Loading ssl/s3_clnt.c +6 −7 Original line number Diff line number Diff line Loading @@ -928,7 +928,7 @@ int ssl3_get_server_hello(SSL *s) /* Don't digest cached records if TLS v1.2: we may need them for * client authentication. */ if (s->version < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) goto f_err; /* lets get the compression algorithm */ /* COMPRESSION */ Loading Loading @@ -1659,7 +1659,7 @@ int ssl3_get_key_exchange(SSL *s) /* if it was signed, check the signature */ if (pkey != NULL) { if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { int sigalg = tls12_get_sigid(pkey); /* Should never happen */ Loading Loading @@ -1704,7 +1704,7 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); } #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA && s->version < TLS1_2_VERSION) if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { int num; Loading Loading @@ -1864,8 +1864,7 @@ int ssl3_get_certificate_request(SSL *s) for (i=0; i<ctype_num; i++) s->s3->tmp.ctype[i]= p[i]; p+=ctype_num; /* HACK! For now just skip over signatature algorithms */ if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { n2s(p, llen); /* Check we have enough room for signature algorithms and Loading Loading @@ -2886,7 +2885,7 @@ int ssl3_send_client_verify(SSL *s) EVP_PKEY_sign_init(pctx); if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) { if (s->version < TLS1_2_VERSION) if (TLS1_get_version(s) < TLS1_2_VERSION) s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, &(data[MD5_DIGEST_LENGTH])); Loading @@ -2898,7 +2897,7 @@ int ssl3_send_client_verify(SSL *s) /* For TLS v1.2 send signature algorithm and signature * using agreed digest and cached handshake records. */ if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { long hdatalen = 0; void *hdata; Loading ssl/s3_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -3780,7 +3780,7 @@ need to go to SSL_ST_ACCEPT. long ssl_get_algorithm2(SSL *s) { long alg2 = s->s3->tmp.new_cipher->algorithm2; if (s->version >= TLS1_2_VERSION && if (TLS1_get_version(s) >= TLS1_2_VERSION && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; Loading ssl/s3_srvr.c +8 −8 Original line number Diff line number Diff line Loading @@ -611,7 +611,7 @@ int ssl3_accept(SSL *s) #endif s->init_num = 0; } else if (s->version >= TLS1_2_VERSION) else if (TLS1_get_version(s) >= TLS1_2_VERSION) { s->state=SSL3_ST_SR_CERT_VRFY_A; s->init_num=0; Loading Loading @@ -1380,7 +1380,7 @@ int ssl3_get_client_hello(SSL *s) s->s3->tmp.new_cipher=s->session->cipher; } if (s->version < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER)) if (TLS1_get_version(s) < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER)) { if (!ssl3_digest_cached_records(s)) goto f_err; Loading Loading @@ -1915,7 +1915,7 @@ int ssl3_send_server_key_exchange(SSL *s) * and p points to the space at the end. */ #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA && s->version < TLS1_2_VERSION) && TLS1_get_version(s) < TLS1_2_VERSION) { q=md_buf; j=0; Loading Loading @@ -1948,7 +1948,7 @@ int ssl3_send_server_key_exchange(SSL *s) { /* For TLS1.2 and later send signature * algorithm */ if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { if (!tls12_get_sigandhash(p, pkey, md)) { Loading @@ -1975,7 +1975,7 @@ int ssl3_send_server_key_exchange(SSL *s) } s2n(i,p); n+=i+2; if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) n+= 2; } else Loading Loading @@ -2031,7 +2031,7 @@ int ssl3_send_certificate_request(SSL *s) p+=n; n++; if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { nl = tls12_get_req_sig_algs(s, p + 2); s2n(nl, p); Loading Loading @@ -2964,7 +2964,7 @@ int ssl3_get_cert_verify(SSL *s) } else { if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { int sigalg = tls12_get_sigid(pkey); /* Should never happen */ Loading Loading @@ -3011,7 +3011,7 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); goto f_err; } if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { long hdatalen = 0; void *hdata; Loading ssl/ssl_lib.c +2 −2 Original line number Diff line number Diff line Loading @@ -2226,7 +2226,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); return 0; } if ((alg_k & SSL_kECDHe) && s->version < TLS1_2_VERSION) if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { /* signature alg must be ECDSA */ if (signature_nid != NID_ecdsa_with_SHA1) Loading @@ -2235,7 +2235,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) return 0; } } if ((alg_k & SSL_kECDHr) && s->version < TLS1_2_VERSION) if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { /* signature alg must be RSA */ Loading ssl/t1_lib.c +2 −2 Original line number Diff line number Diff line Loading @@ -502,7 +502,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } skip_ext: if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6) return NULL; Loading Loading @@ -2100,7 +2100,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) const EVP_MD *md; CERT *c = s->cert; /* Extension ignored for TLS versions below 1.2 */ if (s->version < TLS1_2_VERSION) if (TLS1_get_version(s) < TLS1_2_VERSION) return 1; /* Should never happen */ if (!c) Loading Loading
ssl/s3_clnt.c +6 −7 Original line number Diff line number Diff line Loading @@ -928,7 +928,7 @@ int ssl3_get_server_hello(SSL *s) /* Don't digest cached records if TLS v1.2: we may need them for * client authentication. */ if (s->version < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s)) goto f_err; /* lets get the compression algorithm */ /* COMPRESSION */ Loading Loading @@ -1659,7 +1659,7 @@ int ssl3_get_key_exchange(SSL *s) /* if it was signed, check the signature */ if (pkey != NULL) { if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { int sigalg = tls12_get_sigid(pkey); /* Should never happen */ Loading Loading @@ -1704,7 +1704,7 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); } #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA && s->version < TLS1_2_VERSION) if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { int num; Loading Loading @@ -1864,8 +1864,7 @@ int ssl3_get_certificate_request(SSL *s) for (i=0; i<ctype_num; i++) s->s3->tmp.ctype[i]= p[i]; p+=ctype_num; /* HACK! For now just skip over signatature algorithms */ if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { n2s(p, llen); /* Check we have enough room for signature algorithms and Loading Loading @@ -2886,7 +2885,7 @@ int ssl3_send_client_verify(SSL *s) EVP_PKEY_sign_init(pctx); if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) { if (s->version < TLS1_2_VERSION) if (TLS1_get_version(s) < TLS1_2_VERSION) s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, &(data[MD5_DIGEST_LENGTH])); Loading @@ -2898,7 +2897,7 @@ int ssl3_send_client_verify(SSL *s) /* For TLS v1.2 send signature algorithm and signature * using agreed digest and cached handshake records. */ if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { long hdatalen = 0; void *hdata; Loading
ssl/s3_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -3780,7 +3780,7 @@ need to go to SSL_ST_ACCEPT. long ssl_get_algorithm2(SSL *s) { long alg2 = s->s3->tmp.new_cipher->algorithm2; if (s->version >= TLS1_2_VERSION && if (TLS1_get_version(s) >= TLS1_2_VERSION && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; Loading
ssl/s3_srvr.c +8 −8 Original line number Diff line number Diff line Loading @@ -611,7 +611,7 @@ int ssl3_accept(SSL *s) #endif s->init_num = 0; } else if (s->version >= TLS1_2_VERSION) else if (TLS1_get_version(s) >= TLS1_2_VERSION) { s->state=SSL3_ST_SR_CERT_VRFY_A; s->init_num=0; Loading Loading @@ -1380,7 +1380,7 @@ int ssl3_get_client_hello(SSL *s) s->s3->tmp.new_cipher=s->session->cipher; } if (s->version < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER)) if (TLS1_get_version(s) < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER)) { if (!ssl3_digest_cached_records(s)) goto f_err; Loading Loading @@ -1915,7 +1915,7 @@ int ssl3_send_server_key_exchange(SSL *s) * and p points to the space at the end. */ #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA && s->version < TLS1_2_VERSION) && TLS1_get_version(s) < TLS1_2_VERSION) { q=md_buf; j=0; Loading Loading @@ -1948,7 +1948,7 @@ int ssl3_send_server_key_exchange(SSL *s) { /* For TLS1.2 and later send signature * algorithm */ if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { if (!tls12_get_sigandhash(p, pkey, md)) { Loading @@ -1975,7 +1975,7 @@ int ssl3_send_server_key_exchange(SSL *s) } s2n(i,p); n+=i+2; if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) n+= 2; } else Loading Loading @@ -2031,7 +2031,7 @@ int ssl3_send_certificate_request(SSL *s) p+=n; n++; if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { nl = tls12_get_req_sig_algs(s, p + 2); s2n(nl, p); Loading Loading @@ -2964,7 +2964,7 @@ int ssl3_get_cert_verify(SSL *s) } else { if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { int sigalg = tls12_get_sigid(pkey); /* Should never happen */ Loading Loading @@ -3011,7 +3011,7 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md)); goto f_err; } if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { long hdatalen = 0; void *hdata; Loading
ssl/ssl_lib.c +2 −2 Original line number Diff line number Diff line Loading @@ -2226,7 +2226,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); return 0; } if ((alg_k & SSL_kECDHe) && s->version < TLS1_2_VERSION) if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { /* signature alg must be ECDSA */ if (signature_nid != NID_ecdsa_with_SHA1) Loading @@ -2235,7 +2235,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) return 0; } } if ((alg_k & SSL_kECDHr) && s->version < TLS1_2_VERSION) if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { /* signature alg must be RSA */ Loading
ssl/t1_lib.c +2 −2 Original line number Diff line number Diff line Loading @@ -502,7 +502,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } skip_ext: if (s->version >= TLS1_2_VERSION) if (TLS1_get_version(s) >= TLS1_2_VERSION) { if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6) return NULL; Loading Loading @@ -2100,7 +2100,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) const EVP_MD *md; CERT *c = s->cert; /* Extension ignored for TLS versions below 1.2 */ if (s->version < TLS1_2_VERSION) if (TLS1_get_version(s) < TLS1_2_VERSION) return 1; /* Should never happen */ if (!c) Loading
