From dfe5dbddd74c9bf529f6d716558f2640be992799 Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Wed, 16 Apr 2014 01:43:06 +0000
Subject: strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's
 right, it looks wrong. replace with auditable code and eliminate many strlen
 calls to improve efficiency. (wait, did somebody say FASTER?) ok beck

---
 src/lib/libssl/d1_srvr.c         | 12 ++++++++----
 src/lib/libssl/s3_srvr.c         | 17 +++++++++--------
 src/lib/libssl/src/ssl/d1_srvr.c | 12 ++++++++----
 src/lib/libssl/src/ssl/s3_srvr.c | 17 +++++++++--------
 4 files changed, 34 insertions(+), 24 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 47a0c0e2a2..6040dd96ca 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1017,6 +1017,9 @@ dtls1_send_server_key_exchange(SSL *s)
 	int curve_id = 0;
 	BN_CTX *bn_ctx = NULL;
 
+#endif
+#ifndef OPENSSL_NO_PSK
+	size_t pskhintlen;
 #endif
 	EVP_PKEY *pkey;
 	unsigned char *p, *d;
@@ -1226,8 +1229,9 @@ dtls1_send_server_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_ECDH */
 #ifndef OPENSSL_NO_PSK
 		if (type & SSL_kPSK) {
+			pskhintlen = strlen(s->ctx->psk_identity_hint);
 			/* reserve size for record length and PSK identity hint*/
-			n += 2 + strlen(s->ctx->psk_identity_hint);
+			n += 2 + pskhintlen;
 		} else
 #endif /* !OPENSSL_NO_PSK */
 		{
@@ -1293,10 +1297,10 @@ dtls1_send_server_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_PSK
 		if (type & SSL_kPSK) {
 			/* copy PSK identity hint */
-			s2n(strlen(s->ctx->psk_identity_hint), p);
+			s2n(pskhintlen, p);
 
-			strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
-			p += strlen(s->ctx->psk_identity_hint);
+			memcpy(p, s->ctx->psk_identity_hint, pskhintlen);
+			p += pskhintlen;
 		}
 #endif
 
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 0794a298b1..f532e254f9 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1573,6 +1573,9 @@ ssl3_send_server_key_exchange(SSL *s)
 	int curve_id = 0;
 	BN_CTX *bn_ctx = NULL;
 
+#endif
+#ifndef OPENSSL_NO_PSK
+	size_t pskhintlen;
 #endif
 	EVP_PKEY *pkey;
 	const EVP_MD *md = NULL;
@@ -1804,10 +1807,9 @@ ssl3_send_server_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_ECDH */
 #ifndef OPENSSL_NO_PSK
 		if (type & SSL_kPSK) {
-			/*
-			 * Reserve size for record length and PSK identity hint.
-			 */
-			n += 2 + strlen(s->ctx->psk_identity_hint);
+			pskhintlen = strlen(s->ctx->psk_identity_hint);
+			/* reserve size for record length and PSK identity hint*/
+			n += 2 + pskhintlen;
 		} else
 #endif /* !OPENSSL_NO_PSK */
 #ifndef OPENSSL_NO_SRP
@@ -1900,11 +1902,10 @@ ssl3_send_server_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_PSK
 		if (type & SSL_kPSK) {
 			/* copy PSK identity hint */
-			s2n(strlen(s->ctx->psk_identity_hint), p);
+			s2n(pskhintlen, p);
 
-			strncpy((char *)p, s->ctx->psk_identity_hint,
-			   strlen(s->ctx->psk_identity_hint));
-			p += strlen(s->ctx->psk_identity_hint);
+			memcpy(p, s->ctx->psk_identity_hint, pskhintlen);
+			p += pskhintlen;
 		}
 #endif
 
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 47a0c0e2a2..6040dd96ca 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1017,6 +1017,9 @@ dtls1_send_server_key_exchange(SSL *s)
 	int curve_id = 0;
 	BN_CTX *bn_ctx = NULL;
 
+#endif
+#ifndef OPENSSL_NO_PSK
+	size_t pskhintlen;
 #endif
 	EVP_PKEY *pkey;
 	unsigned char *p, *d;
@@ -1226,8 +1229,9 @@ dtls1_send_server_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_ECDH */
 #ifndef OPENSSL_NO_PSK
 		if (type & SSL_kPSK) {
+			pskhintlen = strlen(s->ctx->psk_identity_hint);
 			/* reserve size for record length and PSK identity hint*/
-			n += 2 + strlen(s->ctx->psk_identity_hint);
+			n += 2 + pskhintlen;
 		} else
 #endif /* !OPENSSL_NO_PSK */
 		{
@@ -1293,10 +1297,10 @@ dtls1_send_server_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_PSK
 		if (type & SSL_kPSK) {
 			/* copy PSK identity hint */
-			s2n(strlen(s->ctx->psk_identity_hint), p);
+			s2n(pskhintlen, p);
 
-			strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
-			p += strlen(s->ctx->psk_identity_hint);
+			memcpy(p, s->ctx->psk_identity_hint, pskhintlen);
+			p += pskhintlen;
 		}
 #endif
 
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 0794a298b1..f532e254f9 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1573,6 +1573,9 @@ ssl3_send_server_key_exchange(SSL *s)
 	int curve_id = 0;
 	BN_CTX *bn_ctx = NULL;
 
+#endif
+#ifndef OPENSSL_NO_PSK
+	size_t pskhintlen;
 #endif
 	EVP_PKEY *pkey;
 	const EVP_MD *md = NULL;
@@ -1804,10 +1807,9 @@ ssl3_send_server_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_ECDH */
 #ifndef OPENSSL_NO_PSK
 		if (type & SSL_kPSK) {
-			/*
-			 * Reserve size for record length and PSK identity hint.
-			 */
-			n += 2 + strlen(s->ctx->psk_identity_hint);
+			pskhintlen = strlen(s->ctx->psk_identity_hint);
+			/* reserve size for record length and PSK identity hint*/
+			n += 2 + pskhintlen;
 		} else
 #endif /* !OPENSSL_NO_PSK */
 #ifndef OPENSSL_NO_SRP
@@ -1900,11 +1902,10 @@ ssl3_send_server_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_PSK
 		if (type & SSL_kPSK) {
 			/* copy PSK identity hint */
-			s2n(strlen(s->ctx->psk_identity_hint), p);
+			s2n(pskhintlen, p);
 
-			strncpy((char *)p, s->ctx->psk_identity_hint,
-			   strlen(s->ctx->psk_identity_hint));
-			p += strlen(s->ctx->psk_identity_hint);
+			memcpy(p, s->ctx->psk_identity_hint, pskhintlen);
+			p += pskhintlen;
 		}
 #endif
 
-- 
cgit v1.2.3-55-g6feb