projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Remove redundant check.
[openssl.git]
/
ssl
/
s3_pkt.c
diff --git
a/ssl/s3_pkt.c
b/ssl/s3_pkt.c
index ad9dc5154abf7d44fbce2a64340203c0823009cf..243992542b0abd129c2ebaa56e690dbdabee5cac 100644
(file)
--- a/
ssl/s3_pkt.c
+++ b/
ssl/s3_pkt.c
@@
-110,6
+110,7
@@
*/
#include <stdio.h>
*/
#include <stdio.h>
+#include <limits.h>
#include <errno.h>
#define USE_SOCKETS
#include "ssl_locl.h"
#include <errno.h>
#define USE_SOCKETS
#include "ssl_locl.h"
@@
-644,6
+645,7
@@
int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
int i;
s->rwstate=SSL_NOTHING;
int i;
s->rwstate=SSL_NOTHING;
+ OPENSSL_assert(s->s3->wnum <= INT_MAX);
tot=s->s3->wnum;
s->s3->wnum=0;
tot=s->s3->wnum;
s->s3->wnum=0;
@@
-667,7
+669,7
@@
int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
* buffer ... so we trap and report the error in a way the user
* will notice
*/
* buffer ... so we trap and report the error in a way the user
* will notice
*/
- if (
len < tot)
+ if (len < tot)
{
SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH);
return(-1);
{
SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH);
return(-1);
@@
-695,7
+697,7
@@
int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
* compromise is considered worthy.
*/
if (type==SSL3_RT_APPLICATION_DATA &&
* compromise is considered worthy.
*/
if (type==SSL3_RT_APPLICATION_DATA &&
- len >= 4*(max_send_fragment=s->max_send_fragment) &&
+ len >= 4*(
int)(
max_send_fragment=s->max_send_fragment) &&
s->compress==NULL && s->msg_callback==NULL &&
!SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
EVP_CIPHER_flags(s->enc_write_ctx->cipher)&EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
s->compress==NULL && s->msg_callback==NULL &&
!SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
EVP_CIPHER_flags(s->enc_write_ctx->cipher)&EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
@@
-716,7
+718,7
@@
int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
max_send_fragment,NULL);
EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
max_send_fragment,NULL);
- if (len>=8*
max_send_fragment)
packlen *= 8;
+ if (len>=8*
(int)max_send_fragment)
packlen *= 8;
else packlen *= 4;
wb->buf=OPENSSL_malloc(packlen);
else packlen *= 4;
wb->buf=OPENSSL_malloc(packlen);
@@
-768,7
+770,7
@@
int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
sizeof(mb_param),&mb_param);
EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
sizeof(mb_param),&mb_param);
- if (packlen<=0 || packlen>
wb->len)
/* never happens */
+ if (packlen<=0 || packlen>
(int)wb->len)
/* never happens */
{
OPENSSL_free(wb->buf); /* free jumbo buffer */
wb->buf = NULL;
{
OPENSSL_free(wb->buf); /* free jumbo buffer */
wb->buf = NULL;
@@
-880,9
+882,6
@@
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
SSL3_BUFFER *wb=&(s->s3->wbuf);
SSL_SESSION *sess;
SSL3_BUFFER *wb=&(s->s3->wbuf);
SSL_SESSION *sess;
- if (wb->buf == NULL)
- if (!ssl3_setup_write_buffer(s))
- return -1;
/* first check if there is a SSL3_BUFFER still being written
* out. This will happen with non blocking IO */
/* first check if there is a SSL3_BUFFER still being written
* out. This will happen with non blocking IO */
@@
-898,6
+897,10
@@
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* if it went, fall through and send more stuff */
}
/* if it went, fall through and send more stuff */
}
+ if (wb->buf == NULL)
+ if (!ssl3_setup_write_buffer(s))
+ return -1;
+
if (len == 0 && !create_empty_fragment)
return 0;
if (len == 0 && !create_empty_fragment)
return 0;
@@
-1244,7
+1247,7
@@
int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
if (!ssl3_setup_read_buffer(s))
return(-1);
if (!ssl3_setup_read_buffer(s))
return(-1);
- if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)
&& type
) ||
+ if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) ||
(peek && (type != SSL3_RT_APPLICATION_DATA)))
{
SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
(peek && (type != SSL3_RT_APPLICATION_DATA)))
{
SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
@@
-1592,6
+1595,15
@@
start:
goto f_err;
}
goto f_err;
}
+ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
+ }
+
+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+
rr->length=0;
if (s->msg_callback)
rr->length=0;
if (s->msg_callback)
@@
-1726,7
+1738,7
@@
int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL)
{
if (s->s3->tmp.key_block == NULL)
{
- if (s->session == NULL
)
+ if (s->session == NULL
|| s->session->master_key_length == 0)
{
/* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
{
/* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);