mirror of
https://github.com/openssl/openssl.git
synced 2024-11-21 01:15:20 +08:00
Various style fixes following review feedback
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
This commit is contained in:
parent
61c3264970
commit
40f805ad92
@ -2197,12 +2197,19 @@ __owur int tls1_set_server_sigalgs(SSL *s);
|
||||
|
||||
/* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */
|
||||
typedef enum ticket_en {
|
||||
/* fatal error, malloc failure */
|
||||
TICKET_FATAL_ERR_MALLOC,
|
||||
/* fatal error, either from parsing or decrypting the ticket */
|
||||
TICKET_FATAL_ERR_OTHER,
|
||||
/* No ticket present */
|
||||
TICKET_NONE,
|
||||
/* Empty ticket present */
|
||||
TICKET_EMPTY,
|
||||
/* the ticket couldn't be decrypted */
|
||||
TICKET_NO_DECRYPT,
|
||||
/* a ticket was successfully decrypted */
|
||||
TICKET_SUCCESS,
|
||||
/* same as above but the ticket needs to be reneewed */
|
||||
TICKET_SUCCESS_RENEW
|
||||
} TICKET_RETURN;
|
||||
|
||||
|
@ -640,9 +640,9 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al)
|
||||
if (fatal) {
|
||||
*al = SSL_AD_INTERNAL_ERROR;
|
||||
return -1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
|
||||
|
@ -666,7 +666,7 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
|
||||
int *al)
|
||||
{
|
||||
#ifndef OPENSSL_NO_TLS1_3
|
||||
uint32_t now, ages, agems;
|
||||
uint32_t now, agesec, agems;
|
||||
size_t hashsize, binderoffset, msglen;
|
||||
unsigned char *binder = NULL, *msgstart = NULL;
|
||||
const EVP_MD *md;
|
||||
@ -682,6 +682,11 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
|
||||
|| s->session->ext.ticklen == 0)
|
||||
return 1;
|
||||
|
||||
if (s->session->cipher == NULL) {
|
||||
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
md = ssl_md(s->session->cipher->algorithm2);
|
||||
if (md == NULL) {
|
||||
/* Don't recognise this cipher so we can't use the session. Ignore it */
|
||||
@ -696,9 +701,9 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
|
||||
* in the code, so portability shouldn't be an issue.
|
||||
*/
|
||||
now = (uint32_t)time(NULL);
|
||||
ages = now - (uint32_t)s->session->time;
|
||||
agesec = now - (uint32_t)s->session->time;
|
||||
|
||||
if (s->session->ext.tick_lifetime_hint < ages) {
|
||||
if (s->session->ext.tick_lifetime_hint < agesec) {
|
||||
/* Ticket is too old. Ignore it. */
|
||||
return 1;
|
||||
}
|
||||
@ -707,9 +712,9 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
|
||||
* Calculate age in ms. We're just doing it to nearest second. Should be
|
||||
* good enough.
|
||||
*/
|
||||
agems = ages * (uint32_t)1000;
|
||||
agems = agesec * (uint32_t)1000;
|
||||
|
||||
if (ages != 0 && agems / (uint32_t)1000 != ages) {
|
||||
if (agesec != 0 && agems / (uint32_t)1000 != agesec) {
|
||||
/*
|
||||
* Overflow. Shouldn't happen unless this is a *really* old session. If
|
||||
* so we just ignore it.
|
||||
@ -723,11 +728,6 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
|
||||
*/
|
||||
agems += s->session->ext.tick_age_add;
|
||||
|
||||
if (s->session->cipher == NULL) {
|
||||
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
hashsize = EVP_MD_size(md);
|
||||
|
||||
/* Create the extension, but skip over the binder for now */
|
||||
|
@ -1118,15 +1118,6 @@ TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
|
||||
* sesslen: the length of the session ID.
|
||||
* psess: (output) on return, if a ticket was decrypted, then this is set to
|
||||
* point to the resulting session.
|
||||
*
|
||||
* Returns:
|
||||
* TICKET_FATAL_ERR_MALLOC: fatal error, malloc failure.
|
||||
* TICKET_FATAL_ERR_OTHER: fatal error, either from parsing or decrypting the
|
||||
* ticket.
|
||||
* TICKET_NO_DECRYPT: the ticket couldn't be decrypted.
|
||||
* TICKET_SUCCESS: a ticket was successfully decrypted and *psess was
|
||||
* set.
|
||||
* TICKET_SUCCESS_RENEW: same as 3, but the ticket needs to be renewed
|
||||
*/
|
||||
TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
|
||||
size_t eticklen, const unsigned char *sess_id,
|
||||
|
Loading…
Reference in New Issue
Block a user