Address SSLv3 removal nits

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a6723e1b6678f332ad1575b384ddaeebf9fd3ef2..a9b229fca3cdb908b186652b414eb2dfee6cee49 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -55,8 +55,8 @@ static ossl_inline int received_server_cert(SSL_CONNECTION *sc)
 static ossl_inline int cert_req_allowed(SSL_CONNECTION *s)
 {
     /* TLS does not like anon-DH with client cert */
-    if ((s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)
-        || (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
+    if ((s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL) != 0
+        || (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)) != 0)
         return 0;
 
     return 1;

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e511da8585ce77ae59ac57e7c4d3c65bd19fe7c4..db99d49706eb704de196e805546019b8b1ffe9a3 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2665,7 +2665,7 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
 
 CON_FUNC_RETURN tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt)
 {
-    if (!s->s3.tmp.cert_request) {
+    if (s->s3.tmp.cert_request == 0) {
         if (!ssl3_digest_cached_records(s, 0)) {
             /* SSLfatal() already called */
             return CON_FUNC_ERROR;