wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Convert session_id_length and sid_ctx_len to size_t

Browse source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell 2016-10-04 20:31:19 +01:00
parent 8c1a534305
commit ec60ccc1c1
6 changed files with 31 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
ssl/ssl_asn1.c
View file

@ -223,14 +223,14 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
/* Copy an OCTET STRING, return error if it exceeds maximum length */ /* Copy an OCTET STRING, return error if it exceeds maximum length */
static int ssl_session_memcpy(unsigned char *dst, unsigned int *pdstlen, static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
ASN1_OCTET_STRING *src, int maxlen) ASN1_OCTET_STRING *src, size_t maxlen)
{ {
if (src == NULL) { if (src == NULL) {
*pdstlen = 0; *pdstlen = 0;
return 1; return 1;
} }
if (src->length > maxlen) if (src->length < 0 || src->length > (int)maxlen)
return 0; return 0;
memcpy(dst, src->data, src->length); memcpy(dst, src->data, src->length);
*pdstlen = src->length; *pdstlen = src->length;
@ -241,7 +241,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
long length) long length)
{ {
long id; long id;
unsigned int tmpl; size_t tmpl;
const unsigned char *p = *pp; const unsigned char *p = *pp;
SSL_SESSION_ASN1 *as = NULL; SSL_SESSION_ASN1 *as = NULL;
SSL_SESSION *ret = NULL; SSL_SESSION *ret = NULL;

8
ssl/ssl_locl.h
View file

@ -503,14 +503,14 @@ struct ssl_session_st {
size_t master_key_length; size_t master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
/* session_id - valid? */ /* session_id - valid? */
unsigned int session_id_length; size_t session_id_length;
unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
/* /*
* this is used to determine whether the session is being reused in the * this is used to determine whether the session is being reused in the
* appropriate context. It is up to the application to set this, via * appropriate context. It is up to the application to set this, via
* SSL_new * SSL_new
*/ */
unsigned int sid_ctx_length; size_t sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
# ifndef OPENSSL_NO_PSK # ifndef OPENSSL_NO_PSK
char *psk_identity_hint; char *psk_identity_hint;
@ -722,7 +722,7 @@ struct ssl_ctx_st {
void *msg_callback_arg; void *msg_callback_arg;
uint32_t verify_mode; uint32_t verify_mode;
unsigned int sid_ctx_length; size_t sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* called 'verify_callback' in the SSL */ /* called 'verify_callback' in the SSL */
int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
@ -958,7 +958,7 @@ struct ssl_st {
* the session_id_context is used to ensure sessions are only reused in * the session_id_context is used to ensure sessions are only reused in
* the appropriate context * the appropriate context
*/ */
unsigned int sid_ctx_length; size_t sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* This can also be in the session once a session is established */ /* This can also be in the session once a session is established */
SSL_SESSION *session; SSL_SESSION *session;

8
ssl/ssl_txt.c
View file

@ -57,7 +57,7 @@ int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
{ {
unsigned int i; size_t i;
const char *s; const char *s;
if (x == NULL) if (x == NULL)
@ -98,7 +98,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
} }
if (BIO_puts(bp, "\n Master-Key: ") <= 0) if (BIO_puts(bp, "\n Master-Key: ") <= 0)
goto err; goto err;
for (i = 0; i < (unsigned int)x->master_key_length; i++) { for (i = 0; i < x->master_key_length; i++) {
if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
goto err; goto err;
} }
@ -181,7 +181,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
*/ */
int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x) int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
{ {
unsigned int i; size_t i;
if (x == NULL) if (x == NULL)
goto err; goto err;
@ -204,7 +204,7 @@ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
} }
if (BIO_puts(bp, " Master-Key:") <= 0) if (BIO_puts(bp, " Master-Key:") <= 0)
goto err; goto err;
for (i = 0; i < (unsigned int)x->master_key_length; i++) { for (i = 0; i < x->master_key_length; i++) {
if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
goto err; goto err;
} }

21
ssl/statem/statem_clnt.c
View file

@ -696,8 +696,8 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
int tls_construct_client_hello(SSL *s, WPACKET *pkt) int tls_construct_client_hello(SSL *s, WPACKET *pkt)
{ {
unsigned char *p; unsigned char *p;
int i; size_t sess_id_len;
int protverr; int i, protverr;
int al = SSL_AD_HANDSHAKE_FAILURE; int al = SSL_AD_HANDSHAKE_FAILURE;
#ifndef OPENSSL_NO_COMP #ifndef OPENSSL_NO_COMP
SSL_COMP *comp; SSL_COMP *comp;
@ -788,12 +788,13 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
/* Session ID */ /* Session ID */
if (s->new_session) if (s->new_session)
i = 0; sess_id_len = 0;
else else
i = s->session->session_id_length; sess_id_len = s->session->session_id_length;
if (i > (int)sizeof(s->session->session_id) if (sess_id_len > sizeof(s->session->session_id)
|| !WPACKET_start_sub_packet_u8(pkt) || !WPACKET_start_sub_packet_u8(pkt)
|| (i != 0 && !WPACKET_memcpy(pkt, s->session->session_id, i)) || (sess_id_len != 0 && !WPACKET_memcpy(pkt, s->session->session_id,
sess_id_len))
|| !WPACKET_close(pkt)) { || !WPACKET_close(pkt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return 0; return 0;
@ -1880,6 +1881,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
int al; int al;
unsigned int ticklen; unsigned int ticklen;
unsigned long ticket_lifetime_hint; unsigned long ticket_lifetime_hint;
unsigned int sess_len;
if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint) if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)
|| !PACKET_get_net_2(pkt, &ticklen) || !PACKET_get_net_2(pkt, &ticklen)
@ -1944,12 +1946,17 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
* elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
* SHA256 is disabled) hash of the ticket. * SHA256 is disabled) hash of the ticket.
*/ */
/*
* TODO(size_t): we use sess_len here because EVP_Digest expects an int
* but s->session->session_id_length is a size_t
*/
if (!EVP_Digest(s->session->tlsext_tick, ticklen, if (!EVP_Digest(s->session->tlsext_tick, ticklen,
s->session->session_id, &s->session->session_id_length, s->session->session_id, &sess_len,
EVP_sha256(), NULL)) { EVP_sha256(), NULL)) {
SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB);
goto err; goto err;
} }
s->session->session_id_length = sess_len;
return MSG_PROCESS_CONTINUE_READING; return MSG_PROCESS_CONTINUE_READING;
f_err: f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al); ssl3_send_alert(s, SSL3_AL_FATAL, al);

6
ssl/statem/statem_srvr.c
View file

@ -1491,8 +1491,8 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
int tls_construct_server_hello(SSL *s, WPACKET *pkt) int tls_construct_server_hello(SSL *s, WPACKET *pkt)
{ {
int sl, compm, al = SSL_AD_INTERNAL_ERROR; int compm, al = SSL_AD_INTERNAL_ERROR;
size_t len; size_t sl, len;
if (!WPACKET_put_bytes_u16(pkt, s->version) if (!WPACKET_put_bytes_u16(pkt, s->version)
/* /*
@ -1526,7 +1526,7 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
s->session->session_id_length = 0; s->session->session_id_length = 0;
sl = s->session->session_id_length; sl = s->session->session_id_length;
if (sl > (int)sizeof(s->session->session_id)) { if (sl > sizeof(s->session->session_id)) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }

4
ssl/t1_lib.c
View file

@ -21,7 +21,7 @@
#include <openssl/ct.h> #include <openssl/ct.h>
static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
const unsigned char *sess_id, int sesslen, const unsigned char *sess_id, size_t sesslen,
SSL_SESSION **psess); SSL_SESSION **psess);
static int ssl_check_clienthello_tlsext_early(SSL *s); static int ssl_check_clienthello_tlsext_early(SSL *s);
static int ssl_check_serverhello_tlsext(SSL *s); static int ssl_check_serverhello_tlsext(SSL *s);
@ -2964,7 +2964,7 @@ int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext,
*/ */
static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
int eticklen, const unsigned char *sess_id, int eticklen, const unsigned char *sess_id,
int sesslen, SSL_SESSION **psess) size_t sesslen, SSL_SESSION **psess)
{ {
SSL_SESSION *sess; SSL_SESSION *sess;
unsigned char *sdec; unsigned char *sdec;