From ffb772b401a7e4d8ff166372a160eb0da562824c Mon Sep 17 00:00:00 2001 From: miod Date: Thu, 7 Aug 2014 19:46:31 +0000 Subject: When you expect a function to return a particular value, don't put a comment saying that you expect it to return that value and compare it against zero because it is supposedly faster, for this leads to bugs (especially given the high rate of sloppy cut'n'paste within ssl3 and dtls1 routines in this library). Instead, compare for the exact value it ought to return upon success. ok deraadt@ --- lib/libssl/src/ssl/d1_both.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'lib/libssl/src/ssl/d1_both.c') diff --git a/lib/libssl/src/ssl/d1_both.c b/lib/libssl/src/ssl/d1_both.c index e25f69dbb64..2391d529947 100644 --- a/lib/libssl/src/ssl/d1_both.c +++ b/lib/libssl/src/ssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.24 2014/07/10 08:51:14 tedu Exp $ */ +/* $OpenBSD: d1_both.c,v 1.25 2014/08/07 19:46:31 miod Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -903,6 +903,7 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, s->s3->tmp.finish_md); + OPENSSL_assert(i <= EVP_MAX_MD_SIZE); s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); p += i; @@ -913,12 +914,10 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) * renegotiation checks */ if (s->type == SSL_ST_CONNECT) { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i); s->s3->previous_client_finished_len = i; } else { - OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i); s->s3->previous_server_finished_len = i; -- cgit v1.2.3-59-g8ed1b