[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Tue Mar 14 17:05:32 UTC 2017
The branch master has been updated
via 96a5d7fdbaa7aea5e5090e0f7dc2973943986fc9 (commit)
via aebe9e399109dcde63a1d0328ffdfc5619b49431 (commit)
from d8f9213ae2f0c59198fe56eeb70c34d735422254 (commit)
- Log -----------------------------------------------------------------
commit 96a5d7fdbaa7aea5e5090e0f7dc2973943986fc9
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Tue Mar 14 11:37:42 2017 -0500
Fix a -Wsign-compare warning
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2940)
commit aebe9e399109dcde63a1d0328ffdfc5619b49431
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date: Tue Mar 14 11:36:07 2017 -0500
Fix some -Wshadow warnings
Found using various (old-ish) versions of gcc.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2940)
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 2 +-
ssl/record/ssl3_record.c | 46 +++++++++++++++++++++++-----------------------
test/danetest.c | 4 ++--
3 files changed, 26 insertions(+), 26 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index e180772..67e9a92 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -174,7 +174,7 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
psk_key);
return 0;
}
- if (key_len > max_psk_len) {
+ if (max_psk_len > INT_MAX || key_len > (long)max_psk_len) {
BIO_printf(bio_err,
"psk buffer of callback is too small (%d) for key (%ld)\n",
max_psk_len, key_len);
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 211de55..d5615d1 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -743,7 +743,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
* -1: if the record's padding is invalid or, if sending, an internal error
* occurred.
*/
-int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send)
+int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
{
SSL3_RECORD *rec;
EVP_CIPHER_CTX *ds;
@@ -758,7 +758,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send)
*/
if (n_recs != 1)
return 0;
- if (send) {
+ if (sending) {
ds = s->enc_write_ctx;
if (s->enc_write_ctx == NULL)
enc = NULL;
@@ -782,7 +782,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send)
/* COMPRESS */
- if ((bs != 1) && send) {
+ if ((bs != 1) && sending) {
i = bs - (l % bs);
/* we need to add 'i-1' padding bytes */
@@ -796,7 +796,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send)
rec->input[l - 1] = (unsigned char)(i - 1);
}
- if (!send) {
+ if (!sending) {
if (l == 0 || l % bs != 0)
return 0;
/* otherwise, rec->length >= bs */
@@ -813,7 +813,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send)
return -1;
mac_size = (size_t)imac_size;
}
- if ((bs != 1) && !send)
+ if ((bs != 1) && !sending)
return ssl3_cbc_remove_padding(rec, bs, mac_size);
}
return (1);
@@ -830,7 +830,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send)
* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
* an internal error occurred.
*/
-int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
+int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
{
EVP_CIPHER_CTX *ds;
size_t reclen[SSL_MAX_PIPELINES];
@@ -844,7 +844,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
if (n_recs == 0)
return 0;
- if (send) {
+ if (sending) {
if (EVP_MD_CTX_md(s->write_hash)) {
int n = EVP_MD_CTX_size(s->write_hash);
OPENSSL_assert(n >= 0);
@@ -916,14 +916,14 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
& EVP_CIPH_FLAG_AEAD_CIPHER) {
unsigned char *seq;
- seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer)
+ seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
: RECORD_LAYER_get_read_sequence(&s->rlayer);
if (SSL_IS_DTLS(s)) {
/* DTLS does not support pipelining */
unsigned char dtlsseq[9], *p = dtlsseq;
- s2n(send ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
+ s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);
memcpy(p, &seq[2], 6);
memcpy(buf[ctr], dtlsseq, 8);
@@ -946,12 +946,12 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
if (pad <= 0)
return -1;
- if (send) {
+ if (sending) {
reclen[ctr] += pad;
recs[ctr].length += pad;
}
- } else if ((bs != 1) && send) {
+ } else if ((bs != 1) && sending) {
padnum = bs - (reclen[ctr] % bs);
/* Add weird padding of upto 256 bytes */
@@ -966,7 +966,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
recs[ctr].length += padnum;
}
- if (!send) {
+ if (!sending) {
if (reclen[ctr] == 0 || reclen[ctr] % bs != 0)
return 0;
}
@@ -1003,7 +1003,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
? (tmpr < 0)
: (tmpr == 0))
return -1; /* AEAD can fail to verify MAC */
- if (send == 0) {
+ if (sending == 0) {
if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
for (ctr = 0; ctr < n_recs; ctr++) {
recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
@@ -1026,7 +1026,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
return -1;
mac_size = (size_t)imac_size;
}
- if ((bs != 1) && !send) {
+ if ((bs != 1) && !sending) {
int tmpret;
for (ctr = 0; ctr < n_recs; ctr++) {
tmpret = tls1_cbc_remove_padding(s, &recs[ctr], bs, mac_size);
@@ -1041,7 +1041,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
ret, -1);
}
}
- if (pad && !send) {
+ if (pad && !sending) {
for (ctr = 0; ctr < n_recs; ctr++) {
recs[ctr].length -= pad;
}
@@ -1050,7 +1050,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
return ret;
}
-int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
+int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
{
unsigned char *mac_sec, *seq;
const EVP_MD_CTX *hash;
@@ -1059,7 +1059,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
size_t npad;
int t;
- if (send) {
+ if (sending) {
mac_sec = &(ssl->s3->write_mac_secret[0]);
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash;
@@ -1075,7 +1075,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
md_size = t;
npad = (48 / md_size) * md_size;
- if (!send &&
+ if (!sending &&
EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
ssl3_cbc_record_digest_supported(hash)) {
/*
@@ -1146,7 +1146,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
return 1;
}
-int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
+int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
{
unsigned char *seq;
EVP_MD_CTX *hash;
@@ -1154,11 +1154,11 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
int i;
EVP_MD_CTX *hmac = NULL, *mac_ctx;
unsigned char header[13];
- int stream_mac = (send ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
+ int stream_mac = (sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
: (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
int t;
- if (send) {
+ if (sending) {
seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
hash = ssl->write_hash;
} else {
@@ -1183,7 +1183,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
if (SSL_IS_DTLS(ssl)) {
unsigned char dtlsseq[8], *p = dtlsseq;
- s2n(send ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :
+ s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :
DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p);
memcpy(p, &seq[2], 6);
@@ -1197,7 +1197,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
header[11] = (unsigned char)(rec->length >> 8);
header[12] = (unsigned char)(rec->length & 0xff);
- if (!send && !SSL_READ_ETM(ssl) &&
+ if (!sending && !SSL_READ_ETM(ssl) &&
EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
ssl3_cbc_record_digest_supported(mac_ctx)) {
/*
diff --git a/test/danetest.c b/test/danetest.c
index aea3a7a..7fa6a2f 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -317,7 +317,7 @@ static int allws(const char *cp)
return 1;
}
-static int test_tlsafile(SSL_CTX *ctx, const char *basename,
+static int test_tlsafile(SSL_CTX *ctx, const char *base_name,
BIO *f, const char *path)
{
char *line;
@@ -353,7 +353,7 @@ static int test_tlsafile(SSL_CTX *ctx, const char *basename,
if ((ssl = SSL_new(ctx)) == NULL)
return -1;
SSL_set_connect_state(ssl);
- if (SSL_dane_enable(ssl, basename) <= 0) {
+ if (SSL_dane_enable(ssl, base_name) <= 0) {
SSL_free(ssl);
return -1;
}
More information about the openssl-commits
mailing list