Fix some style issues with TLSv1.3 state machine PR

author Matt Caswell <matt@openssl.org>

Wed, 23 Nov 2016 15:38:32 +0000 (15:38 +0000)

committer Matt Caswell <matt@openssl.org>

Wed, 23 Nov 2016 15:38:32 +0000 (15:38 +0000)
author Matt Caswell <matt@openssl.org>
Wed, 23 Nov 2016 15:38:32 +0000 (15:38 +0000)
committer Matt Caswell <matt@openssl.org>
Wed, 23 Nov 2016 15:38:32 +0000 (15:38 +0000)
diff --git a/apps/s_server.c b/apps/s_server.c

index eebbb56ba39413be85bc5c367b3441799858fb71..f3494120e0130c391d40bd044c87b7c7aca9e33d 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -553,6 +553,10 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
   err:
      ret = SSL_TLSEXT_ERR_ALERT_FATAL;
   done:
+    /*
+     * If we parsed aia we need to free; otherwise they were copied and we
+     * don't
+     */
      if (aia != NULL) {
          OPENSSL_free(host);
          OPENSSL_free(path);
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index ec1a1de5dae9c8a89c647b2c3c95d31e142129ba..1f4e630c294c97fbde5c28e21ee0657a5ff57428 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2190,9 +2190,8 @@ MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
  /*
   * Perform miscellaneous checks and processing after we have received the
   * server's initial flight. In TLS1.3 this is after the Server Finished message.
- * In <=TLS1.2 this is after the ServerDone message.
- *
- * Returns 1 on success or 0 on failure.
+ * In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0
+ * on failure.
   */
  int tls_process_initial_server_flight(SSL *s, int *al)
  {
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c

index adee7a0c6d256c6756552bfca0acdfe0e5934d54..f8ccdec52e980589ca6a5b67315f7a646b472020 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -293,6 +293,7 @@ int tls13_change_cipher_state(SSL *s, int which)
      size_t ivlen, keylen, finsecretlen;
      const unsigned char *label;
      size_t labellen;
+    int ret = 0;
  
      if (which & SSL3_CC_READ) {
          if (s->enc_read_ctx != NULL) {
@@ -427,14 +428,11 @@ int tls13_change_cipher_state(SSL *s, int which)
      }
  #endif
  
-    OPENSSL_cleanse(secret, sizeof(secret));
-    OPENSSL_cleanse(key, sizeof(key));
-    OPENSSL_cleanse(iv, sizeof(iv));
-    return 1;
+    ret = 1;
  
   err:
      OPENSSL_cleanse(secret, sizeof(secret));
      OPENSSL_cleanse(key, sizeof(key));
      OPENSSL_cleanse(iv, sizeof(iv));
-    return 0;
+    return ret;
  }
diff --git a/test/clienthellotest.c b/test/clienthellotest.c

index 4219598846c0cafdbbab67b4f38cfa45817ec19d..61e81c3833a1a0f2e59164e568786a051b3b479f 100644 (file)
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -57,10 +57,7 @@ int main(int argc, char *argv[])
          testresult = 0;
          ctx = SSL_CTX_new(TLS_method());
  
-        /*
-         * This test is testing session tickets for <= TLS1.2. It isn't relevant
-         * for TLS1.3
-         */
+        /* Testing for session tickets <= TLS1.2; not relevant for 1.3 */
          if (ctx == NULL || !SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION))
              goto end;
author	Matt Caswell <matt@openssl.org>
	Wed, 23 Nov 2016 15:38:32 +0000 (15:38 +0000)
committer	Matt Caswell <matt@openssl.org>
	Wed, 23 Nov 2016 15:38:32 +0000 (15:38 +0000)
apps/s_server.c		patch \| blob \| history
ssl/statem/statem_clnt.c		patch \| blob \| history
ssl/tls13_enc.c		patch \| blob \| history
test/clienthellotest.c		patch \| blob \| history