Fix some style issues with TLSv1.3 state machine PR

Reviewed-by: N Rich Salz <rsalz@openssl.org>

Fix some style issues with TLSv1.3 state machine PR
Reviewed-by: N Rich Salz <rsalz@openssl.org>
6530c490 · Matt Caswell · f5ca0b04 · 6530c490 · 6530c490 · 6530c490
Showing with 10 addition and 12 deletion

apps/s_server.c apps/s_server.c +4 -0

ssl/statem/statem_clnt.c ssl/statem/statem_clnt.c +2 -3

ssl/tls13_enc.c ssl/tls13_enc.c +3 -5

test/clienthellotest.c test/clienthellotest.c +1 -4

未找到文件。
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -553,6 +553,10 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
 err:
    ret = SSL_TLSEXT_ERR_ALERT_FATAL;
 done:
+    /*
+     * If we parsed aia we need to free; otherwise they were copied and we
+     * don't
+     */
    if (aia != NULL) {
        OPENSSL_free(host);
        OPENSSL_free(path);

--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2190,9 +2190,8 @@ MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
 /*
 * Perform miscellaneous checks and processing after we have received the
 * server's initial flight. In TLS1.3 this is after the Server Finished message.
- * In <=TLS1.2 this is after the ServerDone message.
+ * In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0
- *
+ * on failure.
- * Returns 1 on success or 0 on failure.
 */
 int tls_process_initial_server_flight(SSL *s, int *al)
 {

--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -293,6 +293,7 @@ int tls13_change_cipher_state(SSL *s, int which)
    size_t ivlen, keylen, finsecretlen;
    const unsigned char *label;
    size_t labellen;
+    int ret = 0;
    if (which & SSL3_CC_READ) {
        if (s->enc_read_ctx != NULL) {
@@ -427,14 +428,11 @@ int tls13_change_cipher_state(SSL *s, int which)
    }
 #endif
-    OPENSSL_cleanse(secret, sizeof(secret));
+    ret = 1;
-    OPENSSL_cleanse(key, sizeof(key));
-    OPENSSL_cleanse(iv, sizeof(iv));
-    return 1;
 err:
    OPENSSL_cleanse(secret, sizeof(secret));
    OPENSSL_cleanse(key, sizeof(key));
    OPENSSL_cleanse(iv, sizeof(iv));
-    return 0;
+    return ret;
 }
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -57,10 +57,7 @@ int main(int argc, char *argv[])
        testresult = 0;
        ctx = SSL_CTX_new(TLS_method());
-        /*
+        /* Testing for session tickets <= TLS1.2; not relevant for 1.3 */
-         * This test is testing session tickets for <= TLS1.2. It isn't relevant
-         * for TLS1.3
-         */
        if (ctx == NULL || !SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION))
            goto end;