diff options
| author |   tedu <tedu@openbsd.org> | 2014-04-16 01:43:06 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-04-16 01:43:06 +0000 |
| commit | 935dc21f5330afdf335a716cca61e24e8aeb1a51 (patch) | |
| tree | 06e759e0106c1d9a938ce3eb11d16358248211ed /lib/libssl/src | |
| parent | Remove disabled code that wouldn't work now that cleanse_ptr was (diff) | |
| download | wireguard-openbsd-935dc21f5330afdf335a716cca61e24e8aeb1a51.tar.xz wireguard-openbsd-935dc21f5330afdf335a716cca61e24e8aeb1a51.zip | |
strncpy(d, s, strlen(s)) is a special kind of stupid. even when it's right,
it looks wrong. replace with auditable code and eliminate many strlen calls
to improve efficiency. (wait, did somebody say FASTER?) ok beck
Diffstat (limited to 'lib/libssl/src')
| -rw-r--r-- | lib/libssl/src/ssl/d1_srvr.c | 12 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_srvr.c | 17 |
2 files changed, 17 insertions, 12 deletions
diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c index 47a0c0e2a26..6040dd96ca8 100644 --- a/lib/libssl/src/ssl/d1_srvr.c +++ b/lib/libssl/src/ssl/d1_srvr.c @@ -1018,6 +1018,9 @@ dtls1_send_server_key_exchange(SSL *s) BN_CTX *bn_ctx = NULL; #endif +#ifndef OPENSSL_NO_PSK + size_t pskhintlen; +#endif EVP_PKEY *pkey; unsigned char *p, *d; int al, i; @@ -1226,8 +1229,9 @@ dtls1_send_server_key_exchange(SSL *s) #endif /* !OPENSSL_NO_ECDH */ #ifndef OPENSSL_NO_PSK if (type & SSL_kPSK) { + pskhintlen = strlen(s->ctx->psk_identity_hint); /* reserve size for record length and PSK identity hint*/ - n += 2 + strlen(s->ctx->psk_identity_hint); + n += 2 + pskhintlen; } else #endif /* !OPENSSL_NO_PSK */ { @@ -1293,10 +1297,10 @@ dtls1_send_server_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (type & SSL_kPSK) { /* copy PSK identity hint */ - s2n(strlen(s->ctx->psk_identity_hint), p); + s2n(pskhintlen, p); - strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint)); - p += strlen(s->ctx->psk_identity_hint); + memcpy(p, s->ctx->psk_identity_hint, pskhintlen); + p += pskhintlen; } #endif diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 0794a298b1a..f532e254f98 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1574,6 +1574,9 @@ ssl3_send_server_key_exchange(SSL *s) BN_CTX *bn_ctx = NULL; #endif +#ifndef OPENSSL_NO_PSK + size_t pskhintlen; +#endif EVP_PKEY *pkey; const EVP_MD *md = NULL; unsigned char *p, *d; @@ -1804,10 +1807,9 @@ ssl3_send_server_key_exchange(SSL *s) #endif /* !OPENSSL_NO_ECDH */ #ifndef OPENSSL_NO_PSK if (type & SSL_kPSK) { - /* - * Reserve size for record length and PSK identity hint. - */ - n += 2 + strlen(s->ctx->psk_identity_hint); + pskhintlen = strlen(s->ctx->psk_identity_hint); + /* reserve size for record length and PSK identity hint*/ + n += 2 + pskhintlen; } else #endif /* !OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_SRP @@ -1900,11 +1902,10 @@ ssl3_send_server_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (type & SSL_kPSK) { /* copy PSK identity hint */ - s2n(strlen(s->ctx->psk_identity_hint), p); + s2n(pskhintlen, p); - strncpy((char *)p, s->ctx->psk_identity_hint, - strlen(s->ctx->psk_identity_hint)); - p += strlen(s->ctx->psk_identity_hint); + memcpy(p, s->ctx->psk_identity_hint, pskhintlen); + p += pskhintlen; } #endif |