pcurveslen = s->tlsext_ellipticcurvelist_length;
}
if (!*pcurves) {
- if (!s->server || (s->cert && s->cert->ecdh_tmp_auto)) {
+ if (!s->server || s->cert->ecdh_tmp_auto) {
*pcurves = eccurves_auto;
pcurveslen = sizeof(eccurves_auto);
} else {
*/
unsigned long dup_list = 0;
clist = OPENSSL_malloc(ncurves * 2);
- if (!clist)
+ if (clist == NULL)
return 0;
for (i = 0, p = clist; i < ncurves; i++) {
unsigned long idmask;
s->s3->tmp.mask_ssl = SSL_TLSV1_2;
else
s->s3->tmp.mask_ssl = 0;
+ /* Disable TLS 1.0 ciphers if using SSL v3 */
+ if (s->client_version == SSL3_VERSION)
+ s->s3->tmp.mask_ssl |= SSL_TLSV1;
ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
/*
* Disable static DH if we don't include any appropriate signature
s->tlsext_session_ticket->data) {
ticklen = s->tlsext_session_ticket->length;
s->session->tlsext_tick = OPENSSL_malloc(ticklen);
- if (!s->session->tlsext_tick)
+ if (s->session->tlsext_tick == NULL)
return NULL;
memcpy(s->session->tlsext_tick,
s->tlsext_session_ticket->data, ticklen);
if (r == SSL_TLSEXT_ERR_OK) {
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = OPENSSL_malloc(selected_len);
- if (!s->s3->alpn_selected) {
+ if (s->s3->alpn_selected == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
return -1;
}
return 0;
}
s->next_proto_negotiated = OPENSSL_malloc(selected_len);
- if (!s->next_proto_negotiated) {
+ if (s->next_proto_negotiated == NULL) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
}
OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = OPENSSL_malloc(len);
- if (!s->s3->alpn_selected) {
+ if (s->s3->alpn_selected == NULL) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
sdec = OPENSSL_malloc(eticklen);
- if (!sdec) {
+ if (sdec == NULL) {
EVP_CIPHER_CTX_cleanup(&ctx);
return -1;
}
* disabled.
*/
-void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op)
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
{
const unsigned char *sigalgs;
size_t i, sigalgslen;
nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen);
if (nmatch) {
salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
- if (!salgs)
+ if (salgs == NULL)
return 0;
nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen);
} else {
}
/* ...and no handshake in progress. */
- if (SSL_in_init(s) || s->in_handshake) {
+ if (SSL_in_init(s) || ossl_statem_get_in_handshake(s)) {
SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
return -1;
}
- /*
- * Check if padding is too long, payload and padding must not exceed 2^14
- * - 3 = 16381 bytes in total.
- */
- OPENSSL_assert(payload + padding <= 16381);
-
/*-
* Create HeartBeat message, we just use a sequence number
* as payload to distuingish different messages and add
idx = ssl_cert_type(x, pk);
if (idx == -1)
return 0;
- cpk = c->pkeys + idx;
pvalid = s->s3->tmp.valid_flags + idx;
if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
if (dh_secbits >= 128) {
DH *dhp = DH_new();
- if (!dhp)
+ if (dhp == NULL)
return NULL;
dhp->g = BN_new();
- if (dhp->g)
+ if (dhp->g != NULL)
BN_set_word(dhp->g, 2);
if (dh_secbits >= 192)
dhp->p = get_rfc3526_prime_8192(NULL);
else
dhp->p = get_rfc3526_prime_3072(NULL);
- if (!dhp->p || !dhp->g) {
+ if (dhp->p == NULL || dhp->g == NULL) {
DH_free(dhp);
return NULL;
}