X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_lib.c;h=7e9faf4ab18ce8b18214f4cf58f0299c3ed82ee2;hp=6066c7807d8715e8eb6e28210733537384b31354;hb=6b43bbf09c6f31f2b6c66a5e8ef3b668036fbfeb;hpb=4e08d4a84c5935667ae266008174565b3ba39b58 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6066c7807d..7e9faf4ab1 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -159,7 +159,7 @@ const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT; -#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) +#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) /* list of available SSLv3 ciphers (sorted by id) */ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { @@ -1839,21 +1839,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL - { - 1, - "SCSV", - SSL3_CK_SCSV, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0}, -#endif #ifndef OPENSSL_NO_CAMELLIA /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ @@ -2051,6 +2036,23 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { }, #endif +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL + /* Cipher FF */ + { + 1, + "SCSV", + SSL3_CK_SCSV, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0}, +#endif + #ifndef OPENSSL_NO_EC /* Cipher C001 */ { @@ -3078,16 +3080,6 @@ const SSL_CIPHER *ssl3_get_cipher(unsigned int u) return (NULL); } -int ssl3_pending(const SSL *s) -{ - if (s->rstate == SSL_ST_READ_BODY) - return 0; - - return (SSL3_RECORD_get_type(RECORD_LAYER_get_rrec(&s->rlayer)) - == SSL3_RT_APPLICATION_DATA) - ? SSL3_RECORD_get_length(RECORD_LAYER_get_rrec(&s->rlayer)) : 0; -} - int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) { unsigned char *p = (unsigned char *)s->init_buf->data; @@ -3108,13 +3100,13 @@ int ssl3_new(SSL *s) { SSL3_STATE *s3; - if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) + if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL) goto err; - memset(s3, 0, sizeof *s3); + memset(s3, 0, sizeof(*s3)); s->s3 = s3; #ifndef OPENSSL_NO_SRP - if(!SSL_SRP_CTX_init(s)) + if (!SSL_SRP_CTX_init(s)) goto err; #endif s->method->ssl_clear(s); @@ -3136,21 +3128,18 @@ void ssl3_free(SSL *s) EC_KEY_free(s->s3->tmp.ecdh); #endif - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); BIO_free(s->s3->handshake_buffer); if (s->s3->handshake_dgst) ssl3_free_digest_list(s); #ifndef OPENSSL_NO_TLSEXT - if (s->s3->alpn_selected) - OPENSSL_free(s->s3->alpn_selected); + OPENSSL_free(s->s3->alpn_selected); #endif #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); #endif - OPENSSL_cleanse(s->s3, sizeof *s->s3); - OPENSSL_free(s->s3); + OPENSSL_clear_free(s->s3, sizeof(*s->s3)); s->s3 = NULL; } @@ -3159,10 +3148,8 @@ void ssl3_clear(SSL *s) int init_extra; ssl3_cleanup_key_block(s); - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); - SSL3_RECORD_release(RECORD_LAYER_get_rrec(&s->rlayer)); #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); s->s3->tmp.dh = NULL; @@ -3189,12 +3176,11 @@ void ssl3_clear(SSL *s) s->s3->alpn_selected = NULL; } #endif - memset(s->s3, 0, sizeof *s->s3); + memset(s->s3, 0, sizeof(*s->s3)); s->s3->init_extra = init_extra; ssl_free_wbio_buffer(s); - s->packet_length = 0; s->s3->renegotiate = 0; s->s3->total_renegotiations = 0; s->s3->num_renegotiations = 0; @@ -3202,11 +3188,9 @@ void ssl3_clear(SSL *s) s->version = SSL3_VERSION; #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->next_proto_negotiated) { - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = NULL; - s->next_proto_negotiated_len = 0; - } + OPENSSL_free(s->next_proto_negotiated); + s->next_proto_negotiated = NULL; + s->next_proto_negotiated_len = 0; #endif } @@ -3346,8 +3330,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { - if (s->tlsext_hostname != NULL) - OPENSSL_free(s->tlsext_hostname); + OPENSSL_free(s->tlsext_hostname); s->tlsext_hostname = NULL; ret = 1; @@ -3401,8 +3384,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return s->tlsext_ocsp_resplen; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: - if (s->tlsext_ocsp_resp) - OPENSSL_free(s->tlsext_ocsp_resp); + OPENSSL_free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = parg; s->tlsext_ocsp_resplen = larg; ret = 1; @@ -3589,7 +3571,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ptmp = EVP_PKEY_new(); if (!ptmp) return 0; - if (0) ; #ifndef OPENSSL_NO_RSA else if (sc->peer_rsa_tmp) rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp); @@ -3848,8 +3829,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) # ifndef OPENSSL_NO_SRP case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: ctx->srp_ctx.srp_Mask |= SSL_kSRP; - if (ctx->srp_ctx.login != NULL) - OPENSSL_free(ctx->srp_ctx.login); + OPENSSL_free(ctx->srp_ctx.login); ctx->srp_ctx.login = NULL; if (parg == NULL) break; @@ -3937,10 +3917,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) break; case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: - if (ctx->extra_certs) { - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } + sk_X509_pop_free(ctx->extra_certs, X509_free); + ctx->extra_certs = NULL; break; case SSL_CTRL_CHAIN: @@ -4298,10 +4276,8 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) { - if (c->ctypes) { - OPENSSL_free(c->ctypes); - c->ctypes = NULL; - } + OPENSSL_free(c->ctypes); + c->ctypes = NULL; if (!p || !len) return 1; if (len > 0xff) @@ -4473,8 +4449,8 @@ int ssl3_renegotiate_check(SSL *s) int ret = 0; if (s->s3->renegotiate) { - if ((SSL3_BUFFER_get_left(RECORD_LAYER_get_rbuf(&s->rlayer)) == 0) - && (SSL3_BUFFER_get_left(RECORD_LAYER_get_wbuf(&s->rlayer)) == 0) + if (!RECORD_LAYER_read_pending(&s->rlayer) + && !RECORD_LAYER_write_pending(&s->rlayer) && !SSL_in_init(s)) { /* * if we are the server, and we have sent a 'RENEGOTIATE'