP
+ unsigned char *q;
SSL_COMP *comp=NULL;
#endif
STACK_OF(SSL_CIPHER) *ciphers=NULL;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
goto f_err;
}
+#ifndef OPENSSL_NO_COMP
q=p;
+#endif
for (j=0; j<i; j++)
{
if (p[j] == 0) break;
goto f_err;
}
ciphers=NULL;
+ /* Let cert callback update server certificates if required */
+ if (s->cert->cert_cb
+ && s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
+ {
+ al=SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR);
+ goto f_err;
+ }
c=ssl3_choose_cipher(s,s->session->ciphers,
SSL_get_ciphers(s));
ecdhp=cert->ecdh_tmp;
if (s->cert->ecdh_tmp_auto)
{
- /* Get NID of first shared curve */
- int nid = tls1_shared_curve(s, 0);
+ /* Get NID of appropriate shared curve */
+ int nid = tls1_shared_curve(s, -2);
if (nid != NID_undef)
ecdhp = EC_KEY_new_by_curve_name(nid);
}
if (TLS1_get_version(s) >= TLS1_2_VERSION)
{
- nl = tls12_get_sig_algs(s, p + 2);
+ const unsigned char *psigs;
+ nl = tls12_get_psigalgs(s, &psigs);
s2n(nl, p);
- p += nl + 2;
+ memcpy(p, psigs, nl);
+ p += nl;
n += nl + 2;
}
{
if (TLS1_get_version(s) >= TLS1_2_VERSION)
{
- int sigalg = tls12_get_sigid(pkey);
- /* Should never happen */
- if (sigalg == -1)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
- al=SSL_AD_INTERNAL_ERROR;
- goto f_err;
- }
- /* Check key type is consistent with signature */
- if (sigalg != (int)p[1])
+ int rv = tls12_check_peer_sigalg(&md, s, p, pkey);
+ if (rv == -1)
{
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_TYPE);
- al=SSL_AD_DECODE_ERROR;
+ al = SSL_AD_INTERNAL_ERROR;
goto f_err;
}
- md = tls12_get_hash(p[0]);
- if (md == NULL)
+ else if (rv == 0)
{
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_UNKNOWN_DIGEST);
- al=SSL_AD_DECODE_ERROR;
+ al = SSL_AD_DECODE_ERROR;
goto f_err;
}
#ifdef SSL_DEBUG