Update DTLS code to match CBC decoding in TLS.

[oweals/openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index cc97258ae5368780e74785454b799e3a73d2dc55..d56456e14dfdd26c057c81d1f37a2c330eb585c3 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -745,7 +745,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
        return 1;
        }
 
-int ssl_check_clienthello_tlsext(SSL *s)
+int ssl_check_clienthello_tlsext_early(SSL *s)
        {
        int ret=SSL_TLSEXT_ERR_NOACK;
        int al = SSL_AD_UNRECOGNIZED_NAME;
@@ -755,13 +755,49 @@ int ssl_check_clienthello_tlsext(SSL *s)
        else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)             
                ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
 
+       switch (ret)
+               {
+               case SSL_TLSEXT_ERR_ALERT_FATAL:
+                       ssl3_send_alert(s, SSL3_AL_FATAL, al); 
+                       return -1;
+
+               case SSL_TLSEXT_ERR_ALERT_WARNING:
+                       ssl3_send_alert(s, SSL3_AL_WARNING, al);
+                       return 1; 
+                                       
+               case SSL_TLSEXT_ERR_NOACK:
+                       s->servername_done = 0;
+
+               default:
+                       return 1;
+               }
+       }
+
+int ssl_check_clienthello_tlsext_late(SSL *s)
+       {
+       int ret = SSL_TLSEXT_ERR_OK;
+       int al;
+
        /* If status request then ask callback what to do.
         * Note: this must be called after servername callbacks in case 
-        * the certificate has changed.
+        * the certificate has changed, and must be called after the cipher
+        * has been chosen because this may influence which certificate is sent
         */
-       if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb)
+       if (s->tlsext_status_type != -1 && s->ctx && s->ctx->tlsext_status_cb)
                {
                int r;
+               CERT_PKEY *certpkey;
+               certpkey = ssl_get_server_send_pkey(s);
+               /* If no certificate can't return certificate status */
+               if (certpkey == NULL)
+                       {
+                       s->tlsext_status_expected = 0;
+                       return 1;
+                       }
+               /* Set current certificate to one we will use so
+                * SSL_get_certificate et al can pick it up.
+                */
+               s->cert->key = certpkey;
                r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
                switch (r)
                        {
@@ -785,7 +821,8 @@ int ssl_check_clienthello_tlsext(SSL *s)
                }
        else
                s->tlsext_status_expected = 0;
-       err:
+
+ err:
        switch (ret)
                {
                case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -795,11 +832,9 @@ int ssl_check_clienthello_tlsext(SSL *s)
                case SSL_TLSEXT_ERR_ALERT_WARNING:
                        ssl3_send_alert(s,SSL3_AL_WARNING,al);
                        return 1; 
-                                       
-               case SSL_TLSEXT_ERR_NOACK:
-                       s->servername_done=0;
-                       default:
-               return 1;
+
+               default:
+                       return 1;
                }
        }
 
@@ -977,7 +1012,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        HMAC_Update(&hctx, etick, eticklen);
        HMAC_Final(&hctx, tick_hmac, NULL);
        HMAC_CTX_cleanup(&hctx);
-       if (memcmp(tick_hmac, etick + eticklen, mlen))
+       if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
                goto tickerr;
        /* Attempt to decrypt session data */
        /* Move p after IV to start of encrypted ticket, update length */