diff options
author | Ben Laurie <ben@openssl.org> | 2010-06-12 13:18:58 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2010-06-12 13:18:58 +0000 |
commit | d886975835e7e430aeda6ecb1653363b463bc9cf (patch) | |
tree | 03ec369d422a0585dc36abb091a4d96ed90e128f /ssl | |
parent | 22872a536328f52f3cbed8607107d7afbc8881f0 (diff) |
Fix gcc 4.6 warnings. Check TLS server hello extension length.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_clnt.c | 3 | ||||
-rw-r--r-- | ssl/d1_enc.c | 6 | ||||
-rw-r--r-- | ssl/d1_pkt.c | 9 | ||||
-rw-r--r-- | ssl/s23_lib.c | 8 | ||||
-rw-r--r-- | ssl/s2_srvr.c | 2 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 3 | ||||
-rw-r--r-- | ssl/s3_enc.c | 3 | ||||
-rw-r--r-- | ssl/ssl_asn1.c | 3 | ||||
-rw-r--r-- | ssl/ssl_ciph.c | 6 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 6 | ||||
-rw-r--r-- | ssl/ssltest.c | 3 | ||||
-rw-r--r-- | ssl/t1_enc.c | 18 | ||||
-rw-r--r-- | ssl/t1_lib.c | 9 |
13 files changed, 25 insertions, 54 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 223d116279..0aa77ee51d 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -144,7 +144,7 @@ IMPLEMENT_dtls1_meth_func(DTLSv1_client_method, int dtls1_connect(SSL *s) { BUF_MEM *buf=NULL; - unsigned long Time=(unsigned long)time(NULL),l; + unsigned long Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state,skip=0;; @@ -374,7 +374,6 @@ int dtls1_connect(SSL *s) dtls1_start_timer(s); ret=dtls1_send_client_key_exchange(s); if (ret <= 0) goto end; - l=s->s3->tmp.new_cipher->algorithms; /* EAY EAY EAY need to check for DH fix cert * sent back */ /* For TLS, cert_req is set to 2, so a cert chain diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index 3dfa5adba3..4a6c909031 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -131,13 +131,11 @@ int dtls1_enc(SSL *s, int send) SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; unsigned long l; - int bs,i,ii,j,k,n=0; + int bs,i,ii,j,k; const EVP_CIPHER *enc; if (send) { - if (s->write_hash != NULL) - n=EVP_MD_size(s->write_hash); ds=s->enc_write_ctx; rec= &(s->s3->wrec); if (s->enc_write_ctx == NULL) @@ -158,8 +156,6 @@ int dtls1_enc(SSL *s, int send) } else { - if (s->read_hash != NULL) - n=EVP_MD_size(s->read_hash); ds=s->enc_read_ctx; rec= &(s->s3->rrec); if (s->enc_read_ctx == NULL) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 9fe21c3ea1..3f19077af1 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -256,9 +256,6 @@ dtls1_process_buffered_records(SSL *s) item = pqueue_peek(s->d1->unprocessed_rcds.q); if (item) { - DTLS1_RECORD_DATA *rdata; - rdata = (DTLS1_RECORD_DATA *)item->data; - /* Check if epoch is current. */ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) return(1); /* Nothing to do. */ @@ -331,7 +328,7 @@ dtls1_get_buffered_record(SSL *s) static int dtls1_process_record(SSL *s) { - int i,al; + int al; int clear=0; int enc_err; SSL_SESSION *sess; @@ -418,7 +415,7 @@ if ( (sess == NULL) || #endif } rr->length-=mac_size; - i=s->method->ssl3_enc->mac(s,md,0); + s->method->ssl3_enc->mac(s,md,0); if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) { goto err; @@ -484,14 +481,12 @@ int dtls1_get_record(SSL *s) int ssl_major,ssl_minor; int i,n; SSL3_RECORD *rr; - SSL_SESSION *sess; unsigned char *p = NULL; unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; rr= &(s->s3->rrec); - sess=s->session; /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index fc2981308d..0b82777b2a 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -97,14 +97,8 @@ SSL_CIPHER *ssl23_get_cipher(unsigned int u) * available */ SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) { - SSL_CIPHER c,*cp; - unsigned long id; - int n; + SSL_CIPHER *cp; - n=ssl3_num_ciphers(); - id=0x03000000|((unsigned long)p[0]<<16L)| - ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; - c.id=id; cp=ssl3_get_cipher_by_char(p); #ifndef OPENSSL_NO_SSL2 if (cp == NULL) diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 01d62fad11..eeffe25492 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -697,7 +697,6 @@ static int server_hello(SSL *s) { unsigned char *p,*d; int n,hit; - STACK_OF(SSL_CIPHER) *sk; p=(unsigned char *)s->init_buf->data; if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) @@ -778,7 +777,6 @@ static int server_hello(SSL *s) /* lets send out the ciphers we like in the * prefered order */ - sk= s->session->ciphers; n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0); d+=n; s2n(n,p); /* add cipher length */ diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index e5138b6e5e..b0d49d8cd3 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -166,7 +166,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method, int ssl3_connect(SSL *s) { BUF_MEM *buf=NULL; - unsigned long Time=(unsigned long)time(NULL),l; + unsigned long Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state,skip=0; @@ -360,7 +360,6 @@ int ssl3_connect(SSL *s) case SSL3_ST_CW_KEY_EXCH_B: ret=ssl3_send_client_key_exchange(s); if (ret <= 0) goto end; - l=s->s3->tmp.new_cipher->algorithms; /* EAY EAY EAY need to check for DH fix cert * sent back */ /* For TLS, cert_req is set to 2, so a cert chain diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 06e54666b2..1539a4ce1c 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -191,7 +191,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) int ssl3_change_cipher_state(SSL *s, int which) { - unsigned char *p,*key_block,*mac_secret; + unsigned char *p,*mac_secret; unsigned char exp_key[EVP_MAX_KEY_LENGTH]; unsigned char exp_iv[EVP_MAX_IV_LENGTH]; unsigned char *ms,*key,*iv,*er1,*er2; @@ -214,7 +214,6 @@ int ssl3_change_cipher_state(SSL *s, int which) else comp=s->s3->tmp.new_compression->method; #endif - key_block=s->s3->tmp.key_block; if (which & SSL3_CC_READ) { diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index d82e47a14e..df8ec82ebf 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -297,7 +297,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) { - int version,ssl_version=0,i; + int ssl_version=0,i; long id; ASN1_INTEGER ai,*aip; ASN1_OCTET_STRING os,*osp; @@ -311,7 +311,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ai.data=NULL; ai.length=0; M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); - version=(int)ASN1_INTEGER_get(aip); if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } /* we don't care about the version right now :-) */ diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 5e2d436da3..a34680ee85 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -777,7 +777,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) { unsigned long algorithms, mask, algo_strength, mask_strength; - const char *l, *start, *buf; + const char *l, *buf; int j, multi, found, rule, retval, ok, buflen; unsigned long cipher_id = 0, ssl_version = 0; char ch; @@ -809,7 +809,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str, algorithms = mask = algo_strength = mask_strength = 0; - start=l; for (;;) { ch = *l; @@ -1100,7 +1099,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) int is_export,pkl,kl; const char *ver,*exp_str; const char *kx,*au,*enc,*mac; - unsigned long alg,alg2,alg_s; + unsigned long alg,alg2; #ifdef KSSL_DEBUG static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; #else @@ -1108,7 +1107,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) #endif /* KSSL_DEBUG */ alg=cipher->algorithms; - alg_s=cipher->algo_strength; alg2=cipher->algorithm2; is_export=SSL_C_IS_EXPORT(cipher); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 15650da5e7..b6b8e6038a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1940,15 +1940,13 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs) /* THIS NEEDS CLEANING UP */ X509 *ssl_get_server_send_cert(SSL *s) { - unsigned long alg,mask,kalg; + unsigned long alg,kalg; CERT *c; - int i,is_export; + int i; c=s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); alg=s->s3->tmp.new_cipher->algorithms; - is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); - mask=is_export?c->export_mask:c->mask; kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); if (kalg & SSL_kECDH) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index b09c542087..310e0677e9 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1351,7 +1351,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) BIO *c_bio=NULL; BIO *s_bio=NULL; int c_r,c_w,s_r,s_w; - int c_want,s_want; int i,j; int done=0; int c_write,s_write; @@ -1386,8 +1385,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) c_r=0; s_r=1; c_w=1; s_w=0; - c_want=W_WRITE; - s_want=0; c_write=1,s_write=0; /* We can always do writes */ diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index dab6e4485b..34830988fc 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -125,7 +125,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, unsigned char *seed, int seed_len, unsigned char *out, int olen) { - int chunk,n; + int chunk; unsigned int j; HMAC_CTX ctx; HMAC_CTX ctx_tmp; @@ -143,7 +143,6 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, HMAC_Update(&ctx,seed,seed_len); HMAC_Final(&ctx,A1,&A1_len); - n=0; for (;;) { HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ @@ -227,14 +226,14 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km, int tls1_change_cipher_state(SSL *s, int which) { static const unsigned char empty[]=""; - unsigned char *p,*key_block,*mac_secret; + unsigned char *p,*mac_secret; unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+ SSL3_RANDOM_SIZE*2]; unsigned char tmp1[EVP_MAX_KEY_LENGTH]; unsigned char tmp2[EVP_MAX_KEY_LENGTH]; unsigned char iv1[EVP_MAX_IV_LENGTH*2]; unsigned char iv2[EVP_MAX_IV_LENGTH*2]; - unsigned char *ms,*key,*iv,*er1,*er2; + unsigned char *ms,*key,*iv; int client_write; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; @@ -251,9 +250,10 @@ int tls1_change_cipher_state(SSL *s, int which) #ifndef OPENSSL_NO_COMP comp=s->s3->tmp.new_compression; #endif - key_block=s->s3->tmp.key_block; #ifdef KSSL_DEBUG + key_block=s->s3->tmp.key_block; + printf("tls1_change_cipher_state(which= %d) w/\n", which); printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, (void *)comp); @@ -348,8 +348,6 @@ int tls1_change_cipher_state(SSL *s, int which) cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ k=EVP_CIPHER_iv_length(c); - er1= &(s->s3->client_random[0]); - er2= &(s->s3->server_random[0]); if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { @@ -535,13 +533,11 @@ int tls1_enc(SSL *s, int send) SSL3_RECORD *rec; EVP_CIPHER_CTX *ds; unsigned long l; - int bs,i,ii,j,k,n=0; + int bs,i,ii,j,k; const EVP_CIPHER *enc; if (send) { - if (s->write_hash != NULL) - n=EVP_MD_size(s->write_hash); ds=s->enc_write_ctx; rec= &(s->s3->wrec); if (s->enc_write_ctx == NULL) @@ -551,8 +547,6 @@ int tls1_enc(SSL *s, int send) } else { - if (s->read_hash != NULL) - n=EVP_MD_size(s->read_hash); ds=s->enc_read_ctx; rec= &(s->s3->rrec); if (s->enc_read_ctx == NULL) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8b53112770..d61c08c8ef 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -601,9 +601,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) { + unsigned short length; unsigned short type; unsigned short size; - unsigned short len; unsigned char *data = *p; int tlsext_servername = 0; int renegotiate_seen = 0; @@ -611,7 +611,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (data >= (d+n-2)) goto ri_check; - n2s(data,len); + n2s(data,length); + if (data+length != d+n) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } while(data <= (d+n-4)) { |