to only apply to s23_srvr.c.
-/* $OpenBSD: d1_both.c,v 1.25 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: d1_both.c,v 1.26 2014/08/07 20:02:23 miod Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
s->s3->tmp.finish_md);
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
p += i;
* renegotiation checks
*/
if (s->type == SSL_ST_CONNECT) {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished,
s->s3->tmp.finish_md, i);
s->s3->previous_client_finished_len = i;
} else {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished,
s->s3->tmp.finish_md, i);
s->s3->previous_server_finished_len = i;
-/* $OpenBSD: d1_clnt.c,v 1.32 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.33 2014/08/07 20:02:23 miod Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
/* if client_random is initialized, reuse it, we are
* required to use same upon reply to HelloVerify */
- for (i = 0; i < sizeof(s->s3->client_random); i++)
- if (p[i] != '\0')
- break;
+ for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
+ ;
if (i == sizeof(s->s3->client_random))
RAND_pseudo_bytes(p, sizeof(s->s3->client_random));
/* If we get an error, we need to
* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
* We then get retied later */
+ i = 0;
i = ssl_do_client_cert_cb(s, &x509, &pkey);
if (i < 0) {
s->rwstate = SSL_X509_LOOKUP;
-/* $OpenBSD: d1_pkt.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.34 2014/08/07 20:02:23 miod Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
}
i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
- if (i < 0 || mac == NULL ||
- timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
+ if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
enc_err = -1;
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
enc_err = -1;
- OPENSSL_cleanse(&md, sizeof md);
}
if (enc_err < 0) {
-/* $OpenBSD: s3_both.c,v 1.27 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: s3_both.c,v 1.28 2014/08/07 20:02:23 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
p = &(d[4]);
i = s->method->ssl3_enc->final_finish_mac(s,
- sender, slen, s->s3->tmp.finish_md);
+ sender, slen, s->s3->tmp.finish_md);
if (i == 0)
return 0;
s->s3->tmp.finish_md_len = i;
/* Copy the finished so we can use it for
renegotiation checks */
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
if (s->type == SSL_ST_CONNECT) {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished,
- s->s3->tmp.finish_md, i);
+ s->s3->tmp.finish_md, i);
s->s3->previous_client_finished_len = i;
} else {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished,
- s->s3->tmp.finish_md, i);
+ s->s3->tmp.finish_md, i);
s->s3->previous_server_finished_len = i;
}
}
s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
- sender, slen, s->s3->tmp.peer_finish_md);
+ sender, slen, s->s3->tmp.peer_finish_md);
}
#endif
p = (unsigned char *)s->init_msg;
i = s->s3->tmp.peer_finish_md_len;
- if (i != n || i > EVP_MAX_MD_SIZE) {
+ if (i != n) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
goto f_err;
/* Copy the finished so we can use it for
renegotiation checks */
if (s->type == SSL_ST_ACCEPT) {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished,
- s->s3->tmp.peer_finish_md, i);
+ s->s3->tmp.peer_finish_md, i);
s->s3->previous_client_finished_len = i;
} else {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished,
- s->s3->tmp.peer_finish_md, i);
+ s->s3->tmp.peer_finish_md, i);
s->s3->previous_server_finished_len = i;
}
-/* $OpenBSD: s3_lib.c,v 1.72 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.73 2014/08/07 20:02:23 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
SSL3_STATE *s3;
if ((s3 = calloc(1, sizeof *s3)) == NULL)
- return 0;
+ goto err;
memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
s->method->ssl_clear(s);
return (1);
+err:
+ return (0);
}
void
-/* $OpenBSD: d1_both.c,v 1.25 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: d1_both.c,v 1.26 2014/08/07 20:02:23 miod Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
s->s3->tmp.finish_md);
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
p += i;
* renegotiation checks
*/
if (s->type == SSL_ST_CONNECT) {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished,
s->s3->tmp.finish_md, i);
s->s3->previous_client_finished_len = i;
} else {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished,
s->s3->tmp.finish_md, i);
s->s3->previous_server_finished_len = i;
-/* $OpenBSD: d1_clnt.c,v 1.32 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.33 2014/08/07 20:02:23 miod Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
/* if client_random is initialized, reuse it, we are
* required to use same upon reply to HelloVerify */
- for (i = 0; i < sizeof(s->s3->client_random); i++)
- if (p[i] != '\0')
- break;
+ for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
+ ;
if (i == sizeof(s->s3->client_random))
RAND_pseudo_bytes(p, sizeof(s->s3->client_random));
/* If we get an error, we need to
* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
* We then get retied later */
+ i = 0;
i = ssl_do_client_cert_cb(s, &x509, &pkey);
if (i < 0) {
s->rwstate = SSL_X509_LOOKUP;
-/* $OpenBSD: d1_pkt.c,v 1.33 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.34 2014/08/07 20:02:23 miod Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
}
i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
- if (i < 0 || mac == NULL ||
- timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
+ if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
enc_err = -1;
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
enc_err = -1;
- OPENSSL_cleanse(&md, sizeof md);
}
if (enc_err < 0) {
-/* $OpenBSD: s3_both.c,v 1.27 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: s3_both.c,v 1.28 2014/08/07 20:02:23 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
p = &(d[4]);
i = s->method->ssl3_enc->final_finish_mac(s,
- sender, slen, s->s3->tmp.finish_md);
+ sender, slen, s->s3->tmp.finish_md);
if (i == 0)
return 0;
s->s3->tmp.finish_md_len = i;
/* Copy the finished so we can use it for
renegotiation checks */
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
if (s->type == SSL_ST_CONNECT) {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished,
- s->s3->tmp.finish_md, i);
+ s->s3->tmp.finish_md, i);
s->s3->previous_client_finished_len = i;
} else {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished,
- s->s3->tmp.finish_md, i);
+ s->s3->tmp.finish_md, i);
s->s3->previous_server_finished_len = i;
}
}
s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
- sender, slen, s->s3->tmp.peer_finish_md);
+ sender, slen, s->s3->tmp.peer_finish_md);
}
#endif
p = (unsigned char *)s->init_msg;
i = s->s3->tmp.peer_finish_md_len;
- if (i != n || i > EVP_MAX_MD_SIZE) {
+ if (i != n) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
goto f_err;
/* Copy the finished so we can use it for
renegotiation checks */
if (s->type == SSL_ST_ACCEPT) {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished,
- s->s3->tmp.peer_finish_md, i);
+ s->s3->tmp.peer_finish_md, i);
s->s3->previous_client_finished_len = i;
} else {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished,
- s->s3->tmp.peer_finish_md, i);
+ s->s3->tmp.peer_finish_md, i);
s->s3->previous_server_finished_len = i;
}
-/* $OpenBSD: s3_enc.c,v 1.53 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.54 2014/08/07 20:02:23 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
if (!EVP_MD_CTX_copy_ex(&ctx, d))
return 0;
n = EVP_MD_CTX_size(&ctx);
- if (n <= 0)
+ if (n < 0)
return 0;
npad = (48 / n) * n;
}
t = EVP_MD_CTX_size(hash);
- if (t <= 0)
+ if (t < 0)
return -1;
md_size = t;
npad = (48 / md_size) * md_size;
-/* $OpenBSD: s3_lib.c,v 1.72 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.73 2014/08/07 20:02:23 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
SSL3_STATE *s3;
if ((s3 = calloc(1, sizeof *s3)) == NULL)
- return 0;
+ goto err;
memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
s->method->ssl_clear(s);
return (1);
+err:
+ return (0);
}
void
-/* $OpenBSD: t1_enc.c,v 1.68 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.69 2014/08/07 20:02:23 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
static int
tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
- unsigned int key_len, const unsigned char *iv, unsigned int iv_len)
+ unsigned key_len, const unsigned char *iv, unsigned iv_len)
{
const EVP_AEAD *aead = s->s3->tmp.new_aead;
SSL_AEAD_CTX *aead_ctx;
rec->length += pad;
}
} else if ((bs != 1) && send) {
- /* XXX divide by zero if bs == 0 (should not happen) */
i = bs - ((int)l % bs);
/* Add weird padding of upto 256 bytes */
currentvalpos++;
val[currentvalpos] = contextlen & 0xff;
currentvalpos++;
- if (contextlen != 0 && context != NULL) {
+ if ((contextlen > 0) || (context != NULL)) {
memcpy(val + currentvalpos, context, contextlen);
}
}
-/* $OpenBSD: t1_enc.c,v 1.68 2014/08/07 19:46:31 miod Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.69 2014/08/07 20:02:23 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
static int
tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
- unsigned int key_len, const unsigned char *iv, unsigned int iv_len)
+ unsigned key_len, const unsigned char *iv, unsigned iv_len)
{
const EVP_AEAD *aead = s->s3->tmp.new_aead;
SSL_AEAD_CTX *aead_ctx;
rec->length += pad;
}
} else if ((bs != 1) && send) {
- /* XXX divide by zero if bs == 0 (should not happen) */
i = bs - ((int)l % bs);
/* Add weird padding of upto 256 bytes */
currentvalpos++;
val[currentvalpos] = contextlen & 0xff;
currentvalpos++;
- if (contextlen != 0 && context != NULL) {
+ if ((contextlen > 0) || (context != NULL)) {
memcpy(val + currentvalpos, context, contextlen);
}
}
projects / openbsd / commitdiff