Narrow scope of locals vars in tls_process_key_exchange()

Narrow the scope of the local vars in preparation for split up this
function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2016-07-08 12:18:18 +01:00
parent eaa776da07
commit be8dba2c92

View File

@ -1305,16 +1305,9 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
{
EVP_MD_CTX *md_ctx;
int al, j;
int al;
long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
const EVP_MD *md = NULL;
#ifndef OPENSSL_NO_RSA
RSA *rsa = NULL;
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY_CTX *pctx = NULL;
#endif
PACKET save_param_start, signature;
md_ctx = EVP_MD_CTX_new();
@ -1506,6 +1499,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
PACKET encoded_pt;
const unsigned char *ecparams;
int curve_nid;
EVP_PKEY_CTX *pctx = NULL;
/*
* Extract elliptic curve parameters and the server's ephemeral ECDH
@ -1541,6 +1535,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
|| EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
EVP_PKEY_CTX_free(pctx);
goto f_err;
}
EVP_PKEY_CTX_free(pctx);
@ -1583,6 +1578,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
/* if it was signed, check the signature */
if (pkey != NULL) {
PACKET params;
int maxsig;
const EVP_MD *md = NULL;
/*
* |pkt| now points to the beginning of the signature, so the difference
* equals the length of the parameters.
@ -1622,8 +1619,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
j = EVP_PKEY_size(pkey);
if (j < 0) {
maxsig = EVP_PKEY_size(pkey);
if (maxsig < 0) {
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
}
@ -1631,7 +1628,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
/*
* Check signature length
*/
if (PACKET_remaining(&signature) > (size_t)j) {
if (PACKET_remaining(&signature) > (size_t)maxsig) {
/* wrong packet length */
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH);
goto f_err;
@ -1674,12 +1671,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
#ifndef OPENSSL_NO_RSA
RSA_free(rsa);
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY_CTX_free(pctx);
#endif
EVP_MD_CTX_free(md_ctx);
ossl_statem_set_error(s);
return MSG_PROCESS_ERROR;