From: Steffan Karger Date: Tue, 22 Nov 2016 20:09:26 +0000 (+0100) Subject: generate_key_expansion: make assumption explicit, use C99 features X-Git-Tag: v2.4_beta2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48d41413c4b181e00769cdb83ccfe179299ad8e4;p=thirdparty%2Fopenvpn.git generate_key_expansion: make assumption explicit, use C99 features This function potentially allocates memory, and can therefor not be run again on an initialized key_ctx_bi. Make this explicit by adding an error if someone tries do to this anyway. While touching the function, cleanup it up a bit to make up for the added lines of code. Signed-off-by: Steffan Karger Acked-by: Gert Doering Message-Id: <1479845366-15774-1-git-send-email-steffan@karger.me> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13202.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 97e9aaba2..16b9cb7b0 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1620,13 +1620,15 @@ generate_key_expansion (struct key_ctx_bi *key, const struct session_id *server_sid, bool server) { - uint8_t master[48]; - struct key2 key2; + uint8_t master[48] = { 0 }; + struct key2 key2 = { 0 }; bool ret = false; - int i; - CLEAR (master); - CLEAR (key2); + if (key->initialized) + { + msg (D_TLS_ERRORS, "TLS Error: key already initialized"); + goto exit; + } /* debugging print of source key material */ key_source2_print (key_src); @@ -1662,7 +1664,7 @@ generate_key_expansion (struct key_ctx_bi *key, key2_print (&key2, key_type, "Master Encrypt", "Master Decrypt"); /* check for weak keys */ - for (i = 0; i < 2; ++i) + for (int i = 0; i < 2; ++i) { fixup_key (&key2.keys[i], key_type); if (!check_key (&key2.keys[i], key_type))