Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1135?usp=email
to review the following change.
Change subject: openvpn_PRF: Change API to use size_t for lenghts
......................................................................
openvpn_PRF: Change API to use size_t for lenghts
Basically all users already wanted that anyway. And most
of the library functions also take size_t nowadays.
Change-Id: Ic88cd6e143bc48cab3c9ebb7c7007513803bd199
Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
---
M src/openvpn/crypto.c
M src/openvpn/crypto_backend.h
M src/openvpn/crypto_mbedtls.c
M src/openvpn/crypto_openssl.c
M src/openvpn/ssl.c
M tests/unit_tests/openvpn/test_crypto.c
6 files changed, 22 insertions(+), 22 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/35/1135/1
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 1fa08fd..e128bb8 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1903,8 +1903,8 @@
uint8_t out[8];
uint8_t expected_out[] = { 'q', 'D', '\xfe', '%', '@', 's', 'u', '\x95' };
- int ret = ssl_tls1_PRF((uint8_t *)seed, (int)strlen(seed), (uint8_t
*)secret,
- (int)strlen(secret), out, sizeof(out));
+ int ret = ssl_tls1_PRF((uint8_t *)seed, strlen(seed), (uint8_t *)secret,
+ strlen(secret), out, sizeof(out));
return (ret && memcmp(out, expected_out, sizeof(out)) == 0);
}
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index 59418f6..b74cb7f 100644
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -716,7 +716,7 @@
*
* @return true if successful, false on any error
*/
-bool ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
int secret_len,
- uint8_t *output, int output_len);
+bool ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret,
size_t secret_len,
+ uint8_t *output, size_t output_len);
#endif /* CRYPTO_BACKEND_H_ */
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 86317dd..87a2d12 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -983,8 +983,8 @@
* from recent versions, so we use our own implementation if necessary. */
#if defined(HAVE_MBEDTLS_SSL_TLS_PRF) && defined(MBEDTLS_SSL_TLS_PRF_TLS1)
bool
-ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int
secret_len,
- uint8_t *output, int output_len)
+ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret,
size_t secret_len,
+ uint8_t *output, size_t output_len)
{
return mbed_ok(mbedtls_ssl_tls_prf(MBEDTLS_SSL_TLS_PRF_TLS1, secret,
secret_len, "", seed,
seed_len, output, output_len));
@@ -1002,8 +1002,8 @@
* @param olen Length of the output buffer
*/
static void
-tls1_P_hash(const mbedtls_md_info_t *md_kt, const uint8_t *sec, int sec_len,
const uint8_t *seed,
- int seed_len, uint8_t *out, int olen)
+tls1_P_hash(const mbedtls_md_info_t *md_kt, const uint8_t *sec, size_t
sec_len, const uint8_t *seed,
+ size_t seed_len, uint8_t *out, size_t olen)
{
struct gc_arena gc = gc_new();
uint8_t A1[MAX_HMAC_KEY_LENGTH];
@@ -1089,8 +1089,8 @@
* (2) The pre-master secret is generated by the client.
*/
bool
-ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec, int
slen, uint8_t *out1,
- int olen)
+ssl_tls1_PRF(const uint8_t *label, size_t label_len, const uint8_t *sec,
size_t slen, uint8_t *out1,
+ size_t olen)
{
struct gc_arena gc = gc_new();
const md_kt_t *md5 = md_get("MD5");
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 2351bfd..dfc2627 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1341,8 +1341,8 @@
}
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) &&
!defined(LIBRESSL_VERSION_NUMBER)
bool
-ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int
secret_len,
- uint8_t *output, int output_len)
+ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret,
size_t secret_len,
+ uint8_t *output, size_t output_len)
{
bool ret = true;
EVP_KDF_CTX *kctx = NULL;
@@ -1368,9 +1368,9 @@
params[0] =
OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, SN_md5_sha1,
strlen(SN_md5_sha1));
params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
(uint8_t *)secret,
- (size_t)secret_len);
+ secret_len);
params[2] =
- OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, (uint8_t
*)seed, (size_t)seed_len);
+ OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, (uint8_t
*)seed, seed_len);
params[3] = OSSL_PARAM_construct_end();
if (EVP_KDF_derive(kctx, output, output_len, params) <= 0)
@@ -1392,15 +1392,15 @@
}
#elif defined(OPENSSL_IS_AWSLC)
bool
-ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec, int
slen, uint8_t *out1,
- int olen)
+ssl_tls1_PRF(const uint8_t *label, size_t label_len, const uint8_t *sec,
size_t slen, uint8_t *out1,
+ size_t olen)
{
CRYPTO_tls1_prf(EVP_md5_sha1(), out1, olen, sec, slen, label, label_len,
NULL, 0, NULL, 0);
}
#elif !defined(LIBRESSL_VERSION_NUMBER) && !defined(ENABLE_CRYPTO_WOLFSSL)
bool
-ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int
secret_len,
- uint8_t *output, int output_len)
+ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret,
size_t secret_len,
+ uint8_t *output, size_t output_len)
{
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
if (!pctx)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 84ef4fb..17065aa 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1294,10 +1294,10 @@
}
static bool
-openvpn_PRF(const uint8_t *secret, int secret_len, const char *label, const
uint8_t *client_seed,
- int client_seed_len, const uint8_t *server_seed, int
server_seed_len,
+openvpn_PRF(const uint8_t *secret, size_t secret_len, const char *label, const
uint8_t *client_seed,
+ size_t client_seed_len, const uint8_t *server_seed, size_t
server_seed_len,
const struct session_id *client_sid, const struct session_id
*server_sid,
- uint8_t *output, int output_len)
+ uint8_t *output, size_t output_len)
{
/* concatenate seed components */
diff --git a/tests/unit_tests/openvpn/test_crypto.c
b/tests/unit_tests/openvpn/test_crypto.c
index de8f9fe..77834e8 100644
--- a/tests/unit_tests/openvpn/test_crypto.c
+++ b/tests/unit_tests/openvpn/test_crypto.c
@@ -161,7 +161,7 @@
uint8_t out[32];
- bool ret = ssl_tls1_PRF(seed, (int)seed_len, secret, (int)secret_len, out,
sizeof(out));
+ bool ret = ssl_tls1_PRF(seed, seed_len, secret, secret_len, out,
sizeof(out));
#if defined(LIBRESSL_VERSION_NUMBER) || defined(ENABLE_CRYPTO_WOLFSSL)
/* No TLS1 PRF support in these libraries */
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1135?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ic88cd6e143bc48cab3c9ebb7c7007513803bd199
Gerrit-Change-Number: 1135
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-MessageType: newchange
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
