Loading ssl/ssl_asn1.c +4 −4 Original line number Diff line number Diff line Loading @@ -223,14 +223,14 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) /* Copy an OCTET STRING, return error if it exceeds maximum length */ static int ssl_session_memcpy(unsigned char *dst, unsigned int *pdstlen, ASN1_OCTET_STRING *src, int maxlen) static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, ASN1_OCTET_STRING *src, size_t maxlen) { if (src == NULL) { *pdstlen = 0; return 1; } if (src->length > maxlen) if (src->length < 0 || src->length > (int)maxlen) return 0; memcpy(dst, src->data, src->length); *pdstlen = src->length; Loading @@ -241,7 +241,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) { long id; unsigned int tmpl; size_t tmpl; const unsigned char *p = *pp; SSL_SESSION_ASN1 *as = NULL; SSL_SESSION *ret = NULL; Loading ssl/ssl_locl.h +4 −4 Original line number Diff line number Diff line Loading @@ -503,14 +503,14 @@ struct ssl_session_st { size_t master_key_length; unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; /* session_id - valid? */ unsigned int session_id_length; size_t session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* * this is used to determine whether the session is being reused in the * appropriate context. It is up to the application to set this, via * SSL_new */ unsigned int sid_ctx_length; size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; # ifndef OPENSSL_NO_PSK char *psk_identity_hint; Loading Loading @@ -722,7 +722,7 @@ struct ssl_ctx_st { void *msg_callback_arg; uint32_t verify_mode; unsigned int sid_ctx_length; size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* called 'verify_callback' in the SSL */ int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); Loading Loading @@ -958,7 +958,7 @@ struct ssl_st { * the session_id_context is used to ensure sessions are only reused in * the appropriate context */ unsigned int sid_ctx_length; size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* This can also be in the session once a session is established */ SSL_SESSION *session; Loading ssl/ssl_txt.c +4 −4 Original line number Diff line number Diff line Loading @@ -57,7 +57,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { unsigned int i; size_t i; const char *s; if (x == NULL) Loading Loading @@ -98,7 +98,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) } if (BIO_puts(bp, "\n Master-Key: ") <= 0) goto err; for (i = 0; i < (unsigned int)x->master_key_length; i++) { for (i = 0; i < x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } Loading Loading @@ -181,7 +181,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) */ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) { unsigned int i; size_t i; if (x == NULL) goto err; Loading @@ -204,7 +204,7 @@ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) } if (BIO_puts(bp, " Master-Key:") <= 0) goto err; for (i = 0; i < (unsigned int)x->master_key_length; i++) { for (i = 0; i < x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } Loading ssl/statem/statem_clnt.c +14 −7 Original line number Diff line number Diff line Loading @@ -696,8 +696,8 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) int tls_construct_client_hello(SSL *s, WPACKET *pkt) { unsigned char *p; int i; int protverr; size_t sess_id_len; int i, protverr; int al = SSL_AD_HANDSHAKE_FAILURE; #ifndef OPENSSL_NO_COMP SSL_COMP *comp; Loading Loading @@ -788,12 +788,13 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) /* Session ID */ if (s->new_session) i = 0; sess_id_len = 0; else i = s->session->session_id_length; if (i > (int)sizeof(s->session->session_id) sess_id_len = s->session->session_id_length; if (sess_id_len > sizeof(s->session->session_id) || !WPACKET_start_sub_packet_u8(pkt) || (i != 0 && !WPACKET_memcpy(pkt, s->session->session_id, i)) || (sess_id_len != 0 && !WPACKET_memcpy(pkt, s->session->session_id, sess_id_len)) || !WPACKET_close(pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); return 0; Loading Loading @@ -1880,6 +1881,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) int al; unsigned int ticklen; unsigned long ticket_lifetime_hint; unsigned int sess_len; if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint) || !PACKET_get_net_2(pkt, &ticklen) Loading Loading @@ -1944,12 +1946,17 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is * SHA256 is disabled) hash of the ticket. */ /* * TODO(size_t): we use sess_len here because EVP_Digest expects an int * but s->session->session_id_length is a size_t */ if (!EVP_Digest(s->session->tlsext_tick, ticklen, s->session->session_id, &s->session->session_id_length, s->session->session_id, &sess_len, EVP_sha256(), NULL)) { SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB); goto err; } s->session->session_id_length = sess_len; return MSG_PROCESS_CONTINUE_READING; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); Loading ssl/statem/statem_srvr.c +3 −3 Original line number Diff line number Diff line Loading @@ -1491,8 +1491,8 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) int tls_construct_server_hello(SSL *s, WPACKET *pkt) { int sl, compm, al = SSL_AD_INTERNAL_ERROR; size_t len; int compm, al = SSL_AD_INTERNAL_ERROR; size_t sl, len; if (!WPACKET_put_bytes_u16(pkt, s->version) /* Loading Loading @@ -1526,7 +1526,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) s->session->session_id_length = 0; sl = s->session->session_id_length; if (sl > (int)sizeof(s->session->session_id)) { if (sl > sizeof(s->session->session_id)) { SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); goto err; } Loading Loading
ssl/ssl_asn1.c +4 −4 Original line number Diff line number Diff line Loading @@ -223,14 +223,14 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) /* Copy an OCTET STRING, return error if it exceeds maximum length */ static int ssl_session_memcpy(unsigned char *dst, unsigned int *pdstlen, ASN1_OCTET_STRING *src, int maxlen) static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, ASN1_OCTET_STRING *src, size_t maxlen) { if (src == NULL) { *pdstlen = 0; return 1; } if (src->length > maxlen) if (src->length < 0 || src->length > (int)maxlen) return 0; memcpy(dst, src->data, src->length); *pdstlen = src->length; Loading @@ -241,7 +241,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) { long id; unsigned int tmpl; size_t tmpl; const unsigned char *p = *pp; SSL_SESSION_ASN1 *as = NULL; SSL_SESSION *ret = NULL; Loading
ssl/ssl_locl.h +4 −4 Original line number Diff line number Diff line Loading @@ -503,14 +503,14 @@ struct ssl_session_st { size_t master_key_length; unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; /* session_id - valid? */ unsigned int session_id_length; size_t session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* * this is used to determine whether the session is being reused in the * appropriate context. It is up to the application to set this, via * SSL_new */ unsigned int sid_ctx_length; size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; # ifndef OPENSSL_NO_PSK char *psk_identity_hint; Loading Loading @@ -722,7 +722,7 @@ struct ssl_ctx_st { void *msg_callback_arg; uint32_t verify_mode; unsigned int sid_ctx_length; size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* called 'verify_callback' in the SSL */ int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); Loading Loading @@ -958,7 +958,7 @@ struct ssl_st { * the session_id_context is used to ensure sessions are only reused in * the appropriate context */ unsigned int sid_ctx_length; size_t sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /* This can also be in the session once a session is established */ SSL_SESSION *session; Loading
ssl/ssl_txt.c +4 −4 Original line number Diff line number Diff line Loading @@ -57,7 +57,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { unsigned int i; size_t i; const char *s; if (x == NULL) Loading Loading @@ -98,7 +98,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) } if (BIO_puts(bp, "\n Master-Key: ") <= 0) goto err; for (i = 0; i < (unsigned int)x->master_key_length; i++) { for (i = 0; i < x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } Loading Loading @@ -181,7 +181,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) */ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) { unsigned int i; size_t i; if (x == NULL) goto err; Loading @@ -204,7 +204,7 @@ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) } if (BIO_puts(bp, " Master-Key:") <= 0) goto err; for (i = 0; i < (unsigned int)x->master_key_length; i++) { for (i = 0; i < x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } Loading
ssl/statem/statem_clnt.c +14 −7 Original line number Diff line number Diff line Loading @@ -696,8 +696,8 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) int tls_construct_client_hello(SSL *s, WPACKET *pkt) { unsigned char *p; int i; int protverr; size_t sess_id_len; int i, protverr; int al = SSL_AD_HANDSHAKE_FAILURE; #ifndef OPENSSL_NO_COMP SSL_COMP *comp; Loading Loading @@ -788,12 +788,13 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) /* Session ID */ if (s->new_session) i = 0; sess_id_len = 0; else i = s->session->session_id_length; if (i > (int)sizeof(s->session->session_id) sess_id_len = s->session->session_id_length; if (sess_id_len > sizeof(s->session->session_id) || !WPACKET_start_sub_packet_u8(pkt) || (i != 0 && !WPACKET_memcpy(pkt, s->session->session_id, i)) || (sess_id_len != 0 && !WPACKET_memcpy(pkt, s->session->session_id, sess_id_len)) || !WPACKET_close(pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); return 0; Loading Loading @@ -1880,6 +1881,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) int al; unsigned int ticklen; unsigned long ticket_lifetime_hint; unsigned int sess_len; if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint) || !PACKET_get_net_2(pkt, &ticklen) Loading Loading @@ -1944,12 +1946,17 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is * SHA256 is disabled) hash of the ticket. */ /* * TODO(size_t): we use sess_len here because EVP_Digest expects an int * but s->session->session_id_length is a size_t */ if (!EVP_Digest(s->session->tlsext_tick, ticklen, s->session->session_id, &s->session->session_id_length, s->session->session_id, &sess_len, EVP_sha256(), NULL)) { SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB); goto err; } s->session->session_id_length = sess_len; return MSG_PROCESS_CONTINUE_READING; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); Loading
ssl/statem/statem_srvr.c +3 −3 Original line number Diff line number Diff line Loading @@ -1491,8 +1491,8 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) int tls_construct_server_hello(SSL *s, WPACKET *pkt) { int sl, compm, al = SSL_AD_INTERNAL_ERROR; size_t len; int compm, al = SSL_AD_INTERNAL_ERROR; size_t sl, len; if (!WPACKET_put_bytes_u16(pkt, s->version) /* Loading Loading @@ -1526,7 +1526,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) s->session->session_id_length = 0; sl = s->session->session_id_length; if (sl > (int)sizeof(s->session->session_id)) { if (sl > sizeof(s->session->session_id)) { SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); goto err; } Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>