diff options
| author | Matt Caswell <matt@openssl.org> | 2016-11-23 15:38:32 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-11-23 15:38:32 +0000 |
| commit | 6530c4909ffbf4fd655416cbd765b1e7174b9b83 (patch) | |
| tree | 9c1f634ca4ffb15cec05cf4faaa2421f8d26281d | |
| parent | f5ca0b04bbc98b5b8a41f5cd7b4ee35e345c1e6c (diff) | |
Fix some style issues with TLSv1.3 state machine PR
Reviewed-by: Rich Salz <rsalz@openssl.org>
| -rw-r--r-- | apps/s_server.c | 4 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 5 | ||||
| -rw-r--r-- | ssl/tls13_enc.c | 8 | ||||
| -rw-r--r-- | test/clienthellotest.c | 5 |
4 files changed, 10 insertions, 12 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index eebbb56ba3..f3494120e0 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -553,6 +553,10 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, err: ret = SSL_TLSEXT_ERR_ALERT_FATAL; done: + /* + * If we parsed aia we need to free; otherwise they were copied and we + * don't + */ if (aia != NULL) { OPENSSL_free(host); OPENSSL_free(path); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index ec1a1de5da..1f4e630c29 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2190,9 +2190,8 @@ MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) /* * Perform miscellaneous checks and processing after we have received the * server's initial flight. In TLS1.3 this is after the Server Finished message. - * In <=TLS1.2 this is after the ServerDone message. - * - * Returns 1 on success or 0 on failure. + * In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0 + * on failure. */ int tls_process_initial_server_flight(SSL *s, int *al) { diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index adee7a0c6d..f8ccdec52e 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -293,6 +293,7 @@ int tls13_change_cipher_state(SSL *s, int which) size_t ivlen, keylen, finsecretlen; const unsigned char *label; size_t labellen; + int ret = 0; if (which & SSL3_CC_READ) { if (s->enc_read_ctx != NULL) { @@ -427,14 +428,11 @@ int tls13_change_cipher_state(SSL *s, int which) } #endif - OPENSSL_cleanse(secret, sizeof(secret)); - OPENSSL_cleanse(key, sizeof(key)); - OPENSSL_cleanse(iv, sizeof(iv)); - return 1; + ret = 1; err: OPENSSL_cleanse(secret, sizeof(secret)); OPENSSL_cleanse(key, sizeof(key)); OPENSSL_cleanse(iv, sizeof(iv)); - return 0; + return ret; } diff --git a/test/clienthellotest.c b/test/clienthellotest.c index 4219598846..61e81c3833 100644 --- a/test/clienthellotest.c +++ b/test/clienthellotest.c @@ -57,10 +57,7 @@ int main(int argc, char *argv[]) testresult = 0; ctx = SSL_CTX_new(TLS_method()); - /* - * This test is testing session tickets for <= TLS1.2. It isn't relevant - * for TLS1.3 - */ + /* Testing for session tickets <= TLS1.2; not relevant for 1.3 */ if (ctx == NULL || !SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)) goto end; |