#endif
if (!custom_ext_add(s, 1, &ret, limit, al))
return NULL;
- if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) {
+ if (s->tlsext_use_etm) {
/*
* Don't use encrypt_then_mac if AEAD or RC4 might want to disable
* for other cases too.
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT
|| s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12)
- s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
+ s->tlsext_use_etm = 0;
else {
/*-
* check for enough space.
/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_sigalgs);
s->s3->tmp.peer_sigalgs = NULL;
- s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
+ s->tlsext_use_etm = 0;
#ifndef OPENSSL_NO_SRP
OPENSSL_free(s->srp_ctx.login);
}
#endif
else if (type == TLSEXT_TYPE_encrypt_then_mac)
- s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
+ s->tlsext_use_etm = 1;
/*
* Note: extended master secret extension handled in
* tls_check_serverhello_tlsext_early()
SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
#endif
- s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
+ s->tlsext_use_etm = 0;
s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
/* Ignore if inappropriate ciphersuite */
if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
&& s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
- s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
+ s->tlsext_use_etm = 1;
} else if (type == TLSEXT_TYPE_extended_master_secret) {
s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
if (!s->hit)
ret =
s->ctx->tlsext_servername_callback(s, &al,
s->ctx->tlsext_servername_arg);
- else if (s->initial_ctx != NULL
- && s->initial_ctx->tlsext_servername_callback != 0)
+ else if (s->session_ctx != NULL
+ && s->session_ctx->tlsext_servername_callback != 0)
ret =
- s->initial_ctx->tlsext_servername_callback(s, &al,
+ s->session_ctx->tlsext_servername_callback(s, &al,
s->
- initial_ctx->tlsext_servername_arg);
+ session_ctx->tlsext_servername_arg);
switch (ret) {
case SSL_TLSEXT_ERR_ALERT_FATAL:
ret =
s->ctx->tlsext_servername_callback(s, &al,
s->ctx->tlsext_servername_arg);
- else if (s->initial_ctx != NULL
- && s->initial_ctx->tlsext_servername_callback != 0)
+ else if (s->session_ctx != NULL
+ && s->session_ctx->tlsext_servername_callback != 0)
ret =
- s->initial_ctx->tlsext_servername_callback(s, &al,
+ s->session_ctx->tlsext_servername_callback(s, &al,
s->
- initial_ctx->tlsext_servername_arg);
+ session_ctx->tlsext_servername_arg);
/*
* Ensure we get sensible values passed to tlsext_status_cb in the event
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX *hctx = NULL;
EVP_CIPHER_CTX *ctx;
- SSL_CTX *tctx = s->initial_ctx;
+ SSL_CTX *tctx = s->session_ctx;
/* Initialize session ticket encryption and HMAC contexts */
hctx = HMAC_CTX_new();
}
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
- p = etick + 16 + EVP_CIPHER_CTX_iv_length(ctx);
- eticklen -= 16 + EVP_CIPHER_CTX_iv_length(ctx);
+ p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
+ eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
sdec = OPENSSL_malloc(eticklen);
if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, eticklen) <= 0) {
EVP_CIPHER_CTX_free(ctx);