Fix warnings properly this time ;-)

[openssl.git] / ssl / t1_enc.c

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 3a349920d9cd2144e73472f43b98f46fc59c74cf..e35173823771e9303520f99e4c85b17daa20a1f8 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -137,7 +137,9 @@
 
 #include <stdio.h>
 #include "ssl_locl.h"
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/md5.h>
@@ -163,6 +165,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
        unsigned int A1_len;
        
        chunk=EVP_MD_size(md);
+       OPENSSL_assert(chunk >= 0);
 
        HMAC_CTX_init(&ctx);
        HMAC_CTX_init(&ctx_tmp);
@@ -605,7 +608,10 @@ int tls1_enc(SSL *s, int send)
        if (send)
                {
                if (EVP_MD_CTX_md(s->write_hash))
+                       {
                        n=EVP_MD_CTX_size(s->write_hash);
+                       OPENSSL_assert(n >= 0);
+                       }
                ds=s->enc_write_ctx;
                rec= &(s->s3->wrec);
                if (s->enc_write_ctx == NULL)
@@ -616,7 +622,10 @@ int tls1_enc(SSL *s, int send)
        else
                {
                if (EVP_MD_CTX_md(s->read_hash))
+                       {
                        n=EVP_MD_CTX_size(s->read_hash);
+                       OPENSSL_assert(n >= 0);
+                       }
                ds=s->enc_read_ctx;
                rec= &(s->s3->rrec);
                if (s->enc_read_ctx == NULL)
@@ -749,7 +758,9 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
        int i;
 
        if (s->s3->handshake_buffer) 
-               ssl3_digest_cached_records(s);
+               if (!ssl3_digest_cached_records(s))
+                       return 0;
+
        for (i=0;i<SSL_MAX_DIGEST;i++) 
                {
                  if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) 
@@ -784,17 +795,18 @@ int tls1_final_finish_mac(SSL *s,
 
        q=buf;
 
-       EVP_MD_CTX_init(&ctx);
-
        if (s->s3->handshake_buffer) 
-               ssl3_digest_cached_records(s);
+               if (!ssl3_digest_cached_records(s))
+                       return 0;
+
+       EVP_MD_CTX_init(&ctx);
 
        for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
                {
                if (mask & s->s3->tmp.new_cipher->algorithm2)
                        {
-                       unsigned int hashsize = EVP_MD_size(md);
-                       if (hashsize > (sizeof buf - (size_t)(q-buf)))
+                       int hashsize = EVP_MD_size(md);
+                       if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
                                {
                                /* internal error: 'buf' is too small for this cipersuite! */
                                err = 1;
@@ -803,7 +815,7 @@ int tls1_final_finish_mac(SSL *s,
                                {
                                EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
                                EVP_DigestFinal_ex(&ctx,q,&i);
-                               if (i != hashsize) /* can't really happen */
+                               if (i != (unsigned int)hashsize) /* can't really happen */
                                        err = 1;
                                q+=i;
                                }
@@ -832,6 +844,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
        EVP_MD_CTX hmac, *mac_ctx;
        unsigned char buf[5]; 
        int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
+       int t;
 
        if (send)
                {
@@ -848,7 +861,9 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                hash=ssl->read_hash;
                }
 
-       md_size=EVP_MD_CTX_size(hash);
+       t=EVP_MD_CTX_size(hash);
+       OPENSSL_assert(t >= 0);
+       md_size=t;
 
        buf[0]=rec->type;
        buf[1]=(unsigned char)(ssl->version>>8);
@@ -881,7 +896,9 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
 
        EVP_DigestSignUpdate(mac_ctx,buf,5);
        EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
-       EVP_DigestSignFinal(mac_ctx,md,&md_size);
+       t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
+       OPENSSL_assert(t > 0);
+               
        if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
 #ifdef TLS_DEBUG
 printf("sec=");