Loading ssl/record/rec_layer_s3.c +4 −4 Original line number Diff line number Diff line Loading @@ -418,6 +418,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, unsigned char aad[13]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t packlen; int packleni; /* minimize address aliasing conflicts */ if ((max_send_fragment & 0xfff) == 0) Loading Loading @@ -476,12 +477,11 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, mb_param.inp = aad; mb_param.len = nw; /* TODO: CHECK ME - CAN THIS EVER BE NEGATIVE???? */ packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, sizeof(mb_param), &mb_param); if (packlen <= 0 || packlen > wb->len) { /* never happens */ packlen = (size_t)packleni; if (packleni <= 0 || packlen > wb->len) { /* never happens */ /* free jumbo buffer */ ssl3_release_write_buffer(s); break; Loading ssl/record/ssl3_record.c +0 −6 Original line number Diff line number Diff line Loading @@ -202,7 +202,6 @@ int ssl3_get_record(SSL *s) ssl_minor = *(p++); version = (ssl_major << 8) | ssl_minor; rr[num_recs].rec_version = version; /* TODO(size_t): CHECK ME */ n2s(p, rr[num_recs].length); /* Lets check version */ Loading Loading @@ -1108,7 +1107,6 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) * 1: if the padding was valid * -1: otherwise. */ /* TODO(size_t): Convert me */ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, size_t block_size, size_t mac_size) { Loading @@ -1123,7 +1121,6 @@ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, return 0; padding_length = rec->data[rec->length - 1]; /* TODO(size_t): size_t constant_time ? */ good = constant_time_ge(rec->length, padding_length + overhead); /* SSLv3 requires that the padding is minimal. */ good &= constant_time_ge(block_size, padding_length + 1); Loading Loading @@ -1176,7 +1173,6 @@ int tls1_cbc_remove_padding(const SSL *s, return 1; } /* TODO(size_t): size_t constant_time?? */ good = constant_time_ge(rec->length, overhead + padding_length); /* * The padding consists of a length byte at the end of the record and Loading Loading @@ -1279,7 +1275,6 @@ void ssl3_cbc_copy_mac(unsigned char *out, memset(rotated_mac, 0, md_size); for (i = scan_start, j = 0; i < rec->orig_len; i++) { /* TODO(size_t): should we have constant_time variants for size_t? */ unsigned char mac_started = constant_time_ge_8(i, mac_start); unsigned char mac_ended = constant_time_ge_8(i, mac_end); unsigned char b = rec->data[i]; Loading Loading @@ -1587,7 +1582,6 @@ int dtls1_get_record(SSL *s) memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6); p += 6; /* TODO(size_t): CHECK ME */ n2s(p, rr->length); /* Lets check version */ Loading ssl/statem/statem_dtls.c +0 −5 Original line number Diff line number Diff line Loading @@ -214,11 +214,6 @@ int dtls1_do_write(SSL *s, int type) else len = s->init_num; /* Shouldn't ever happen */ /* TODO(size_t): can this go now? */ if (len > INT_MAX) len = INT_MAX; /* * XDTLS: this function is too long. split out the CCS part */ Loading Loading
ssl/record/rec_layer_s3.c +4 −4 Original line number Diff line number Diff line Loading @@ -418,6 +418,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, unsigned char aad[13]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t packlen; int packleni; /* minimize address aliasing conflicts */ if ((max_send_fragment & 0xfff) == 0) Loading Loading @@ -476,12 +477,11 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, mb_param.inp = aad; mb_param.len = nw; /* TODO: CHECK ME - CAN THIS EVER BE NEGATIVE???? */ packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, sizeof(mb_param), &mb_param); if (packlen <= 0 || packlen > wb->len) { /* never happens */ packlen = (size_t)packleni; if (packleni <= 0 || packlen > wb->len) { /* never happens */ /* free jumbo buffer */ ssl3_release_write_buffer(s); break; Loading
ssl/record/ssl3_record.c +0 −6 Original line number Diff line number Diff line Loading @@ -202,7 +202,6 @@ int ssl3_get_record(SSL *s) ssl_minor = *(p++); version = (ssl_major << 8) | ssl_minor; rr[num_recs].rec_version = version; /* TODO(size_t): CHECK ME */ n2s(p, rr[num_recs].length); /* Lets check version */ Loading Loading @@ -1108,7 +1107,6 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send) * 1: if the padding was valid * -1: otherwise. */ /* TODO(size_t): Convert me */ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, size_t block_size, size_t mac_size) { Loading @@ -1123,7 +1121,6 @@ int ssl3_cbc_remove_padding(SSL3_RECORD *rec, return 0; padding_length = rec->data[rec->length - 1]; /* TODO(size_t): size_t constant_time ? */ good = constant_time_ge(rec->length, padding_length + overhead); /* SSLv3 requires that the padding is minimal. */ good &= constant_time_ge(block_size, padding_length + 1); Loading Loading @@ -1176,7 +1173,6 @@ int tls1_cbc_remove_padding(const SSL *s, return 1; } /* TODO(size_t): size_t constant_time?? */ good = constant_time_ge(rec->length, overhead + padding_length); /* * The padding consists of a length byte at the end of the record and Loading Loading @@ -1279,7 +1275,6 @@ void ssl3_cbc_copy_mac(unsigned char *out, memset(rotated_mac, 0, md_size); for (i = scan_start, j = 0; i < rec->orig_len; i++) { /* TODO(size_t): should we have constant_time variants for size_t? */ unsigned char mac_started = constant_time_ge_8(i, mac_start); unsigned char mac_ended = constant_time_ge_8(i, mac_end); unsigned char b = rec->data[i]; Loading Loading @@ -1587,7 +1582,6 @@ int dtls1_get_record(SSL *s) memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6); p += 6; /* TODO(size_t): CHECK ME */ n2s(p, rr->length); /* Lets check version */ Loading
ssl/statem/statem_dtls.c +0 −5 Original line number Diff line number Diff line Loading @@ -214,11 +214,6 @@ int dtls1_do_write(SSL *s, int type) else len = s->init_num; /* Shouldn't ever happen */ /* TODO(size_t): can this go now? */ if (len > INT_MAX) len = INT_MAX; /* * XDTLS: this function is too long. split out the CCS part */ Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>