1 files changed, 25 insertions, 25 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 3e4a4b3790..80a16f1042 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.125 2022/01/04 11:17:11 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.126 2022/01/04 12:53:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1258,7 +1258,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        sc->peer_dh_tmp = dh;
-        return (1);
+        return 1;
 decode_err:
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
@@ -1267,14 +1267,14 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
 err:
        DH_free(dh);
-        return (-1);
+        return 0;
 }
 static int
 ssl3_get_server_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, int nid, CBS *public)
 {
        EC_KEY *ecdh = NULL;
-        int ret = -1;
+        int ret = 0;
        /* Extract the server's ephemeral ECDH public key. */
        if ((ecdh = EC_KEY_new()) == NULL) {
@@ -1320,10 +1320,10 @@ ssl3_get_server_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, int nid, CBS *public)
                goto err;
        }
-        return (1);
+        return 1;
 err:
-        return (-1);
+        return 0;
 }
 static int
@@ -1371,10 +1371,10 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        }
        if (nid == NID_X25519) {
-                if (ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public) != 1)
+                if (!ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public))
                        goto err;
        } else {
-                if (ssl3_get_server_kex_ecdhe_ecp(s, sc, nid, &public) != 1)
+                if (!ssl3_get_server_kex_ecdhe_ecp(s, sc, nid, &public))
                        goto err;
        }
@@ -1391,13 +1391,13 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
                /* XXX - Anonymous ECDH, so no certificate or pkey. */
                *pkey = NULL;
-        return (1);
+        return 1;
 decode_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
 err:
-        return (-1);
+        return 0;
 }
 int
@@ -1465,10 +1465,10 @@ ssl3_get_server_key_exchange(SSL *s)
        param_len = CBS_len(&cbs);
        if (alg_k & SSL_kDHE) {
-                if (ssl3_get_server_kex_dhe(s, &pkey, &cbs) != 1)
+                if (!ssl3_get_server_kex_dhe(s, &pkey, &cbs))
                        goto err;
        } else if (alg_k & SSL_kECDHE) {
-                if (ssl3_get_server_kex_ecdhe(s, &pkey, &cbs) != 1)
+                if (!ssl3_get_server_kex_ecdhe(s, &pkey, &cbs))
                        goto err;
        } else if (alg_k != 0) {
                al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -1904,7 +1904,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
        uint16_t max_legacy_version;
        EVP_PKEY *pkey = NULL;
        RSA *rsa;
-        int ret = -1;
+        int ret = 0;
        int enc_len;
        CBB epms;
@@ -1960,7 +1960,7 @@ ssl3_send_client_kex_rsa(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
        EVP_PKEY_free(pkey);
        free(enc_pms);
-        return (ret);
+        return ret;
 }
 static int
@@ -1970,7 +1970,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
        DH *dh_srvr;
        uint8_t *key = NULL;
        size_t key_len = 0;
-        int ret = -1;
+        int ret = 0;
        /* Ensure that we have an ephemeral key from the server for DHE. */
        if ((dh_srvr = sess_cert->peer_dh_tmp) == NULL) {
@@ -1999,7 +1999,7 @@ ssl3_send_client_kex_dhe(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
        DH_free(dh_clnt);
        freezero(key, key_len);
-        return (ret);
+        return ret;
 }
 static int
@@ -2008,7 +2008,7 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
        EC_KEY *ecdh = NULL;
        uint8_t *key = NULL;
        size_t key_len = 0;
-        int ret = -1;
+        int ret = 0;
        CBB ecpoint;
        if ((ecdh = EC_KEY_new()) == NULL) {
@@ -2039,14 +2039,14 @@ ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
        freezero(key, key_len);
        EC_KEY_free(ecdh);
-        return (ret);
+        return ret;
 }
 static int
 ssl3_send_client_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, CBB *cbb)
 {
        uint8_t *public_key = NULL, *private_key = NULL, *shared_key = NULL;
-        int ret = -1;
+        int ret = 0;
        CBB ecpoint;
        /* Generate X25519 key pair and derive shared key. */
@@ -2078,7 +2078,7 @@ ssl3_send_client_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, CBB *cbb)
        freezero(private_key, X25519_KEY_LENGTH);
        freezero(shared_key, X25519_KEY_LENGTH);
-        return (ret);
+        return ret;
 }
 static int
@@ -2096,10 +2096,10 @@ ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sc, CBB *cbb)
                goto err;
        }
-        return (1);
+        return 1;
 err:
-        return (-1);
+        return 0;
 }
 static int
@@ -2237,13 +2237,13 @@ ssl3_send_client_key_exchange(SSL *s)
                        goto err;
                if (alg_k & SSL_kRSA) {
-                        if (ssl3_send_client_kex_rsa(s, sess_cert, &kex) != 1)
+                        if (!ssl3_send_client_kex_rsa(s, sess_cert, &kex))
                                goto err;
                } else if (alg_k & SSL_kDHE) {
-                        if (ssl3_send_client_kex_dhe(s, sess_cert, &kex) != 1)
+                        if (!ssl3_send_client_kex_dhe(s, sess_cert, &kex))
                                goto err;
                } else if (alg_k & SSL_kECDHE) {
-                        if (ssl3_send_client_kex_ecdhe(s, sess_cert, &kex) != 1)
+                        if (!ssl3_send_client_kex_ecdhe(s, sess_cert, &kex))
                                goto err;
                } else if (alg_k & SSL_kGOST) {
                        if (ssl3_send_client_kex_gost(s, sess_cert, &kex) != 1)

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 3e4a4b3790..80a16f1042 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.125 2022/01/04 11:17:11 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.126 2022/01/04 12:53:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1258,7 +1258,7 @@ ssl3_get_server_kex_dhe(SSL s, EVP_PKEY pkey, CBS cbs)
1258		1258
1259	sc->peer_dh_tmp = dh;	1259	sc->peer_dh_tmp = dh;
1260		1260
1261	return (1);	1261	return 1;
1262		1262
1263	decode_err:	1263	decode_err:
1264	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);	1264	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
@@ -1267,14 +1267,14 @@ ssl3_get_server_kex_dhe(SSL s, EVP_PKEY pkey, CBS cbs)
1267	err:	1267	err:
1268	DH_free(dh);	1268	DH_free(dh);
1269		1269
1270	return (-1);	1270	return 0;
1271	}	1271	}
1272		1272
1273	static int	1273	static int
1274	ssl3_get_server_kex_ecdhe_ecp(SSL s, SESS_CERT sc, int nid, CBS *public)	1274	ssl3_get_server_kex_ecdhe_ecp(SSL s, SESS_CERT sc, int nid, CBS *public)
1275	{	1275	{
1276	EC_KEY *ecdh = NULL;	1276	EC_KEY *ecdh = NULL;
1277	int ret = -1;	1277	int ret = 0;
1278		1278
1279	/* Extract the server's ephemeral ECDH public key. */	1279	/* Extract the server's ephemeral ECDH public key. */
1280	if ((ecdh = EC_KEY_new()) == NULL) {	1280	if ((ecdh = EC_KEY_new()) == NULL) {
@@ -1320,10 +1320,10 @@ ssl3_get_server_kex_ecdhe_ecx(SSL s, SESS_CERT sc, int nid, CBS *public)
1320	goto err;	1320	goto err;
1321	}	1321	}
1322		1322
1323	return (1);	1323	return 1;
1324		1324
1325	err:	1325	err:
1326	return (-1);	1326	return 0;
1327	}	1327	}
1328		1328
1329	static int	1329	static int
@@ -1371,10 +1371,10 @@ ssl3_get_server_kex_ecdhe(SSL s, EVP_PKEY pkey, CBS cbs)
1371	}	1371	}
1372		1372
1373	if (nid == NID_X25519) {	1373	if (nid == NID_X25519) {
1374	if (ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public) != 1)	1374	if (!ssl3_get_server_kex_ecdhe_ecx(s, sc, nid, &public))
1375	goto err;	1375	goto err;
1376	} else {	1376	} else {
1377	if (ssl3_get_server_kex_ecdhe_ecp(s, sc, nid, &public) != 1)	1377	if (!ssl3_get_server_kex_ecdhe_ecp(s, sc, nid, &public))
1378	goto err;	1378	goto err;
1379	}	1379	}
1380		1380
@@ -1391,13 +1391,13 @@ ssl3_get_server_kex_ecdhe(SSL s, EVP_PKEY pkey, CBS cbs)
1391	/* XXX - Anonymous ECDH, so no certificate or pkey. */	1391	/* XXX - Anonymous ECDH, so no certificate or pkey. */
1392	*pkey = NULL;	1392	*pkey = NULL;
1393		1393
1394	return (1);	1394	return 1;
1395		1395
1396	decode_err:	1396	decode_err:
1397	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);	1397	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1398	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);	1398	SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
1399	err:	1399	err:
1400	return (-1);	1400	return 0;
1401	}	1401	}
1402		1402
1403	int	1403	int
@@ -1465,10 +1465,10 @@ ssl3_get_server_key_exchange(SSL *s)
1465	param_len = CBS_len(&cbs);	1465	param_len = CBS_len(&cbs);
1466		1466
1467	if (alg_k & SSL_kDHE) {	1467	if (alg_k & SSL_kDHE) {
1468	if (ssl3_get_server_kex_dhe(s, &pkey, &cbs) != 1)	1468	if (!ssl3_get_server_kex_dhe(s, &pkey, &cbs))
1469	goto err;	1469	goto err;
1470	} else if (alg_k & SSL_kECDHE) {	1470	} else if (alg_k & SSL_kECDHE) {
1471	if (ssl3_get_server_kex_ecdhe(s, &pkey, &cbs) != 1)	1471	if (!ssl3_get_server_kex_ecdhe(s, &pkey, &cbs))
1472	goto err;	1472	goto err;
1473	} else if (alg_k != 0) {	1473	} else if (alg_k != 0) {
1474	al = SSL_AD_UNEXPECTED_MESSAGE;	1474	al = SSL_AD_UNEXPECTED_MESSAGE;
@@ -1904,7 +1904,7 @@ ssl3_send_client_kex_rsa(SSL s, SESS_CERT sess_cert, CBB *cbb)
1904	uint16_t max_legacy_version;	1904	uint16_t max_legacy_version;
1905	EVP_PKEY *pkey = NULL;	1905	EVP_PKEY *pkey = NULL;
1906	RSA *rsa;	1906	RSA *rsa;
1907	int ret = -1;	1907	int ret = 0;
1908	int enc_len;	1908	int enc_len;
1909	CBB epms;	1909	CBB epms;
1910		1910
@@ -1960,7 +1960,7 @@ ssl3_send_client_kex_rsa(SSL s, SESS_CERT sess_cert, CBB *cbb)
1960	EVP_PKEY_free(pkey);	1960	EVP_PKEY_free(pkey);
1961	free(enc_pms);	1961	free(enc_pms);
1962		1962
1963	return (ret);	1963	return ret;
1964	}	1964	}
1965		1965
1966	static int	1966	static int
@@ -1970,7 +1970,7 @@ ssl3_send_client_kex_dhe(SSL s, SESS_CERT sess_cert, CBB *cbb)
1970	DH *dh_srvr;	1970	DH *dh_srvr;
1971	uint8_t *key = NULL;	1971	uint8_t *key = NULL;
1972	size_t key_len = 0;	1972	size_t key_len = 0;
1973	int ret = -1;	1973	int ret = 0;
1974		1974
1975	/* Ensure that we have an ephemeral key from the server for DHE. */	1975	/* Ensure that we have an ephemeral key from the server for DHE. */
1976	if ((dh_srvr = sess_cert->peer_dh_tmp) == NULL) {	1976	if ((dh_srvr = sess_cert->peer_dh_tmp) == NULL) {
@@ -1999,7 +1999,7 @@ ssl3_send_client_kex_dhe(SSL s, SESS_CERT sess_cert, CBB *cbb)
1999	DH_free(dh_clnt);	1999	DH_free(dh_clnt);
2000	freezero(key, key_len);	2000	freezero(key, key_len);
2001		2001
2002	return (ret);	2002	return ret;
2003	}	2003	}
2004		2004
2005	static int	2005	static int
@@ -2008,7 +2008,7 @@ ssl3_send_client_kex_ecdhe_ecp(SSL s, SESS_CERT sc, CBB *cbb)
2008	EC_KEY *ecdh = NULL;	2008	EC_KEY *ecdh = NULL;
2009	uint8_t *key = NULL;	2009	uint8_t *key = NULL;
2010	size_t key_len = 0;	2010	size_t key_len = 0;
2011	int ret = -1;	2011	int ret = 0;
2012	CBB ecpoint;	2012	CBB ecpoint;
2013		2013
2014	if ((ecdh = EC_KEY_new()) == NULL) {	2014	if ((ecdh = EC_KEY_new()) == NULL) {
@@ -2039,14 +2039,14 @@ ssl3_send_client_kex_ecdhe_ecp(SSL s, SESS_CERT sc, CBB *cbb)
2039	freezero(key, key_len);	2039	freezero(key, key_len);
2040	EC_KEY_free(ecdh);	2040	EC_KEY_free(ecdh);
2041		2041
2042	return (ret);	2042	return ret;
2043	}	2043	}
2044		2044
2045	static int	2045	static int
2046	ssl3_send_client_kex_ecdhe_ecx(SSL s, SESS_CERT sc, CBB *cbb)	2046	ssl3_send_client_kex_ecdhe_ecx(SSL s, SESS_CERT sc, CBB *cbb)
2047	{	2047	{
2048	uint8_t public_key = NULL, private_key = NULL, *shared_key = NULL;	2048	uint8_t public_key = NULL, private_key = NULL, *shared_key = NULL;
2049	int ret = -1;	2049	int ret = 0;
2050	CBB ecpoint;	2050	CBB ecpoint;
2051		2051
2052	/* Generate X25519 key pair and derive shared key. */	2052	/* Generate X25519 key pair and derive shared key. */
@@ -2078,7 +2078,7 @@ ssl3_send_client_kex_ecdhe_ecx(SSL s, SESS_CERT sc, CBB *cbb)
2078	freezero(private_key, X25519_KEY_LENGTH);	2078	freezero(private_key, X25519_KEY_LENGTH);
2079	freezero(shared_key, X25519_KEY_LENGTH);	2079	freezero(shared_key, X25519_KEY_LENGTH);
2080		2080
2081	return (ret);	2081	return ret;
2082	}	2082	}
2083		2083
2084	static int	2084	static int
@@ -2096,10 +2096,10 @@ ssl3_send_client_kex_ecdhe(SSL s, SESS_CERT sc, CBB *cbb)
2096	goto err;	2096	goto err;
2097	}	2097	}
2098		2098
2099	return (1);	2099	return 1;
2100		2100
2101	err:	2101	err:
2102	return (-1);	2102	return 0;
2103	}	2103	}
2104		2104
2105	static int	2105	static int
@@ -2237,13 +2237,13 @@ ssl3_send_client_key_exchange(SSL *s)
2237	goto err;	2237	goto err;
2238		2238
2239	if (alg_k & SSL_kRSA) {	2239	if (alg_k & SSL_kRSA) {
2240	if (ssl3_send_client_kex_rsa(s, sess_cert, &kex) != 1)	2240	if (!ssl3_send_client_kex_rsa(s, sess_cert, &kex))
2241	goto err;	2241	goto err;
2242	} else if (alg_k & SSL_kDHE) {	2242	} else if (alg_k & SSL_kDHE) {
2243	if (ssl3_send_client_kex_dhe(s, sess_cert, &kex) != 1)	2243	if (!ssl3_send_client_kex_dhe(s, sess_cert, &kex))
2244	goto err;	2244	goto err;
2245	} else if (alg_k & SSL_kECDHE) {	2245	} else if (alg_k & SSL_kECDHE) {
2246	if (ssl3_send_client_kex_ecdhe(s, sess_cert, &kex) != 1)	2246	if (!ssl3_send_client_kex_ecdhe(s, sess_cert, &kex))
2247	goto err;	2247	goto err;
2248	} else if (alg_k & SSL_kGOST) {	2248	} else if (alg_k & SSL_kGOST) {
2249	if (ssl3_send_client_kex_gost(s, sess_cert, &kex) != 1)	2249	if (ssl3_send_client_kex_gost(s, sess_cert, &kex) != 1)