[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Tue Mar 14 17:10:09 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  b1163cc8b87547d4506de0b037fa1bd69781e818 (commit)
       via  3aa62f39514026609d0378090dfd8a27834d8a21 (commit)
      from  14cc893ca224cc89261b6e15eee3caaacb45e5e9 (commit)


- Log -----------------------------------------------------------------
commit b1163cc8b87547d4506de0b037fa1bd69781e818
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Tue Mar 14 11:37:42 2017 -0500

    Fix a -Wsign-compare warning
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2940)
    (cherry picked from commit 96a5d7fdbaa7aea5e5090e0f7dc2973943986fc9)

commit 3aa62f39514026609d0378090dfd8a27834d8a21
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Tue Mar 14 11:36:07 2017 -0500

    Fix some -Wshadow warnings
    
    Found using various (old-ish) versions of gcc.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2940)
    (cherry picked from commit aebe9e399109dcde63a1d0328ffdfc5619b49431)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_client.c          |  2 +-
 ssl/record/ssl3_record.c | 48 ++++++++++++++++++++++++------------------------
 test/danetest.c          |  4 ++--
 3 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 458b9e0..0292e5f 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -175,7 +175,7 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
                    psk_key);
         return 0;
     }
-    if (key_len > max_psk_len) {
+    if (max_psk_len > INT_MAX || key_len > (long)max_psk_len) {
         BIO_printf(bio_err,
                    "psk buffer of callback is too small (%d) for key (%ld)\n",
                    max_psk_len, key_len);
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 5da44e5..dc9f7e2 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -574,7 +574,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
  *   -1: if the record's padding is invalid or, if sending, an internal error
  *       occurred.
  */
-int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
+int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int sending)
 {
     SSL3_RECORD *rec;
     EVP_CIPHER_CTX *ds;
@@ -588,7 +588,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
      */
     if (n_recs != 1)
         return 0;
-    if (send) {
+    if (sending) {
         ds = s->enc_write_ctx;
         if (s->enc_write_ctx == NULL)
             enc = NULL;
@@ -611,7 +611,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
 
         /* COMPRESS */
 
-        if ((bs != 1) && send) {
+        if ((bs != 1) && sending) {
             i = bs - ((int)l % bs);
 
             /* we need to add 'i-1' padding bytes */
@@ -625,7 +625,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
             rec->input[l - 1] = (i - 1);
         }
 
-        if (!send) {
+        if (!sending) {
             if (l == 0 || l % bs != 0)
                 return 0;
             /* otherwise, rec->length >= bs */
@@ -636,7 +636,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
 
         if (EVP_MD_CTX_md(s->read_hash) != NULL)
             mac_size = EVP_MD_CTX_size(s->read_hash);
-        if ((bs != 1) && !send)
+        if ((bs != 1) && !sending)
             return ssl3_cbc_remove_padding(rec, bs, mac_size);
     }
     return (1);
@@ -652,7 +652,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, unsigned int n_recs, int send)
  *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
  *       an internal error occurred.
  */
-int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
+int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int sending)
 {
     EVP_CIPHER_CTX *ds;
     size_t reclen[SSL_MAX_PIPELINES];
@@ -664,7 +664,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
     if (n_recs == 0)
         return 0;
 
-    if (send) {
+    if (sending) {
         if (EVP_MD_CTX_md(s->write_hash)) {
             int n = EVP_MD_CTX_size(s->write_hash);
             OPENSSL_assert(n >= 0);
@@ -736,14 +736,14 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
                 & EVP_CIPH_FLAG_AEAD_CIPHER) {
                 unsigned char *seq;
 
-                seq = send ? RECORD_LAYER_get_write_sequence(&s->rlayer)
+                seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
                     : RECORD_LAYER_get_read_sequence(&s->rlayer);
 
                 if (SSL_IS_DTLS(s)) {
                     /* DTLS does not support pipelining */
                     unsigned char dtlsseq[9], *p = dtlsseq;
 
-                    s2n(send ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
+                    s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
                         DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);
                     memcpy(p, &seq[2], 6);
                     memcpy(buf[ctr], dtlsseq, 8);
@@ -766,12 +766,12 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
                 if (pad <= 0)
                     return -1;
 
-                if (send) {
+                if (sending) {
                     reclen[ctr] += pad;
                     recs[ctr].length += pad;
                 }
 
-            } else if ((bs != 1) && send) {
+            } else if ((bs != 1) && sending) {
                 i = bs - ((int)reclen[ctr] % bs);
 
                 /* Add weird padding of upto 256 bytes */
@@ -784,7 +784,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
                 recs[ctr].length += i;
             }
 
-            if (!send) {
+            if (!sending) {
                 if (reclen[ctr] == 0 || reclen[ctr] % bs != 0)
                     return 0;
             }
@@ -819,7 +819,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
             ? (i < 0)
             : (i == 0))
             return -1;          /* AEAD can fail to verify MAC */
-        if (send == 0) {
+        if (sending == 0) {
             if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
                 for (ctr = 0; ctr < n_recs; ctr++) {
                     recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
@@ -838,7 +838,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
         ret = 1;
         if (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)
             mac_size = EVP_MD_CTX_size(s->read_hash);
-        if ((bs != 1) && !send) {
+        if ((bs != 1) && !sending) {
             int tmpret;
             for (ctr = 0; ctr < n_recs; ctr++) {
                 tmpret = tls1_cbc_remove_padding(s, &recs[ctr], bs, mac_size);
@@ -853,7 +853,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
                                                ret, -1);
             }
         }
-        if (pad && !send) {
+        if (pad && !sending) {
             for (ctr = 0; ctr < n_recs; ctr++) {
                 recs[ctr].length -= pad;
             }
@@ -862,7 +862,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, unsigned int n_recs, int send)
     return ret;
 }
 
-int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
+int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
 {
     unsigned char *mac_sec, *seq;
     const EVP_MD_CTX *hash;
@@ -871,7 +871,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
     int npad;
     int t;
 
-    if (send) {
+    if (sending) {
         mac_sec = &(ssl->s3->write_mac_secret[0]);
         seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
         hash = ssl->write_hash;
@@ -887,7 +887,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
     md_size = t;
     npad = (48 / md_size) * md_size;
 
-    if (!send &&
+    if (!sending &&
         EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
         ssl3_cbc_record_digest_supported(hash)) {
         /*
@@ -959,7 +959,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
     return (md_size);
 }
 
-int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
+int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
 {
     unsigned char *seq;
     EVP_MD_CTX *hash;
@@ -967,11 +967,11 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
     int i;
     EVP_MD_CTX *hmac = NULL, *mac_ctx;
     unsigned char header[13];
-    int stream_mac = (send ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
+    int stream_mac = (sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
                       : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
     int t;
 
-    if (send) {
+    if (sending) {
         seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
         hash = ssl->write_hash;
     } else {
@@ -996,7 +996,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
     if (SSL_IS_DTLS(ssl)) {
         unsigned char dtlsseq[8], *p = dtlsseq;
 
-        s2n(send ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :
+        s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :
             DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p);
         memcpy(p, &seq[2], 6);
 
@@ -1010,7 +1010,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
     header[11] = (rec->length) >> 8;
     header[12] = (rec->length) & 0xff;
 
-    if (!send && !SSL_READ_ETM(ssl) &&
+    if (!sending && !SSL_READ_ETM(ssl) &&
         EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
         ssl3_cbc_record_digest_supported(mac_ctx)) {
         /*
@@ -1035,7 +1035,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send)
             EVP_MD_CTX_free(hmac);
             return -1;
         }
-        if (!send && !SSL_READ_ETM(ssl) && FIPS_mode())
+        if (!sending && !SSL_READ_ETM(ssl) && FIPS_mode())
             if (!tls_fips_digest_extra(ssl->enc_read_ctx,
                                        mac_ctx, rec->input,
                                        rec->length, rec->orig_len)) {
diff --git a/test/danetest.c b/test/danetest.c
index aea3a7a..7fa6a2f 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -317,7 +317,7 @@ static int allws(const char *cp)
     return 1;
 }
 
-static int test_tlsafile(SSL_CTX *ctx, const char *basename,
+static int test_tlsafile(SSL_CTX *ctx, const char *base_name,
                          BIO *f, const char *path)
 {
     char *line;
@@ -353,7 +353,7 @@ static int test_tlsafile(SSL_CTX *ctx, const char *basename,
         if ((ssl = SSL_new(ctx)) == NULL)
             return -1;
         SSL_set_connect_state(ssl);
-        if (SSL_dane_enable(ssl, basename) <= 0) {
+        if (SSL_dane_enable(ssl, base_name) <= 0) {
             SSL_free(ssl);
             return -1;
         }


More information about the openssl-commits mailing list