Various style fixes following review feedback

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
This commit is contained in:
Matt Caswell 2017-01-27 15:17:51 +00:00
parent 61c3264970
commit 40f805ad92
4 changed files with 19 additions and 21 deletions

View File

@ -2197,12 +2197,19 @@ __owur int tls1_set_server_sigalgs(SSL *s);
/* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */
typedef enum ticket_en {
/* fatal error, malloc failure */
TICKET_FATAL_ERR_MALLOC,
/* fatal error, either from parsing or decrypting the ticket */
TICKET_FATAL_ERR_OTHER,
/* No ticket present */
TICKET_NONE,
/* Empty ticket present */
TICKET_EMPTY,
/* the ticket couldn't be decrypted */
TICKET_NO_DECRYPT,
/* a ticket was successfully decrypted */
TICKET_SUCCESS,
/* same as above but the ticket needs to be reneewed */
TICKET_SUCCESS_RENEW
} TICKET_RETURN;

View File

@ -640,9 +640,9 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al)
if (fatal) {
*al = SSL_AD_INTERNAL_ERROR;
return -1;
} else {
return 0;
}
return 0;
}
int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)

View File

@ -666,7 +666,7 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
int *al)
{
#ifndef OPENSSL_NO_TLS1_3
uint32_t now, ages, agems;
uint32_t now, agesec, agems;
size_t hashsize, binderoffset, msglen;
unsigned char *binder = NULL, *msgstart = NULL;
const EVP_MD *md;
@ -682,6 +682,11 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
|| s->session->ext.ticklen == 0)
return 1;
if (s->session->cipher == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
goto err;
}
md = ssl_md(s->session->cipher->algorithm2);
if (md == NULL) {
/* Don't recognise this cipher so we can't use the session. Ignore it */
@ -696,9 +701,9 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
* in the code, so portability shouldn't be an issue.
*/
now = (uint32_t)time(NULL);
ages = now - (uint32_t)s->session->time;
agesec = now - (uint32_t)s->session->time;
if (s->session->ext.tick_lifetime_hint < ages) {
if (s->session->ext.tick_lifetime_hint < agesec) {
/* Ticket is too old. Ignore it. */
return 1;
}
@ -707,9 +712,9 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
* Calculate age in ms. We're just doing it to nearest second. Should be
* good enough.
*/
agems = ages * (uint32_t)1000;
agems = agesec * (uint32_t)1000;
if (ages != 0 && agems / (uint32_t)1000 != ages) {
if (agesec != 0 && agems / (uint32_t)1000 != agesec) {
/*
* Overflow. Shouldn't happen unless this is a *really* old session. If
* so we just ignore it.
@ -723,11 +728,6 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
*/
agems += s->session->ext.tick_age_add;
if (s->session->cipher == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
goto err;
}
hashsize = EVP_MD_size(md);
/* Create the extension, but skip over the binder for now */

View File

@ -1118,15 +1118,6 @@ TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
* sesslen: the length of the session ID.
* psess: (output) on return, if a ticket was decrypted, then this is set to
* point to the resulting session.
*
* Returns:
* TICKET_FATAL_ERR_MALLOC: fatal error, malloc failure.
* TICKET_FATAL_ERR_OTHER: fatal error, either from parsing or decrypting the
* ticket.
* TICKET_NO_DECRYPT: the ticket couldn't be decrypted.
* TICKET_SUCCESS: a ticket was successfully decrypted and *psess was
* set.
* TICKET_SUCCESS_RENEW: same as 3, but the ticket needs to be renewed
*/
TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
size_t eticklen, const unsigned char *sess_id,