提交 12472b45 编写于 作者: M Matt Caswell

Update numerous misc libssl fields to be size_t

Reviewed-by: NRich Salz <rsalz@openssl.org>
上级 ec60ccc1
...@@ -407,7 +407,7 @@ int ssl3_digest_cached_records(SSL *s, int keep) ...@@ -407,7 +407,7 @@ int ssl3_digest_cached_records(SSL *s, int keep)
return 1; return 1;
} }
int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) size_t ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p)
{ {
int ret; int ret;
EVP_MD_CTX *ctx = NULL; EVP_MD_CTX *ctx = NULL;
......
...@@ -13,6 +13,7 @@ ...@@ -13,6 +13,7 @@
int ssl3_do_change_cipher_spec(SSL *s) int ssl3_do_change_cipher_spec(SSL *s)
{ {
int i; int i;
size_t finish_md_len;
const char *sender; const char *sender;
int slen; int slen;
...@@ -48,14 +49,13 @@ int ssl3_do_change_cipher_spec(SSL *s) ...@@ -48,14 +49,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
slen = s->method->ssl3_enc->client_finished_label_len; slen = s->method->ssl3_enc->client_finished_label_len;
} }
i = s->method->ssl3_enc->final_finish_mac(s, finish_md_len = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
sender, slen, s->s3->tmp.peer_finish_md);
s->s3->tmp.peer_finish_md); if (finish_md_len == 0) {
if (i == 0) {
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
return 0; return 0;
} }
s->s3->tmp.peer_finish_md_len = i; s->s3->tmp.peer_finish_md_len = finish_md_len;
return (1); return (1);
} }
......
...@@ -65,7 +65,7 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = { ...@@ -65,7 +65,7 @@ SSL3_ENC_METHOD ssl3_undef_enc_method = {
(int (*)(SSL *, unsigned char *, unsigned char *, size_t, size_t *)) (int (*)(SSL *, unsigned char *, unsigned char *, size_t, size_t *))
ssl_undefined_function, ssl_undefined_function,
(int (*)(SSL *, int))ssl_undefined_function, (int (*)(SSL *, int))ssl_undefined_function,
(int (*)(SSL *, const char *, int, unsigned char *)) (size_t (*)(SSL *, const char *, int, unsigned char *))
ssl_undefined_function, ssl_undefined_function,
0, /* finish_mac_length */ 0, /* finish_mac_length */
NULL, /* client_finished_label */ NULL, /* client_finished_label */
......
...@@ -612,7 +612,7 @@ struct ssl_ctx_st { ...@@ -612,7 +612,7 @@ struct ssl_ctx_st {
* Most session-ids that will be cached, default is * Most session-ids that will be cached, default is
* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
*/ */
unsigned long session_cache_size; size_t session_cache_size;
struct ssl_session_st *session_cache_head; struct ssl_session_st *session_cache_head;
struct ssl_session_st *session_cache_tail; struct ssl_session_st *session_cache_tail;
/* /*
...@@ -711,7 +711,7 @@ struct ssl_ctx_st { ...@@ -711,7 +711,7 @@ struct ssl_ctx_st {
uint32_t mode; uint32_t mode;
int min_proto_version; int min_proto_version;
int max_proto_version; int max_proto_version;
long max_cert_list; size_t max_cert_list;
struct cert_st /* CERT */ *cert; struct cert_st /* CERT */ *cert;
int read_ahead; int read_ahead;
...@@ -848,7 +848,7 @@ struct ssl_ctx_st { ...@@ -848,7 +848,7 @@ struct ssl_ctx_st {
* format. * format.
*/ */
unsigned char *alpn_client_proto_list; unsigned char *alpn_client_proto_list;
unsigned alpn_client_proto_list_len; size_t alpn_client_proto_list_len;
/* Shared DANE context */ /* Shared DANE context */
struct dane_ctx_st dane; struct dane_ctx_st dane;
...@@ -1003,7 +1003,7 @@ struct ssl_st { ...@@ -1003,7 +1003,7 @@ struct ssl_st {
uint32_t mode; uint32_t mode;
int min_proto_version; int min_proto_version;
int max_proto_version; int max_proto_version;
long max_cert_list; size_t max_cert_list;
int first_packet; int first_packet;
/* what was passed, used for SSLv3/TLS rollback check */ /* what was passed, used for SSLv3/TLS rollback check */
int client_version; int client_version;
...@@ -1090,7 +1090,7 @@ struct ssl_st { ...@@ -1090,7 +1090,7 @@ struct ssl_st {
* the Finished message. * the Finished message.
*/ */
unsigned char *next_proto_negotiated; unsigned char *next_proto_negotiated;
unsigned char next_proto_negotiated_len; size_t next_proto_negotiated_len;
# endif # endif
# define session_ctx initial_ctx # define session_ctx initial_ctx
/* What we'll do */ /* What we'll do */
...@@ -1113,7 +1113,7 @@ struct ssl_st { ...@@ -1113,7 +1113,7 @@ struct ssl_st {
* format. * format.
*/ */
unsigned char *alpn_client_proto_list; unsigned char *alpn_client_proto_list;
unsigned alpn_client_proto_list_len; size_t alpn_client_proto_list_len;
/*- /*-
* 1 if we are renegotiating. * 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake * 2 if we are a server and are inside a handshake
...@@ -1185,9 +1185,9 @@ typedef struct ssl3_state_st { ...@@ -1185,9 +1185,9 @@ typedef struct ssl3_state_st {
struct { struct {
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
int finish_md_len; size_t finish_md_len;
unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
int peer_finish_md_len; size_t peer_finish_md_len;
size_t message_size; size_t message_size;
int message_type; int message_type;
/* used to hold the new cipher we are going to use */ /* used to hold the new cipher we are going to use */
...@@ -1259,9 +1259,9 @@ typedef struct ssl3_state_st { ...@@ -1259,9 +1259,9 @@ typedef struct ssl3_state_st {
/* Connection binding to prevent renegotiation attacks */ /* Connection binding to prevent renegotiation attacks */
unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
unsigned char previous_client_finished_len; size_t previous_client_finished_len;
unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
unsigned char previous_server_finished_len; size_t previous_server_finished_len;
int send_connection_binding; /* TODOEKR */ int send_connection_binding; /* TODOEKR */
# ifndef OPENSSL_NO_NEXTPROTONEG # ifndef OPENSSL_NO_NEXTPROTONEG
...@@ -1572,7 +1572,7 @@ typedef struct ssl3_enc_method { ...@@ -1572,7 +1572,7 @@ typedef struct ssl3_enc_method {
int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *, int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
size_t, size_t *); size_t, size_t *);
int (*change_cipher_state) (SSL *, int); int (*change_cipher_state) (SSL *, int);
int (*final_finish_mac) (SSL *, const char *, int, unsigned char *); size_t (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
int finish_mac_length; int finish_mac_length;
const char *client_finished_label; const char *client_finished_label;
int client_finished_label_len; int client_finished_label_len;
...@@ -1887,8 +1887,8 @@ __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u); ...@@ -1887,8 +1887,8 @@ __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate(SSL *ssl);
int ssl3_renegotiate_check(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl);
__owur int ssl3_dispatch_alert(SSL *s); __owur int ssl3_dispatch_alert(SSL *s);
__owur int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, __owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
unsigned char *p); unsigned char *p);
__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len); __owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len);
void ssl3_free_digest_list(SSL *s); void ssl3_free_digest_list(SSL *s);
__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
...@@ -1983,8 +1983,8 @@ void ssl_free_wbio_buffer(SSL *s); ...@@ -1983,8 +1983,8 @@ void ssl_free_wbio_buffer(SSL *s);
__owur int tls1_change_cipher_state(SSL *s, int which); __owur int tls1_change_cipher_state(SSL *s, int which);
__owur int tls1_setup_key_block(SSL *s); __owur int tls1_setup_key_block(SSL *s);
__owur int tls1_final_finish_mac(SSL *s, __owur size_t tls1_final_finish_mac(SSL *s, const char *str, int slen,
const char *str, int slen, unsigned char *p); unsigned char *p);
__owur int tls1_generate_master_secret(SSL *s, unsigned char *out, __owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
unsigned char *p, size_t len, unsigned char *p, size_t len,
size_t *secret_size); size_t *secret_size);
......
...@@ -74,7 +74,7 @@ int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype) ...@@ -74,7 +74,7 @@ int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
int tls_construct_finished(SSL *s, WPACKET *pkt) int tls_construct_finished(SSL *s, WPACKET *pkt)
{ {
int i; size_t finish_md_len;
const char *sender; const char *sender;
int slen; int slen;
...@@ -86,17 +86,17 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) ...@@ -86,17 +86,17 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
slen = s->method->ssl3_enc->client_finished_label_len; slen = s->method->ssl3_enc->client_finished_label_len;
} }
i = s->method->ssl3_enc->final_finish_mac(s, finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
sender, slen, sender, slen,
s->s3->tmp.finish_md); s->s3->tmp.finish_md);
if (i <= 0) { if (finish_md_len == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
s->s3->tmp.finish_md_len = i; s->s3->tmp.finish_md_len = finish_md_len;
if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, i)) { if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, finish_md_len)) {
SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, ERR_R_INTERNAL_ERROR);
goto err; goto err;
} }
...@@ -105,13 +105,15 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) ...@@ -105,13 +105,15 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
* Copy the finished so we can use it for renegotiation checks * Copy the finished so we can use it for renegotiation checks
*/ */
if (!s->server) { if (!s->server) {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE); OPENSSL_assert(finish_md_len <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i); memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md,
s->s3->previous_client_finished_len = i; finish_md_len);
s->s3->previous_client_finished_len = finish_md_len;
} else { } else {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE); OPENSSL_assert(finish_md_len <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i); memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md,
s->s3->previous_server_finished_len = i; finish_md_len);
s->s3->previous_server_finished_len = finish_md_len;
} }
return 1; return 1;
...@@ -219,7 +221,8 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt) ...@@ -219,7 +221,8 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
{ {
int al, i; int al;
size_t md_len;
/* If this occurs, we have missed a message */ /* If this occurs, we have missed a message */
if (!s->s3->change_cipher_spec) { if (!s->s3->change_cipher_spec) {
...@@ -229,15 +232,16 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) ...@@ -229,15 +232,16 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
} }
s->s3->change_cipher_spec = 0; s->s3->change_cipher_spec = 0;
i = s->s3->tmp.peer_finish_md_len; md_len = s->s3->tmp.peer_finish_md_len;
if ((unsigned long)i != PACKET_remaining(pkt)) { if (md_len != PACKET_remaining(pkt)) {
al = SSL_AD_DECODE_ERROR; al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH); SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
goto f_err; goto f_err;
} }
if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md, i) != 0) { if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md,
md_len) != 0) {
al = SSL_AD_DECRYPT_ERROR; al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_DIGEST_CHECK_FAILED); SSLerr(SSL_F_TLS_PROCESS_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
goto f_err; goto f_err;
...@@ -247,13 +251,15 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) ...@@ -247,13 +251,15 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
* Copy the finished so we can use it for renegotiation checks * Copy the finished so we can use it for renegotiation checks
*/ */
if (s->server) { if (s->server) {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE); OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, i); memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md,
s->s3->previous_client_finished_len = i; md_len);
s->s3->previous_client_finished_len = md_len;
} else { } else {
OPENSSL_assert(i <= EVP_MAX_MD_SIZE); OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, i); memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md,
s->s3->previous_server_finished_len = i; md_len);
s->s3->previous_server_finished_len = md_len;
} }
return MSG_PROCESS_FINISHED_READING; return MSG_PROCESS_FINISHED_READING;
......
...@@ -451,7 +451,7 @@ int tls1_setup_key_block(SSL *s) ...@@ -451,7 +451,7 @@ int tls1_setup_key_block(SSL *s)
return (ret); return (ret);
} }
int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) size_t tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
{ {
size_t hashlen; size_t hashlen;
unsigned char hash[EVP_MAX_MD_SIZE]; unsigned char hash[EVP_MAX_MD_SIZE];
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册