-/* $OpenBSD: ssl_clnt.c,v 1.125 2022/01/04 11:17:11 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.126 2022/01/04 12:53:31 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
sc->peer_dh_tmp = dh;
- return (1);
+ return 1;
decode_err:
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
err:
DH_free(dh);
- return (-1);
+ return 0;
}
static int
ssl3_get_server_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, int nid, CBS *public)
{
EC_KEY *ecdh = NULL;
- int ret = -1;
+ int ret = 0;
/* Extract the server's ephemeral ECDH public key. */
if ((ecdh = EC_KEY_new()) == NULL) {
goto err;
}
- return (1);
+ return 1;
err:
- return (-1);
+ return 0;
}
static int
}
if (nid == NID_X25519) {
- if (ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public) != 1)
+ if (!ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public))
goto err;
} else {
- if (ssl3_get_server_kex_ecdhe_ecp(s, sc, nid, &public) != 1)
+ if (!ssl3_get_server_kex_ecdhe_ecp(s, sc, nid, &public))
goto err;
}
/* XXX - Anonymous ECDH, so no certificate or pkey. */
*pkey = NULL;
- return (1);
+ return 1;
decode_err:
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
err:
- return (-1);
+ return 0;
}
int
param_len = CBS_len(&cbs);
if (alg_k & SSL_kDHE) {
- if (ssl3_get_server_kex_dhe(s, &pkey, &cbs) != 1)
+ if (!ssl3_get_server_kex_dhe(s, &pkey, &cbs))
goto err;
} else if (alg_k & SSL_kECDHE) {
- if (ssl3_get_server_kex_ecdhe(s, &pkey, &cbs) != 1)
+ if (!ssl3_get_server_kex_ecdhe(s, &pkey, &cbs))
goto err;
} else if (alg_k != 0) {
al = SSL_AD_UNEXPECTED_MESSAGE;
uint16_t max_legacy_version;
EVP_PKEY *pkey = NULL;
RSA *rsa;
- int ret = -1;
+ int ret = 0;
int enc_len;
CBB epms;
EVP_PKEY_free(pkey);
free(enc_pms);
- return (ret);
+ return ret;
}
static int
DH *dh_srvr;
uint8_t *key = NULL;
size_t key_len = 0;
- int ret = -1;
+ int ret = 0;
/* Ensure that we have an ephemeral key from the server for DHE. */
if ((dh_srvr = sess_cert->peer_dh_tmp) == NULL) {
DH_free(dh_clnt);
freezero(key, key_len);
- return (ret);
+ return ret;
}
static int
EC_KEY *ecdh = NULL;
uint8_t *key = NULL;
size_t key_len = 0;
- int ret = -1;
+ int ret = 0;
CBB ecpoint;
if ((ecdh = EC_KEY_new()) == NULL) {
freezero(key, key_len);
EC_KEY_free(ecdh);
- return (ret);
+ return ret;
}
static int
ssl3_send_client_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, CBB *cbb)
{
uint8_t *public_key = NULL, *private_key = NULL, *shared_key = NULL;
- int ret = -1;
+ int ret = 0;
CBB ecpoint;
/* Generate X25519 key pair and derive shared key. */
freezero(private_key, X25519_KEY_LENGTH);
freezero(shared_key, X25519_KEY_LENGTH);
- return (ret);
+ return ret;
}
static int
goto err;
}
- return (1);
+ return 1;
err:
- return (-1);
+ return 0;
}
static int
goto err;
if (alg_k & SSL_kRSA) {
- if (ssl3_send_client_kex_rsa(s, sess_cert, &kex) != 1)
+ if (!ssl3_send_client_kex_rsa(s, sess_cert, &kex))
goto err;
} else if (alg_k & SSL_kDHE) {
- if (ssl3_send_client_kex_dhe(s, sess_cert, &kex) != 1)
+ if (!ssl3_send_client_kex_dhe(s, sess_cert, &kex))
goto err;
} else if (alg_k & SSL_kECDHE) {
- if (ssl3_send_client_kex_ecdhe(s, sess_cert, &kex) != 1)
+ if (!ssl3_send_client_kex_ecdhe(s, sess_cert, &kex))
goto err;
} else if (alg_k & SSL_kGOST) {
if (ssl3_send_client_kex_gost(s, sess_cert, &kex) != 1)
-/* $OpenBSD: ssl_srvr.c,v 1.129 2021/12/26 15:10:59 tb Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.130 2022/01/04 12:53:31 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
err:
DH_free(dh);
- return -1;
+ return 0;
}
static int
if (!CBB_flush(cbb))
goto err;
- return (1);
+ return 1;
fatal_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
- return (-1);
+ return 0;
}
static int
uint8_t *public_key = NULL, *private_key = NULL;
uint16_t curve_id;
CBB ecpoint;
- int ret = -1;
+ int ret = 0;
/* Generate an X25519 key pair. */
if (S3I(s)->tmp.x25519 != NULL) {
free(public_key);
freezero(private_key, X25519_KEY_LENGTH);
- return (ret);
+ return ret;
}
static int
type = S3I(s)->hs.cipher->algorithm_mkey;
if (type & SSL_kDHE) {
- if (ssl3_send_server_kex_dhe(s, &cbb_params) != 1)
+ if (!ssl3_send_server_kex_dhe(s, &cbb_params))
goto err;
} else if (type & SSL_kECDHE) {
- if (ssl3_send_server_kex_ecdhe(s, &cbb_params) != 1)
+ if (!ssl3_send_server_kex_ecdhe(s, &cbb_params))
goto err;
} else {
al = SSL_AD_HANDSHAKE_FAILURE;
freezero(pms, pms_len);
- return (1);
+ return 1;
decode_err:
al = SSL_AD_DECODE_ERROR;
err:
freezero(pms, pms_len);
- return (-1);
+ return 0;
}
static int
int invalid_key;
uint8_t *key = NULL;
size_t key_len = 0;
- int ret = -1;
+ int ret = 0;
if ((dh_srvr = S3I(s)->tmp.dh) == NULL) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
EC_KEY *ecdh_peer = NULL;
EC_KEY *ecdh;
CBS public;
- int ret = -1;
+ int ret = 0;
/*
* Use the ephemeral values we saved when generating the
freezero(key, key_len);
EC_KEY_free(ecdh_peer);
- return (ret);
+ return ret;
}
static int
{
uint8_t *shared_key = NULL;
CBS ecpoint;
- int ret = -1;
+ int ret = 0;
if (!CBS_get_u8_length_prefixed(cbs, &ecpoint))
goto err;
err:
freezero(shared_key, X25519_KEY_LENGTH);
- return (ret);
+ return ret;
}
static int
alg_k = S3I(s)->hs.cipher->algorithm_mkey;
if (alg_k & SSL_kRSA) {
- if (ssl3_get_client_kex_rsa(s, &cbs) != 1)
+ if (!ssl3_get_client_kex_rsa(s, &cbs))
goto err;
} else if (alg_k & SSL_kDHE) {
- if (ssl3_get_client_kex_dhe(s, &cbs) != 1)
+ if (!ssl3_get_client_kex_dhe(s, &cbs))
goto err;
} else if (alg_k & SSL_kECDHE) {
- if (ssl3_get_client_kex_ecdhe(s, &cbs) != 1)
+ if (!ssl3_get_client_kex_ecdhe(s, &cbs))
goto err;
} else if (alg_k & SSL_kGOST) {
if (ssl3_get_client_kex_gost(s, &cbs) != 1)
projects / openbsd / commitdiff