summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortedu <tedu@openbsd.org>2014-04-16 01:43:06 +0000
committertedu <tedu@openbsd.org>2014-04-16 01:43:06 +0000
commit935dc21f5330afdf335a716cca61e24e8aeb1a51 (patch)
tree06e759e0106c1d9a938ce3eb11d16358248211ed
parentRemove disabled code that wouldn't work now that cleanse_ptr was (diff)
downloadwireguard-openbsd-935dc21f5330afdf335a716cca61e24e8aeb1a51.tar.xz
wireguard-openbsd-935dc21f5330afdf335a716cca61e24e8aeb1a51.zip
strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,
it looks wrong. replace with auditable code and eliminate many strlen calls to improve efficiency. (wait, did somebody say FASTER?) ok beck
Diffstat
-rw-r--r--lib/libssl/d1_srvr.c12
-rw-r--r--lib/libssl/s3_srvr.c17
-rw-r--r--lib/libssl/src/ssl/d1_srvr.c12
-rw-r--r--lib/libssl/src/ssl/s3_srvr.c17
4 files changed, 34 insertions, 24 deletions
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c
index 47a0c0e2a26..6040dd96ca8 100644
--- a/lib/libssl/d1_srvr.c
+++ b/lib/libssl/d1_srvr.c
@@ -1018,6 +1018,9 @@ dtls1_send_server_key_exchange(SSL *s)
BN_CTX *bn_ctx = NULL;
#endif
+#ifndef OPENSSL_NO_PSK
+ size_t pskhintlen;
+#endif
EVP_PKEY *pkey;
unsigned char *p, *d;
int al, i;
@@ -1226,8 +1229,9 @@ dtls1_send_server_key_exchange(SSL *s)
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
+ pskhintlen = strlen(s->ctx->psk_identity_hint);
/* reserve size for record length and PSK identity hint*/
- n += 2 + strlen(s->ctx->psk_identity_hint);
+ n += 2 + pskhintlen;
} else
#endif /* !OPENSSL_NO_PSK */
{
@@ -1293,10 +1297,10 @@ dtls1_send_server_key_exchange(SSL *s)
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
/* copy PSK identity hint */
- s2n(strlen(s->ctx->psk_identity_hint), p);
+ s2n(pskhintlen, p);
- strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
- p += strlen(s->ctx->psk_identity_hint);
+ memcpy(p, s->ctx->psk_identity_hint, pskhintlen);
+ p += pskhintlen;
}
#endif
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 0794a298b1a..f532e254f98 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1574,6 +1574,9 @@ ssl3_send_server_key_exchange(SSL *s)
BN_CTX *bn_ctx = NULL;
#endif
+#ifndef OPENSSL_NO_PSK
+ size_t pskhintlen;
+#endif
EVP_PKEY *pkey;
const EVP_MD *md = NULL;
unsigned char *p, *d;
@@ -1804,10 +1807,9 @@ ssl3_send_server_key_exchange(SSL *s)
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
- /*
- * Reserve size for record length and PSK identity hint.
- */
- n += 2 + strlen(s->ctx->psk_identity_hint);
+ pskhintlen = strlen(s->ctx->psk_identity_hint);
+ /* reserve size for record length and PSK identity hint*/
+ n += 2 + pskhintlen;
} else
#endif /* !OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
@@ -1900,11 +1902,10 @@ ssl3_send_server_key_exchange(SSL *s)
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
/* copy PSK identity hint */
- s2n(strlen(s->ctx->psk_identity_hint), p);
+ s2n(pskhintlen, p);
- strncpy((char *)p, s->ctx->psk_identity_hint,
- strlen(s->ctx->psk_identity_hint));
- p += strlen(s->ctx->psk_identity_hint);
+ memcpy(p, s->ctx->psk_identity_hint, pskhintlen);
+ p += pskhintlen;
}
#endif
diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c
index 47a0c0e2a26..6040dd96ca8 100644
--- a/lib/libssl/src/ssl/d1_srvr.c
+++ b/lib/libssl/src/ssl/d1_srvr.c
@@ -1018,6 +1018,9 @@ dtls1_send_server_key_exchange(SSL *s)
BN_CTX *bn_ctx = NULL;
#endif
+#ifndef OPENSSL_NO_PSK
+ size_t pskhintlen;
+#endif
EVP_PKEY *pkey;
unsigned char *p, *d;
int al, i;
@@ -1226,8 +1229,9 @@ dtls1_send_server_key_exchange(SSL *s)
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
+ pskhintlen = strlen(s->ctx->psk_identity_hint);
/* reserve size for record length and PSK identity hint*/
- n += 2 + strlen(s->ctx->psk_identity_hint);
+ n += 2 + pskhintlen;
} else
#endif /* !OPENSSL_NO_PSK */
{
@@ -1293,10 +1297,10 @@ dtls1_send_server_key_exchange(SSL *s)
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
/* copy PSK identity hint */
- s2n(strlen(s->ctx->psk_identity_hint), p);
+ s2n(pskhintlen, p);
- strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
- p += strlen(s->ctx->psk_identity_hint);
+ memcpy(p, s->ctx->psk_identity_hint, pskhintlen);
+ p += pskhintlen;
}
#endif
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index 0794a298b1a..f532e254f98 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1574,6 +1574,9 @@ ssl3_send_server_key_exchange(SSL *s)
BN_CTX *bn_ctx = NULL;
#endif
+#ifndef OPENSSL_NO_PSK
+ size_t pskhintlen;
+#endif
EVP_PKEY *pkey;
const EVP_MD *md = NULL;
unsigned char *p, *d;
@@ -1804,10 +1807,9 @@ ssl3_send_server_key_exchange(SSL *s)
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
- /*
- * Reserve size for record length and PSK identity hint.
- */
- n += 2 + strlen(s->ctx->psk_identity_hint);
+ pskhintlen = strlen(s->ctx->psk_identity_hint);
+ /* reserve size for record length and PSK identity hint*/
+ n += 2 + pskhintlen;
} else
#endif /* !OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SRP
@@ -1900,11 +1902,10 @@ ssl3_send_server_key_exchange(SSL *s)
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
/* copy PSK identity hint */
- s2n(strlen(s->ctx->psk_identity_hint), p);
+ s2n(pskhintlen, p);
- strncpy((char *)p, s->ctx->psk_identity_hint,
- strlen(s->ctx->psk_identity_hint));
- p += strlen(s->ctx->psk_identity_hint);
+ memcpy(p, s->ctx->psk_identity_hint, pskhintlen);
+ p += pskhintlen;
}
#endif
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.