From 15e8f255e119bc9bcc3d331677007d5263431e63 Mon Sep 17 00:00:00 2001
From: miod <>
Date: Thu, 7 Aug 2014 19:46:31 +0000
Subject: When you expect a function to return a particular value, don't put a
 comment saying that you expect it to return that value and compare it against
 zero because it is supposedly faster, for this leads to bugs (especially
 given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in
 this library).

Instead, compare for the exact value it ought to return upon success.

ok deraadt@
---
 src/lib/libssl/d1_clnt.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/lib/libssl/d1_clnt.c')

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 552667f6c1..165f9441f6 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.32 2014/08/07 19:46:31 miod Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -778,8 +778,9 @@ dtls1_client_hello(SSL *s)
 
 		/* if client_random is initialized, reuse it, we are
 		 * required to use same upon reply to HelloVerify */
-		for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
-			;
+		for (i = 0; i < sizeof(s->s3->client_random); i++)
+			if (p[i] != '\0')
+				break;
 		if (i == sizeof(s->s3->client_random))
 			RAND_pseudo_bytes(p, sizeof(s->s3->client_random));
 
@@ -1338,7 +1339,6 @@ dtls1_send_client_certificate(SSL *s)
 		/* If we get an error, we need to
 		 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
 		 * We then get retied later */
-		i = 0;
 		i = ssl_do_client_cert_cb(s, &x509, &pkey);
 		if (i < 0) {
 			s->rwstate = SSL_X509_LOOKUP;
-- 
cgit v1.2.3-55-g6feb