Loading ssl/s3_clnt.c +2 −3 Original line number Diff line number Diff line Loading @@ -957,7 +957,6 @@ int ssl3_get_server_hello(SSL *s) { STACK_OF(SSL_CIPHER) *sk; const SSL_CIPHER *c; CERT *ct = s->cert; unsigned char *p, *d; int i, al = SSL_AD_INTERNAL_ERROR, ok; unsigned int j; Loading Loading @@ -1151,9 +1150,9 @@ int ssl3_get_server_hello(SSL *s) } /* Set version disabled mask now we know version */ if (!SSL_USE_TLS1_2_CIPHERS(s)) ct->mask_ssl = SSL_TLSV1_2; s->s3->tmp.mask_ssl = SSL_TLSV1_2; else ct->mask_ssl = 0; s->s3->tmp.mask_ssl = 0; /* * If it is a disabled cipher we didn't send it in client hello, so * return an error. Loading ssl/s3_lib.c +4 −6 Original line number Diff line number Diff line Loading @@ -3843,11 +3843,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *prio, *allow; int i, ii, ok; CERT *cert; unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; /* Let's see which ciphers we can support */ cert = s->cert; #if 0 /* Loading Loading @@ -3893,10 +3891,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, continue; ssl_set_masks(s, c); mask_k = cert->mask_k; mask_a = cert->mask_a; emask_k = cert->export_mask_k; emask_a = cert->export_mask_a; mask_k = s->s3->tmp.mask_k; mask_a = s->s3->tmp.mask_a; emask_k = s->s3->tmp.export_mask_k; emask_a = s->s3->tmp.export_mask_a; #ifndef OPENSSL_NO_SRP if (s->srp_ctx.srp_Mask & SSL_kSRP) { mask_k |= SSL_kSRP; Loading ssl/ssl_cert.c +0 −5 Original line number Diff line number Diff line Loading @@ -196,11 +196,6 @@ CERT *ssl_cert_dup(CERT *cert) memset(ret, 0, sizeof(*ret)); ret->key = &ret->pkeys[cert->key - cert->pkeys]; ret->valid = cert->valid; ret->mask_k = cert->mask_k; ret->mask_a = cert->mask_a; ret->export_mask_k = cert->export_mask_k; ret->export_mask_a = cert->export_mask_a; #ifndef OPENSSL_NO_RSA if (cert->rsa_tmp != NULL) { Loading ssl/ssl_lib.c +4 −5 Original line number Diff line number Diff line Loading @@ -2114,11 +2114,10 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) emask_a |= SSL_aPSK; #endif c->mask_k = mask_k; c->mask_a = mask_a; c->export_mask_k = emask_k; c->export_mask_a = emask_a; c->valid = 1; s->s3->tmp.mask_k = mask_k; s->s3->tmp.mask_a = mask_a; s->s3->tmp.export_mask_k = emask_k; s->s3->tmp.export_mask_a = emask_a; } /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ Loading ssl/ssl_locl.h +11 −12 Original line number Diff line number Diff line Loading @@ -1301,6 +1301,17 @@ typedef struct ssl3_state_st { * If zero it can't be used at all. */ int valid_flags[SSL_PKEY_NUM]; /* * For servers the following masks are for the key and auth algorithms * that are supported by the certs below. For clients they are masks of * *disabled* algorithms based on the current session. */ unsigned long mask_k; unsigned long mask_a; unsigned long export_mask_k; unsigned long export_mask_a; /* Client only */ unsigned long mask_ssl; } tmp; /* Connection binding to prevent renegotiation attacks */ Loading Loading @@ -1509,18 +1520,6 @@ typedef struct cert_st { * an index, not a pointer. */ CERT_PKEY *key; /* * For servers the following masks are for the key and auth algorithms * that are supported by the certs below. For clients they are masks of * *disabled* algorithms based on the current session. */ int valid; unsigned long mask_k; unsigned long mask_a; unsigned long export_mask_k; unsigned long export_mask_a; /* Client only */ unsigned long mask_ssl; # ifndef OPENSSL_NO_RSA RSA *rsa_tmp; RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize); Loading Loading
ssl/s3_clnt.c +2 −3 Original line number Diff line number Diff line Loading @@ -957,7 +957,6 @@ int ssl3_get_server_hello(SSL *s) { STACK_OF(SSL_CIPHER) *sk; const SSL_CIPHER *c; CERT *ct = s->cert; unsigned char *p, *d; int i, al = SSL_AD_INTERNAL_ERROR, ok; unsigned int j; Loading Loading @@ -1151,9 +1150,9 @@ int ssl3_get_server_hello(SSL *s) } /* Set version disabled mask now we know version */ if (!SSL_USE_TLS1_2_CIPHERS(s)) ct->mask_ssl = SSL_TLSV1_2; s->s3->tmp.mask_ssl = SSL_TLSV1_2; else ct->mask_ssl = 0; s->s3->tmp.mask_ssl = 0; /* * If it is a disabled cipher we didn't send it in client hello, so * return an error. Loading
ssl/s3_lib.c +4 −6 Original line number Diff line number Diff line Loading @@ -3843,11 +3843,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *prio, *allow; int i, ii, ok; CERT *cert; unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; /* Let's see which ciphers we can support */ cert = s->cert; #if 0 /* Loading Loading @@ -3893,10 +3891,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, continue; ssl_set_masks(s, c); mask_k = cert->mask_k; mask_a = cert->mask_a; emask_k = cert->export_mask_k; emask_a = cert->export_mask_a; mask_k = s->s3->tmp.mask_k; mask_a = s->s3->tmp.mask_a; emask_k = s->s3->tmp.export_mask_k; emask_a = s->s3->tmp.export_mask_a; #ifndef OPENSSL_NO_SRP if (s->srp_ctx.srp_Mask & SSL_kSRP) { mask_k |= SSL_kSRP; Loading
ssl/ssl_cert.c +0 −5 Original line number Diff line number Diff line Loading @@ -196,11 +196,6 @@ CERT *ssl_cert_dup(CERT *cert) memset(ret, 0, sizeof(*ret)); ret->key = &ret->pkeys[cert->key - cert->pkeys]; ret->valid = cert->valid; ret->mask_k = cert->mask_k; ret->mask_a = cert->mask_a; ret->export_mask_k = cert->export_mask_k; ret->export_mask_a = cert->export_mask_a; #ifndef OPENSSL_NO_RSA if (cert->rsa_tmp != NULL) { Loading
ssl/ssl_lib.c +4 −5 Original line number Diff line number Diff line Loading @@ -2114,11 +2114,10 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) emask_a |= SSL_aPSK; #endif c->mask_k = mask_k; c->mask_a = mask_a; c->export_mask_k = emask_k; c->export_mask_a = emask_a; c->valid = 1; s->s3->tmp.mask_k = mask_k; s->s3->tmp.mask_a = mask_a; s->s3->tmp.export_mask_k = emask_k; s->s3->tmp.export_mask_a = emask_a; } /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ Loading
ssl/ssl_locl.h +11 −12 Original line number Diff line number Diff line Loading @@ -1301,6 +1301,17 @@ typedef struct ssl3_state_st { * If zero it can't be used at all. */ int valid_flags[SSL_PKEY_NUM]; /* * For servers the following masks are for the key and auth algorithms * that are supported by the certs below. For clients they are masks of * *disabled* algorithms based on the current session. */ unsigned long mask_k; unsigned long mask_a; unsigned long export_mask_k; unsigned long export_mask_a; /* Client only */ unsigned long mask_ssl; } tmp; /* Connection binding to prevent renegotiation attacks */ Loading Loading @@ -1509,18 +1520,6 @@ typedef struct cert_st { * an index, not a pointer. */ CERT_PKEY *key; /* * For servers the following masks are for the key and auth algorithms * that are supported by the certs below. For clients they are masks of * *disabled* algorithms based on the current session. */ int valid; unsigned long mask_k; unsigned long mask_a; unsigned long export_mask_k; unsigned long export_mask_a; /* Client only */ unsigned long mask_ssl; # ifndef OPENSSL_NO_RSA RSA *rsa_tmp; RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize); Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>