diff options
| author | tedu <> | 2014-04-16 01:43:06 +0000 |
|---|---|---|
| committer | tedu <> | 2014-04-16 01:43:06 +0000 |
| commit | dfe5dbddd74c9bf529f6d716558f2640be992799 (patch) | |
| tree | a79e54216332550d2177d485189266b0623b9d43 /src | |
| parent | 64d17c0b6df11db607e7fbe2b1bc708147f3c1ab (diff) | |
| download | openbsd-dfe5dbddd74c9bf529f6d716558f2640be992799.tar.gz openbsd-dfe5dbddd74c9bf529f6d716558f2640be992799.tar.bz2 openbsd-dfe5dbddd74c9bf529f6d716558f2640be992799.zip | |
strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,
it looks wrong. replace with auditable code and eliminate many strlen calls
to improve efficiency. (wait, did somebody say FASTER?) ok beck
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 17 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_srvr.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 17 |
4 files changed, 34 insertions, 24 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 47a0c0e2a2..6040dd96ca 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1018,6 +1018,9 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1018 | BN_CTX *bn_ctx = NULL; | 1018 | BN_CTX *bn_ctx = NULL; |
| 1019 | 1019 | ||
| 1020 | #endif | 1020 | #endif |
| 1021 | #ifndef OPENSSL_NO_PSK | ||
| 1022 | size_t pskhintlen; | ||
| 1023 | #endif | ||
| 1021 | EVP_PKEY *pkey; | 1024 | EVP_PKEY *pkey; |
| 1022 | unsigned char *p, *d; | 1025 | unsigned char *p, *d; |
| 1023 | int al, i; | 1026 | int al, i; |
| @@ -1226,8 +1229,9 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1226 | #endif /* !OPENSSL_NO_ECDH */ | 1229 | #endif /* !OPENSSL_NO_ECDH */ |
| 1227 | #ifndef OPENSSL_NO_PSK | 1230 | #ifndef OPENSSL_NO_PSK |
| 1228 | if (type & SSL_kPSK) { | 1231 | if (type & SSL_kPSK) { |
| 1232 | pskhintlen = strlen(s->ctx->psk_identity_hint); | ||
| 1229 | /* reserve size for record length and PSK identity hint*/ | 1233 | /* reserve size for record length and PSK identity hint*/ |
| 1230 | n += 2 + strlen(s->ctx->psk_identity_hint); | 1234 | n += 2 + pskhintlen; |
| 1231 | } else | 1235 | } else |
| 1232 | #endif /* !OPENSSL_NO_PSK */ | 1236 | #endif /* !OPENSSL_NO_PSK */ |
| 1233 | { | 1237 | { |
| @@ -1293,10 +1297,10 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1293 | #ifndef OPENSSL_NO_PSK | 1297 | #ifndef OPENSSL_NO_PSK |
| 1294 | if (type & SSL_kPSK) { | 1298 | if (type & SSL_kPSK) { |
| 1295 | /* copy PSK identity hint */ | 1299 | /* copy PSK identity hint */ |
| 1296 | s2n(strlen(s->ctx->psk_identity_hint), p); | 1300 | s2n(pskhintlen, p); |
| 1297 | 1301 | ||
| 1298 | strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint)); | 1302 | memcpy(p, s->ctx->psk_identity_hint, pskhintlen); |
| 1299 | p += strlen(s->ctx->psk_identity_hint); | 1303 | p += pskhintlen; |
| 1300 | } | 1304 | } |
| 1301 | #endif | 1305 | #endif |
| 1302 | 1306 | ||
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 0794a298b1..f532e254f9 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1574,6 +1574,9 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1574 | BN_CTX *bn_ctx = NULL; | 1574 | BN_CTX *bn_ctx = NULL; |
| 1575 | 1575 | ||
| 1576 | #endif | 1576 | #endif |
| 1577 | #ifndef OPENSSL_NO_PSK | ||
| 1578 | size_t pskhintlen; | ||
| 1579 | #endif | ||
| 1577 | EVP_PKEY *pkey; | 1580 | EVP_PKEY *pkey; |
| 1578 | const EVP_MD *md = NULL; | 1581 | const EVP_MD *md = NULL; |
| 1579 | unsigned char *p, *d; | 1582 | unsigned char *p, *d; |
| @@ -1804,10 +1807,9 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1804 | #endif /* !OPENSSL_NO_ECDH */ | 1807 | #endif /* !OPENSSL_NO_ECDH */ |
| 1805 | #ifndef OPENSSL_NO_PSK | 1808 | #ifndef OPENSSL_NO_PSK |
| 1806 | if (type & SSL_kPSK) { | 1809 | if (type & SSL_kPSK) { |
| 1807 | /* | 1810 | pskhintlen = strlen(s->ctx->psk_identity_hint); |
| 1808 | * Reserve size for record length and PSK identity hint. | 1811 | /* reserve size for record length and PSK identity hint*/ |
| 1809 | */ | 1812 | n += 2 + pskhintlen; |
| 1810 | n += 2 + strlen(s->ctx->psk_identity_hint); | ||
| 1811 | } else | 1813 | } else |
| 1812 | #endif /* !OPENSSL_NO_PSK */ | 1814 | #endif /* !OPENSSL_NO_PSK */ |
| 1813 | #ifndef OPENSSL_NO_SRP | 1815 | #ifndef OPENSSL_NO_SRP |
| @@ -1900,11 +1902,10 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1900 | #ifndef OPENSSL_NO_PSK | 1902 | #ifndef OPENSSL_NO_PSK |
| 1901 | if (type & SSL_kPSK) { | 1903 | if (type & SSL_kPSK) { |
| 1902 | /* copy PSK identity hint */ | 1904 | /* copy PSK identity hint */ |
| 1903 | s2n(strlen(s->ctx->psk_identity_hint), p); | 1905 | s2n(pskhintlen, p); |
| 1904 | 1906 | ||
| 1905 | strncpy((char *)p, s->ctx->psk_identity_hint, | 1907 | memcpy(p, s->ctx->psk_identity_hint, pskhintlen); |
| 1906 | strlen(s->ctx->psk_identity_hint)); | 1908 | p += pskhintlen; |
| 1907 | p += strlen(s->ctx->psk_identity_hint); | ||
| 1908 | } | 1909 | } |
| 1909 | #endif | 1910 | #endif |
| 1910 | 1911 | ||
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 47a0c0e2a2..6040dd96ca 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c | |||
| @@ -1018,6 +1018,9 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1018 | BN_CTX *bn_ctx = NULL; | 1018 | BN_CTX *bn_ctx = NULL; |
| 1019 | 1019 | ||
| 1020 | #endif | 1020 | #endif |
| 1021 | #ifndef OPENSSL_NO_PSK | ||
| 1022 | size_t pskhintlen; | ||
| 1023 | #endif | ||
| 1021 | EVP_PKEY *pkey; | 1024 | EVP_PKEY *pkey; |
| 1022 | unsigned char *p, *d; | 1025 | unsigned char *p, *d; |
| 1023 | int al, i; | 1026 | int al, i; |
| @@ -1226,8 +1229,9 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1226 | #endif /* !OPENSSL_NO_ECDH */ | 1229 | #endif /* !OPENSSL_NO_ECDH */ |
| 1227 | #ifndef OPENSSL_NO_PSK | 1230 | #ifndef OPENSSL_NO_PSK |
| 1228 | if (type & SSL_kPSK) { | 1231 | if (type & SSL_kPSK) { |
| 1232 | pskhintlen = strlen(s->ctx->psk_identity_hint); | ||
| 1229 | /* reserve size for record length and PSK identity hint*/ | 1233 | /* reserve size for record length and PSK identity hint*/ |
| 1230 | n += 2 + strlen(s->ctx->psk_identity_hint); | 1234 | n += 2 + pskhintlen; |
| 1231 | } else | 1235 | } else |
| 1232 | #endif /* !OPENSSL_NO_PSK */ | 1236 | #endif /* !OPENSSL_NO_PSK */ |
| 1233 | { | 1237 | { |
| @@ -1293,10 +1297,10 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1293 | #ifndef OPENSSL_NO_PSK | 1297 | #ifndef OPENSSL_NO_PSK |
| 1294 | if (type & SSL_kPSK) { | 1298 | if (type & SSL_kPSK) { |
| 1295 | /* copy PSK identity hint */ | 1299 | /* copy PSK identity hint */ |
| 1296 | s2n(strlen(s->ctx->psk_identity_hint), p); | 1300 | s2n(pskhintlen, p); |
| 1297 | 1301 | ||
| 1298 | strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint)); | 1302 | memcpy(p, s->ctx->psk_identity_hint, pskhintlen); |
| 1299 | p += strlen(s->ctx->psk_identity_hint); | 1303 | p += pskhintlen; |
| 1300 | } | 1304 | } |
| 1301 | #endif | 1305 | #endif |
| 1302 | 1306 | ||
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 0794a298b1..f532e254f9 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -1574,6 +1574,9 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1574 | BN_CTX *bn_ctx = NULL; | 1574 | BN_CTX *bn_ctx = NULL; |
| 1575 | 1575 | ||
| 1576 | #endif | 1576 | #endif |
| 1577 | #ifndef OPENSSL_NO_PSK | ||
| 1578 | size_t pskhintlen; | ||
| 1579 | #endif | ||
| 1577 | EVP_PKEY *pkey; | 1580 | EVP_PKEY *pkey; |
| 1578 | const EVP_MD *md = NULL; | 1581 | const EVP_MD *md = NULL; |
| 1579 | unsigned char *p, *d; | 1582 | unsigned char *p, *d; |
| @@ -1804,10 +1807,9 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1804 | #endif /* !OPENSSL_NO_ECDH */ | 1807 | #endif /* !OPENSSL_NO_ECDH */ |
| 1805 | #ifndef OPENSSL_NO_PSK | 1808 | #ifndef OPENSSL_NO_PSK |
| 1806 | if (type & SSL_kPSK) { | 1809 | if (type & SSL_kPSK) { |
| 1807 | /* | 1810 | pskhintlen = strlen(s->ctx->psk_identity_hint); |
| 1808 | * Reserve size for record length and PSK identity hint. | 1811 | /* reserve size for record length and PSK identity hint*/ |
| 1809 | */ | 1812 | n += 2 + pskhintlen; |
| 1810 | n += 2 + strlen(s->ctx->psk_identity_hint); | ||
| 1811 | } else | 1813 | } else |
| 1812 | #endif /* !OPENSSL_NO_PSK */ | 1814 | #endif /* !OPENSSL_NO_PSK */ |
| 1813 | #ifndef OPENSSL_NO_SRP | 1815 | #ifndef OPENSSL_NO_SRP |
| @@ -1900,11 +1902,10 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1900 | #ifndef OPENSSL_NO_PSK | 1902 | #ifndef OPENSSL_NO_PSK |
| 1901 | if (type & SSL_kPSK) { | 1903 | if (type & SSL_kPSK) { |
| 1902 | /* copy PSK identity hint */ | 1904 | /* copy PSK identity hint */ |
| 1903 | s2n(strlen(s->ctx->psk_identity_hint), p); | 1905 | s2n(pskhintlen, p); |
| 1904 | 1906 | ||
| 1905 | strncpy((char *)p, s->ctx->psk_identity_hint, | 1907 | memcpy(p, s->ctx->psk_identity_hint, pskhintlen); |
| 1906 | strlen(s->ctx->psk_identity_hint)); | 1908 | p += pskhintlen; |
| 1907 | p += strlen(s->ctx->psk_identity_hint); | ||
| 1908 | } | 1909 | } |
| 1909 | #endif | 1910 | #endif |
| 1910 | 1911 | ||